详细我就不说了（共享目录回有GAMESETUP.EXE文件），邮件服务中心我发送了详细情况，由于我中毒机器无法运行压缩软件，所以我将诊断信息贴在这里，希望你们能看到，给予我们回复与指导（我们已经使用最新瑞星专杀工具和针对熊猫烧香的专杀工具了：金山等）
先贴控制中心诊断：未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\SYSTEM32\RSMSINK.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\PSNTMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\SYSTEM32\MSDTC.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
E:\软件工具\工具软件\TOOL\最昂贵的磁盘碎片整理工具汉化绿色特别版\OODAG.EXE
E:\软件工具\工具软件\TOOL\最昂贵的磁盘碎片整理工具汉化绿色特别版\OODAGRS.DLL

C:\WINDOWS\SYSTEM32\WINS.EXE
C:\WINDOWS\SYSTEM32\DFSSVC.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\RSSERV.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SFRES.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
E:\软件工具\网络安全\瑞星听诊器\RSDETECT.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
RavTray = "D:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE"
IMSCMig = C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /PRELOAD
RavTask = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{E5A1691B-D188-4419-AD02-90002030B8EE} = C:\PROGRA~1\FlashFXP\IEFlash.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkipx [IPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD nwlnkspx [SPX II] [Pseudo Stream] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B621F0-4229-441C-8AD8-FCE9EC1B4790}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{56B621F0-4229-441C-8AD8-FCE9EC1B4790}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{86D1A5CF-FEA0-4ABF-B196-74967AA0F28B}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{86D1A5CF-FEA0-4ABF-B196-74967AA0F28B}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{44607275-A896-4CBE-97F9-02B2386D79CF}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{44607275-A896-4CBE-97F9-02B2386D79CF}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AtWork = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BINLSVC = C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dfs = C:\WINDOWS\SYSTEM32\DFSSVC.EXE
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
DHCPServer = C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DNS = C:\WINDOWS\SYSTEM32\DNS.EXE
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WINERR
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Groveler = C:\WINDOWS\SYSTEM32\GROVEL.EXE
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\LSASS.EXE
IAS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
IISADMIN = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
IsmServ = C:\WINDOWS\SYSTEM32\ISMSERV.EXE
kdc = C:\WINDOWS\SYSTEM32\LSASS.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LanmanWorkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LicenseService = C:\WINDOWS\SYSTEM32\LLSSRV.EXE
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtFrs = C:\WINDOWS\SYSTEM32\NTFRS.EXE
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
O&O Defrag = E:\软件工具\工具软件\TOOL\最昂贵的磁盘碎片整理工具汉化绿色特别版\OODAG.EXE
ose = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RavAgent = D:\PROGRAM FILES\RISING\RAV\RAVAGENT.EXE
RavAlert = D:\PROGRAM FILES\RISING\RAV\RAVALERT.EXE
RavService = "D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE" /SERVICE
RavUpdate = "D:\PROGRAM FILES\RISING\RAV\RAVUPDATE.EXE"
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K REGSVC
Remote_Storage_Server = C:\WINDOWS\SYSTEM32\RSSERV.EXE
Remote_Storage_User_Link = C:\WINDOWS\SYSTEM32\RSLNK.EXE
RNReport = "D:\PROGRAM FILES\RISING\RAV\RNREPORT.EXE"
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
RSoPProv = C:\WINDOWS\SYSTEM32\RSOPPROV.EXE
RsRavMon = "D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
sacsvr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SimpTcp = C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
SoSCAR = C:\WINDOWS\SYSTEM32\RUN32.EXE C:\WINDOWS\SYSTEM32\WBEM\NOYYHC97.DLL,EXPORT 1087
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
swprv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K SWPRV
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K TAPISRV
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K TERMSVCS
TFTPD = C:\WINDOWS\SYSTEM32\TFTPD.EXE
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkSvr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Tssdis = C:\WINDOWS\SYSTEM32\TSSDIS.EXE
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
vds = C:\WINDOWS\SYSTEM32\VDS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
W3SVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IISSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
WinHttpAutoProxySvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WINS = C:\WINDOWS\SYSTEM32\WINS.EXE
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
DfsDriver = C:\WINDOWS\SYSTEM32\DRIVERS\DFS.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
RSFilter = C:\WINDOWS\SYSTEM32\DRIVERS\RSFILTER.SYS
SIS = C:\WINDOWS\SYSTEM32\DRIVERS\SIS.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
agp440 = C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
als4k = C:\WINDOWS\SYSTEM32\DRIVERS\3DSTORM2.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
ClusDisk = C:\WINDOWS\SYSTEM32\DRIVERS\CLUSDISK.SYS
crcdisk = C:\WINDOWS\SYSTEM32\DRIVERS\CRCDISK.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = D:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
FETNDIS = C:\WINDOWS\SYSTEM32\DRIVERS\FETND5.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
G400DH = C:\WINDOWS\SYSTEM32\DRIVERS\G400DHM.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = D:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = D:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = D:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HOSTNT = C:\WINDOWS\SYSTEM32\DRIVERS\HOSTNT.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = D:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
MHDRV = C:\WINDOWS\SYSTEM32\DRIVERS\MHDRV.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
NwlnkIpx = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKIPX.SYS
NwlnkNb = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS
NwlnkSpx = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
Parvdm = C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RCMHDOG = C:\WINDOWS\SYSTEM32\DRIVERS\RCMHDOG.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
ScsiPort = C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbscan = C:\WINDOWS\SYSTEM32\DRIVERS\USBSCAN.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
VolSnap = C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WLBS = C:\WINDOWS\SYSTEM32\DRIVERS\WLBS.SYS

