昨天单位内部部署的电脑发现如下情况：

环境： 内部网络（不直接连接互联网）
已安装瑞星网络行业专用版，版本至20.88

电脑出现如下情况：

1、出现“svchost.exe应用程序错误”弹出窗口。
2、部分电脑无法上网。
3、共享文件夹和共享打印机无法使用。
4、右下角喇叭图标双击出现“无法找到混音设备。。。。等”信息。
5、SYSTEM32文件夹中出现“随机二位数”.scr文件。 从01-99随机。
6、进程中可以看到有若干随机二位数.scr进程。

请问，是什么病毒造成的？有补丁吗？有专杀工具吗？

请瑞星公司的技术上来看一下。谢谢！！！

我在线等。。。。。。。

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MAXTHON 2.0)

2009-04-10,11:19:19
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <netmon><C:\WINNT\system\netmon.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><stobject.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]
==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINNT\System32\Ati2evxx.exe><ATI Technologies Inc.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[KDDelegateService / KDDelegateService][Stopped/Manual Start]
  <d:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><KINGDEE>
[KDSvrMgrService / KDSvrMgrService][Running/Auto Start]
  <C:\WINNT\system32\KDCOM\KDSvrMgrService.exe><KINGDEE>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Information Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <d:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
  <"C:\WINNT\system32\WatchClient.exe" -service><>

==================================
驱动程序
[aaccin / aaccin][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aaccin.dll><Adaptec, Inc.>
[Adaptec SAS/SATA-II RAID Miniport Driver / aacsas][Running/Boot Start]
  <\SystemRoot\system32\drivers\aacsas.sys><Adaptec, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme II VBD / b06bdrv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bxvbdx.sys><Broadcom Corporation>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Broadcom NetXtreme II BXND / l2nd][Running/Manual Start]
  <System32\DRIVERS\bxnd50x.sys><Broadcom Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\rsfwdrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[VRVFW / VRVFW][Running/Boot Start]
  <\SystemRoot\system32\VrvFw.sys><北信源>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, (Signed) Microsoft Corporation>
[VideoClientControl Control]
  {7602B5D5-0AAB-4C79-B296-A0CE2607E123} <C:\WINNT\system32\VideoClient.ocx, >

