我单位服务器近几天出现病毒，机器内的所有EXE文件及快捷方式都变成了一种图标（见下图），服务器过去安装的是“趋势杀毒”现在失灵，卸载又失败。而这个破东西又很是“流氓”，不卸载的情况下再装别的杀毒软件就会“死机”。所以请各位帮忙出点主意，谢谢！

这到底是什么病毒啊？我用熊猫烧香专杀查杀了一遍，第一次查出病毒（Nimaya），再重起查杀就没了，可是图标还是不变，一些应用程序还是不好用。
我现在就下载考日志。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><C:\WINNT\system32\awgina.dll>  [Symantec Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[pcAnywhere Host Service / awhost32][Stopped/Auto Start]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia JRun Admin Server / JRun Admin][Running/Auto Start]
  <"D:\shenglain\JRun4\bin\jrunsvc.exe"><Macromedia Inc.>
[Macromedia JRun Default Server / JRun Default][Running/Auto Start]
  <"D:\shenglain\JRun4\bin\jrunsvc.exe"><Macromedia Inc.>
[OfficeScanNT 实时扫描 / ntrtscan][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[OracleOraHome81Agent / OracleOraHome81Agent][Stopped/Manual Start]
  <D:\oracle\ora81\bin\dbsnmp.exe><Oracle Corporation>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache][Running/Auto Start]
  <D:\oracle\ora81\BIN\ONRSD.EXE><N/A>
[OracleOraHome81DataGatherer / OracleOraHome81DataGatherer][Stopped/Manual Start]
  <D:\oracle\ora81\bin\vppdc.exe><Oracle Corporation>
[OracleOraHome81HTTPServer / OracleOraHome81HTTPServer][Stopped/Manual Start]
  <D:\oracle\ora81\Apache\Apache\Apache.exe><N/A>
[OracleOraHome81PagingServer / OracleOraHome81PagingServer][Stopped/Manual Start]
  <D:\oracle\ora81/bin/pagntsrv.exe><N/A>
[OracleOraHome81TNSListener / OracleOraHome81TNSListener][Running/Auto Start]
  <D:\oracle\ora81\BIN\TNSLSNR ><N/A>
[OracleServiceORCL / OracleServiceORCL][Running/Auto Start]
  <d:\oracle\ora81\bin\ORACLE.EXE ORCL><Oracle Corporation>
[Serv-U FTP 服务器 / Serv-U][Running/Auto Start]
  <C:\Program Files\Serv-U\ServUDaemon.exe><Cat Soft>
[OfficeScanNT 侦听程序 / tmlisten][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
  <"C:\WINNT\system32\WatchClient.exe" -service><>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions][Stopped/Auto Start]
  <NetManager.exe -exe_start><N/A>