随机抽取客户端诊断信息：
未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.JINHAI\桌面\RSDETECT.EXE
C:\WINNT\EXPLORER.EXE
C:\WINNT\APPPATCH\ACLAYERS.DLL
C:\WINNT\SYSTEM32\ACSIGNICON.DLL
C:\WINNT\SYSTEM32\333B5F0C.DLL
C:\WINNT\SYSTEM32\WSD_SOCK32.DLL
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL
C:\WINNT\SYSTEM32\RAVEXT.DLL
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\WINNT\SYSTEM32\MSACM32.DRV
C:\WINNT\SYSTEM32\Z.DLL
C:\WINNT\SYSTEM32\KAVA.DLL
C:\WINNT\SYSTEM32\SHSE.DLL
C:\WINNT\SYSTEM32\CMD.DLL
C:\WINNT\SYSTEM32\MSADP32.ACM

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINNT\SYSTEM32\ACSIGNICON.DLL
C:\WINNT\SYSTEM32\WSD_SOCK32.DLL
C:\WINNT\SYSTEM32\MACROMED\FLASH\FLASH9B.OCX
C:\WINNT\SYSTEM32\WDMAUD.DRV
C:\WINNT\SYSTEM32\MSACM32.DRV
C:\WINNT\SYSTEM32\INETCPL.CPL
C:\WINNT\SYSTEM32\MSADP32.ACM
C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ACSIGNCORE16.DLL

C:\WINNT\ZAQ5.EXE
C:\WINNT\SYSTEM32\INTERNAT.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\SYSTEM32\WDMAUD.DRV

C:\WINNT\SYSTEM32\CONIME.EXE

普通自启动项
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Internat.exe = INTERNAT.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
C:\Autorun.inf
AUTORUN = setup.exe

D:\Autorun.inf
AUTORUN = setup.exe

WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = (无)


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\WSD_SOCK32.DLL
MT-TcpFilter = C:\WINNT\SYSTEM32\WSD_SOCK32.DLL
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB036DFF-8F47-4FC6-A9A8-DEBFBE850C13}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB036DFF-8F47-4FC6-A9A8-DEBFBE850C13}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D181E92F-3F75-4E86-AC5B-40C6BFBDECD5}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D181E92F-3F75-4E86-AC5B-40C6BFBDECD5}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{938A337B-5F9E-4B6F-B6DF-36FA0FFD6965}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{938A337B-5F9E-4B6F-B6DF-36FA0FFD6965}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL

系统服务项

文件驱动

系统驱动项

楼主,我和你的问题基本上一样,还没有解决方法呀!急呀!