只要启动IE 新窗口,就会出现一个自动弹出窗口,地址是http:///
这是什么玩意啊,怎么才能把它弄掉啊

system is being attacked!

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
www.27814939.ys168.com
日志一次粘不完，分次粘完，不要修改。

system is being attacked!
这个我也看到
就在上这个反病毒论坛时看到的
请问是什么问题啊

2006-05-15,21:18:59

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <iDuba Personal FireWall><F:\金山\毒霸6\KAVPFW.EXE>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <z-wrdialer><rem C:\Program Files\WinPoET\iVasionWinPoET.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <a-winpoet-service><C:\Program Files\WinPoET\WinPPPoverEthernet.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <iDuba Personal FireWall><F:\金山\毒霸6\KAVPFW.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KAVRUN><F:\金山\毒霸6\KAVRUN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <POPO2004><F:\Program Files\Netease\popo2004\Start.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
  <Windows Update System Shell><svhostcs32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <2 - 系统找不到指定的文件。
><N/A>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WinPPPoverEthernet / WinPPPoverEthernet]
  <C:\Program Files\WinPoET\WrOS.EXE><iVasion, a Routerware Company>

==================================
浏览器加载项
[MonitorURL Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\System32\wmpdrm.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <F:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Router Video 40]
  {8465D755-AFE0-40ef-BC5E-2290D2C1F31F} <C:\WINNT\System32\rv40.dll, Router  Video>
[NewWebController Class]
  {9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\WinSC.dll, N/A>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC32.dll, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[使用网际快车下载]
  <E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\Program Files\FlashGet\jc_all.htm, N/A>
[反向链接]
  <res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
  <F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[百度--MP3搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A>
[百度--图片搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A>
[百度--新闻搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A>
[百度--歌词搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A>
[百度--网页搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A>
[百度--词典搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A>
[百度--贴吧搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A>
[类似网页]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246, N/A>

==================================

[PID: 1460][C:\WINNT\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.00.2140.1>
[PID: 1296][C:\WINNT\regedit.exe]  <Microsoft Corporation><5.00.2195.6707>
[PID: 1288][F:\备份\日志扫描\HijackThis.exe]  <Soeperman Enterprises Ltd.><1.99.0001>
[PID: 1348][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3427>
[PID: 1648][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\PROGRA~1\DESKAD~1\deskipn.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 0, 2, 1015>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll]  <Yahoo.><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 3, 1023>
    [F:\Program Files\Tencent\qq\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 76>
    [C:\WINNT\System32\rv40.dll]  <Router  Video><4, 0, 2003, 1128>
    [C:\WINNT\system32\WinSC.dll]  <N/A><N/A>
    [C:\WINNT\system32\WinSC32.dll]  <N/A><N/A>
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\WINNT\system32\socul.dll]  <><1, 0, 1, 1>
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINNT\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINNT\system32\upengine.dll]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasnoad.dll]  <><1, 0, 0, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  <Yahoo><1, 0, 4, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  <N/A><N/A>
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 1, 6>
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  <Yahoo><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  <Yahoo><1, 0, 1, 1000>
[PID: 1664][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\PROGRA~1\DESKAD~1\deskipn.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 0, 2, 1015>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll]  <Yahoo.><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 3, 1023>
    [F:\Program Files\Tencent\qq\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 76>
    [C:\WINNT\System32\rv40.dll]  <Router  Video><4, 0, 2003, 1128>
    [C:\WINNT\system32\WinSC.dll]  <N/A><N/A>
    [C:\WINNT\system32\WinSC32.dll]  <N/A><N/A>
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  <Yahoo><1, 0, 1, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasnoad.dll]  <><1, 0, 0, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [E:\PROGRA~1\FLASHGET\fgiebar.dll]  <Amaze Soft><1, 2, 0, 0>
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1260][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 3, 1023>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  <Yahoo><1, 0, 1, 1000>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasnoad.dll]  <><1, 0, 0, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 0, 2, 1015>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 76>
    [C:\PROGRA~1\DESKAD~1\deskipn.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll]  <Yahoo.><1, 0, 1, 1001>
    [F:\Program Files\Tencent\qq\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [C:\WINNT\System32\rv40.dll]  <Router  Video><4, 0, 2003, 1128>
    [C:\WINNT\system32\WinSC.dll]  <N/A><N/A>
    [C:\WINNT\system32\WinSC32.dll]  <N/A><N/A>
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINNT\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [C:\WINNT\system32\upengine.dll]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  <Yahoo><1, 0, 4, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  <N/A><N/A>
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 1, 6>
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  <Yahoo><1, 0, 1, 1001>
[PID: 504][F:\备份\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

【回复“volin”的帖子】
系统掉数据请等待

【回复“尤利耶尔”的帖子】
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Windows Update System Shell><svhostcs32.exe>
木马
如果不能搞掂，请找到svhostcs32.exe，打包，发到：baohelin@yahoo.com.cn。

那就依版主说先搞一下吧。
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中服务Macromedia Licensing Service，选择“删除所选服务”“否”
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
（如果在注册表里无法识别那一下，可以选中一项后，点“编辑”这样会有很明细的路径）
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Windows Update System Shell><svhostcs32.exe>
关闭所有浏览窗口以及一些不必要的程序
运行System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项
wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\System32\wmpdrm.dll, N/A>
Router Video 40]
{8465D755-AFE0-40ef-BC5E-2290D2C1F31F} <C:\WINNT\System32\rv40.dll, Router Video>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINNT\system32\WinSC.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC32.dll, N/A

双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
删除
svhostcs32.exe不知在那，搜一下。
C:\WINNT\system32\WinSC32.dll
C:\WINNT\system32\WinSC.dll
C:\WINNT\System32\rv40.dll
C:\WINNT\System32\wmpdrm.dll,