==================================
正在运行的进程
[PID: 192 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 216 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 244 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
[PID: 272 / SYSTEM][C:\WINNT\system32\services.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 284 / SYSTEM][C:\WINNT\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7011]
[PID: 396 / SYSTEM][C:\WINNT\System32\termsrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6696]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 440 / SYSTEM][C:\WINNT\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINNT\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 556 / SYSTEM][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 596 / SYSTEM][C:\WINNT\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 628 / SYSTEM][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 644 / SYSTEM][C:\WINNT\system32\hidserv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 664 / SYSTEM][C:\WINNT\system32\KDCOM\KDSvrMgrService.exe]  [KINGDEE, 10, 3, 0, 1]
    [C:\WINNT\system32\KDCOM\KDSVRMGRHANDLEIMP.DLL]  [金蝶软件(中国)有限公司, 10.03]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
    [C:\WINNT\system32\KDCOM\KDSVRMGRHANDLE.DLL]  [KINGDEE, 10, 3, 0, 1]
[PID: 696 / SYSTEM][C:\WINNT\System32\llssrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7021]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 748 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\opends60.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlsort.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\ums.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 980 / NetShowServices][C:\WINNT\System32\WINDOW~1\Server\nspmon.exe]  [Microsoft Corporation, 4.1.00.3934]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1064 / NetShowServices][C:\WINNT\System32\WINDOW~1\Server\nscm.exe]  [Microsoft Corporation, 4.1.00.3934]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1304 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1320 / SYSTEM][C:\WINNT\system32\regsvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6701]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1404 / SYSTEM][C:\WINNT\system32\MSTask.exe]  [(Verified) Microsoft Corporation, 4.71.2195.6972]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1436 / SYSTEM][C:\WINNT\System32\tcpsvcs.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1480 / SYSTEM][C:\WINNT\system32\WatchClient.exe]  [, 6, 6, 24, 16]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1508 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe]  [(Verified) Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1512 / SYSTEM][C:\WINNT\System32\wins.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7005]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1596 / SYSTEM][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 1648 / SYSTEM][C:\WINNT\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6664]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1696 / SYSTEM][C:\WINNT\system32\vrvrf_c.exe]  [, 6, 6, 6, 30]
    [C:\WINNT\system32\vrvpwk.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\vrvfw_c.dll]  [, 1, 0, 0, 2]
    [C:\WINNT\system32\vrvrun_c.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\bkfile.dll]  [N/A, ]
    [C:\WINNT\system32\edpaudfliter.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1720 / SYSTEM][C:\WINNT\System32\dns.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7135]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1772 / SYSTEM][C:\WINNT\System32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 5.00.0984]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll]  [Microsoft Corporation, 2.0.50727.101 (QFE.050727-1000)]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1824 / SYSTEM][C:\WINNT\System32\msdtc.exe]  [(Verified) Microsoft Corporation, 1999.9.3421.3]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1860 / SYSTEM][C:\WINNT\system\netmon.exe]  [N/A, ]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 2324 / SYSTEM][C:\WINNT\system32\Vrvsafec.exe]  [edp, 7, 3, 23, 15]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 2428 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.9]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.9]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.9]
[PID: 2748 / NetShowServices][C:\WINNT\System32\WINDOW~1\Server\nspm.exe]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINNT\system32\tsd32.dll]  [, ]
    [C:\WINNT\system32\vct3216.acm]  [Voxware, Inc., 1.6.0.17]
    [C:\WINNT\system32\vct3216.dll]  [Voxware, Inc., 1.6.0.12]
    [C:\WINNT\system32\MSMS001.vwp]  [Voxware, Inc., 2.0.2.61]
    [C:\WINNT\system32\Mvoice.vwp]  [Voxware, Inc., 2.0.0.12.01]
    [C:\WINNT\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 2.80]
    [C:\WINNT\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 43]
    [C:\WINNT\System32\iac25_32.ax]  [Intel Corporation, 2.05.53]
[PID: 2776 / NetShowServices][C:\WINNT\System32\WINDOW~1\Server\nsum.exe]  [Microsoft Corporation, 4.1.00.3930]
[PID: 3164 / Administrator][C:\WINNT\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 3192 / Administrator][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINNT\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 3340 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 3368 / Administrator][C:\WINNT\system\netmon.exe]  [N/A, ]
    [C:\WINNT\system32\VrvHook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 3392 / Administrator][C:\WINNT\system32\internat.exe]  [(Verified) Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\VrvHook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 3432 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]

