病毒路径:C:\WINDOWS\system32\drivers\FAD.sys......病毒名:Rootkit.FileProt.a

病毒路径:C:\WINDOWS\system32\drivers\Anfad.sys.....病毒名:Rootkit.RegProt.a.


文件无法删除.显示的状态为重新启动.555555555

然后我还在安全模式下用KILLBOX查杀,一点用处都没有...

附上
HijackThis@Qoo的扫描日志:

Scan saved at 17:07:20, on 2006-5-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QQ2005\TIMPlatform.exe
C:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe
C:\Program Files\QQ2005\QQ.exe
C:\WINDOWS\system32\ServeHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\黑客查毒\HijackThis.exe

R3 - URLSearchHook:
O2 - BHO: xBarHelper.MoveCatchPic - {0CF098A0-CBAC-4EFB-8451-3AFC201C7222} - C:\Program Files\xBar\xBarHelper.dll
O2 - BHO: (no name) - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: (no name) - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {33C3992F-1963-49BE-88D7-974C8EE564B5} - C:\WINDOWS\system32\MsHelper.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: (no name) - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\IEHpr.dll
O2 - BHO:
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [xBarUpdate] C:\Program Files\xBar\xBarUpdate.exe
O4 - HKLM\..\Run: [IESAddr] RunDll32 "C:\WINDOWS\Downlo~1\Gladiator.dll",Boot
O4 - HKLM\..\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\QQ2005\AddEmotion.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O11 - Options group: [!CNS] 

我看不懂5555555555.

【回复“我是咴咴”的帖子】
C:\WINDOWS\system32\drivers\FAD.sys
C:\WINDOWS\system32\drivers\Anfad.sys
这两个是中搜流氓的驱动

开机时按住F8
选择“带命令行提示的安全模式”进入系统
attrib -s -h -r C:\WINDOWS\system32\drivers\FAD.sys
del C:\WINDOWS\system32\drivers\FAD.sys

C:\WINDOWS\system32\drivers\Anfad.sys方法同上

55555555555555555我试一下哦,谢谢不言....

http://blog.sina.com.cn/u/1034488164                             
以上我自己制作的个人主页，请下载使用 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描

，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来.

志文件内容复制-粘贴上来