==================================
驱动程序
[atirage3 / atirage3][Running/Manual Start]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[awlegacy / awlegacy][Running/System Start]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST][Running/System Start]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[3Com EtherLink XL B/C Adapter Driver / EL90BC][Running/Manual Start]
  <System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[mraid2k / mraid2k][Running/Boot Start]
  <\SystemRoot\system32\drivers\mraid2k.sys><LSI Logic Corporation>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINNT\system32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Trend Micro Filter / TmFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmFilter.sys><Trend Micro Inc.>
[Common Firewall Driver / TM_CFW][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys><Trend Micro Inc.>
[VRVFW / VRVFW][Running/Boot Start]
  <\SystemRoot\system32\VrvFw.sys><北信源>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINNT\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
  {08D75BB0-D2B5-11D1-88FC-0080C859833B} <, N/A>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
  {08D75BC1-D2B5-11D1-88FC-0080C859833B} <, N/A>
[Encrypt Class]
  {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
  {5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[Java Plug-in 1.4.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.0]
  {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
[PID: 208][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [C:\WINNT\system32\awgina.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\WINNT\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 236][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
[PID: 248][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
[PID: 448][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [C:\WINNT\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 476][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [C:\WINNT\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINNT\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
[PID: 1040][d:\oracle\ora81\bin\ORACLE.EXE]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oraclient8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oracore8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranls8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oravsn8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oracommon8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orageneric8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranl8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oran8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orancrypt8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranro8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orannzsbb8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranldap8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oraldapclnt8.dll]  [Oracle Corporation, 8.1.5.0.0]
    [d:\oracle\ora81\bin\oranhost8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranoname8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orancds8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orantns8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orannds8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranms.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oranmsp.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\ORATRACE8.dll]  [N/A, ]
    [d:\oracle\ora81\bin\orapls8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\oraslax8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\orawtc8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\orasql8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oraplp8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\oradbicx8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\orajox8.dll]  [N/A, ]
    [d:\oracle\ora81\bin\orawwg8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [d:\oracle\ora81\bin\oransgr8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, ]
    [D:\oracle\ora81\BIN\ORAIMR8.Dll]  [Oracle Corporation, 8.1.7.0.0]
    [D:\oracle\ora81\bin\oranbeq8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [D:\oracle\ora81\bin\orannts8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [C:\WINNT\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
    [D:\oracle\ora81\bin\orantcp8.dll]  [Oracle Corporation, 8.1.7.0.0]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_rdbms.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_io.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_util.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_vm.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_security.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang_reflect.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_gss_util.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_io.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang_ref.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_security_action.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_misc.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_sql.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_sql.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_security_provider.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_driver.dll]  [N/A, ]
    [D:\oracle\ora81\bin\corejava.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_math.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_rdbms_security.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_realm.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_kprb.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_dbaccess.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_memoryManager.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_net.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d26a7a79_internal_oracle_aurora_mts_http_admin.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_namespace_shell.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_net.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_security.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_security_acl.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8javax_naming.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_namespace.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8javax_naming_directory.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_util.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_namespace_rdbms.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_mts_session.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_security_util.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_applet.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_rdbms_url_jserver.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8javax_naming_spi.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_mts_session_rdbms.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8_e2d25a092e_internal_oracle_aurora_mts.dll]  [N/A, ]
    [D:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_text.dll]  [N/A, ]

[PID: 2096][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINNT\System32\pdm.dll]  [Microsoft Corporation, 6.00.8424]
    [C:\WINNT\System32\msdbg.dll]  [Microsoft Corporation, 6.00.8424]
    [C:\WINNT\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
[PID: 1184][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 7.0.0.1206]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, ]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
    [C:\Program Files\Trend Micro\OfficeScan Client\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.0.0.1116]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
    [C:\WINNT\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
[PID: 1252][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
[PID: 1688][C:\WINNT\System32\mdm.exe]  [Microsoft Corporation, 6.00.8424]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINNT\System32\msdbg.dll]  [Microsoft Corporation, 6.00.8424]
[PID: 672][H:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINNT\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：NtOpenProcess (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：ZwOpenProcess (危险等级: 一般,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：RegOpenKeyExW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：RegDeleteKeyW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：FindFirstFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：FindFirstFileW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)
入口点错误：FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\VrvHook.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

估计什么时候能给解决？我等！谢谢你！！

等了一天怎么还是没人帮忙？！求各位啦！

引用:

【西双版纳椰林的贴子】这是灰鸽子病毒吗？表面看来是symantec公司出品的著名的远程控制软件pcAnywhere呢！！！！！这台服务器是被人远程控制过了。 ………………

这事怪我没说明白，pcAnywhere是我安装的，用来远程控制，我只是在桌面上随意选取了这个图标。快捷方式和可执行文件都没变，就是图标全变啦。
另外，我在安全模式下也卸载不了，在控制面板的填加删除程序中也找不到“趋势杀毒”。

太感谢啦！我这就试试去。

我按照方法做了，出现一些问题：
1、用几个工具清除恶意软件时，没有查出来。
2、运行工具 SREng时，出现下面的提示：