[C:\WINNT\system32\VrvHook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 3728 / SYSTEM][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 3804 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\VrvHook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINNT\system32\vrvctl.ocx]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
[PID: 860 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\Kdsvrmgr.dll]  [金蝶软件(中国)有限公司, 1.00]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
    [C:\WINNT\system32\KDLock.dll]  [kingdee, 1.00.0200]
    [C:\WINNT\system32\hwinfo.dll]  [N/A, ]
    [C:\WINNT\system32\KDCOM\MTSCACHESERVICE.DLL]  [kingdee, 1.00]
    [C:\WINNT\system32\KDVBF.dll]  [Kingdee, 9.00.1203]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\KFOX.dll]  [, 1, 0, 0, 1]
    [d:\Program Files\Kingdee\K3ERP\KDVERIFYCONTENT.DLL]  [, 1, 0, 0, 1]
[PID: 2692 / SYSTEM][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
[PID: 1392 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\EbsAutoUpt.dll]  [金蝶软件(中国)有限公司, 9.01.0326]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\KDVBF.dll]  [Kingdee, 9.00.1203]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
    [C:\WINNT\system32\KDCOM\EBSBse10.dll]  [Kingdee Corporation, 9.02.0619]
    [C:\WINNT\system32\KDCOM\K3MRightManage.dll]  [金蝶软件(中国)有限公司, 1.00]
[PID: 4252 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\EBSPA.dll]  [金蝶软件(中国)有限公司, 9.00.1203]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
    [C:\WINNT\system32\KFOX.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\KINGDEE\MEMFILE.OCX]  [KD, 10, 2, 0, 0]
    [C:\WINNT\system32\kdappsvr.dll]  [深圳金蝶软件(科技)有限公司, 9.0.0.1]
[PID: 1196 / SYSTEM][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 4292 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
[PID: 4476 / Administrator][C:\WINNT\system32\rdpclip.exe]  [(Verified) Microsoft Corporation, 5.00.2174.1]
[PID: 4540 / Administrator][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINNT\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 4576 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 4608 / Administrator][C:\WINNT\system32\internat.exe]  [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 4624 / Administrator][C:\WINNT\system\netmon.exe]  [N/A, ]
[PID: 4636 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 4028 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\EBSDataFlow.dll]  [金蝶软件(中国)有限公司, 1.00]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\KDCOM\MTSCACHESERVICE.DLL]  [kingdee, 1.00]
    [C:\WINNT\system32\KDVBF.dll]  [Kingdee, 9.00.1203]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
[PID: 4232 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\EBSGLItem.dll]  [金蝶软件(中国)有限公司, 9.08.1203]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 5104 / Administrator][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 5028 / Administrator][C:\WINNT\msagent\AgentSvr.exe]  [(Verified) Microsoft Corporation, 2.00.0.3424]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1892 / Administrator][C:\WINNT\system32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6692]
    [C:\WINNT\system32\vrvhook.dll]  [Microsoft Corporation, 6, 12, 18, 15]
    [C:\WINNT\system32\KDCOM\K3MBOSInstall.dll]  [金蝶软件(中国)有限公司, 1.00]
    [C:\WINNT\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\kfo10.dll]  [Kingdee Corporation, 10, 2, 0, 0]
[PID: 5220 / Administrator][D:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 5296 / Administrator][D:\sreng2\SRE232d4751.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1544 / SYSTEM][C:\WINNT\system32\VrvEdp_m.exe]  [, 6, 6, 20, 1490]
    [C:\WINNT\system32\Cipherop.dll]  [Cipherop, 6, 6, 18, 17]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 664, C:\WINNT\SYSTEM32\KDCOM\KDSVRMGRSERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 748, D:\PROGRA~1\MICROS~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1480, C:\WINNT\SYSTEM32\WATCHCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1696, C:\WINNT\SYSTEM32\VRVRF_C.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1860, C:\WINNT\SYSTEM\NETMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2324, C:\WINNT\SYSTEM32\VRVSAFEC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2428, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3368, C:\WINNT\SYSTEM\NETMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3432, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4624, C:\WINNT\SYSTEM\NETMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4636, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5220, D:\SRENG2\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

[/CODE]

已经把病毒样本 发到以下地址：
“直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx ”


请查收。

联系地址是：xiaogu2005@hotmail.com
谢谢。

我继续在线。。。

有专杀工具不？

没有。并不报错。

在XP的系统中，c:\windows\system下，也发现有netmon.exe
                        c:\windows\system32下面，发现有二位随机数.scr文件
现在跟有关联系过，告诉我可能是ms08-67漏洞，感染conficker.exe病毒，经我现在查杀，根本不是这个情况。

目前，XP系统有的安装MS08-67微软系统补丁生效，有的XP机器如果检查出netmon.exe和*.scr文件的，打了补丁也会出现时时无法访问网站的情况。
WINDOWS2000系统，微软系统补丁根本没用。

请问，这个什么病毒啊？？？？？

我提交了啊？？？！！！！

瑞星的技术大师呢？？？？？！！！

人呢？！？？？！？！？！