我的电脑最近中了 Backdoor.GPigeon.vla 病毒
我知道这是灰鸽子木马，不过好像是最新的变种，到网上查了下好像说瑞星杀不干净，事实上我用瑞星也是常杀常有，一开机或者过一段时间就有，上网查不到具体的杀法，介绍的不清楚，请高手来帮忙解决。
再问个问题，就是瑞星卡卡助手的扫描和hijackthis的扫描哪个更好？
下面我把他们扫描结果贴上来。

卡卡扫描：
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 14:42:12, on 2006-08-07
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[dllhost.exe]
CommandLine = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

[Crypserv.exe]
CommandLine = crypserv.exe

[inetinfo.exe]
CommandLine = C:\WINDOWS\system32\inetsrv\inetinfo.exe

[nvsvc32.exe]
CommandLine = C:\WINDOWS\system32\nvsvc32.exe

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[CCenter.exe]
CommandLine = D:\PTOOLS\RISING\RAV\CCENTER.EXE

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[tcpsvcs.exe]
CommandLine = C:\WINDOWS\system32\tcpsvcs.exe

[snmp.exe]
CommandLine = C:\WINDOWS\System32\snmp.exe

[NvMixerTray.exe]
CommandLine = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[dllhost.exe]
CommandLine = C:\WINDOWS\system32\dllhost.exe /Processid:{546440B9-EBFE-4CEF-AAD0-D954B2593CFF}

[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe

[PFW.exe]
CommandLine = "D:\PTools\SkyNet\FireWall\pfw.exe"

[vssvc.exe]
CommandLine = C:\WINDOWS\System32\vssvc.exe

[RavTask.exe]
CommandLine = "D:\PTOOLS\RISING\RAV\RAVTASK.EXE" -SYSTEM

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[msdtc.exe]
CommandLine = C:\WINDOWS\system32\msdtc.exe

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[Rav.exe]
CommandLine = D:\PTools\rising\Rav\Rav.exe /SHELLEXT

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\PTools\Sandai Technologies Inc\xulei5\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PTools\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTask] "D:\PTools\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - D:\PTools\Sandai Technologies Inc\xulei5\Program\GetUrl.htm
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\cn_spi.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\cn_spi.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E056C30-ACB0-402A-92A7-8EEA6CD8240D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E439AE-C5BA-4CB6-B767-667EB545CC14}: NameServer = 192.168.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: Autodesk Licensing Service (Autodesk Licensing Service) - Autodesk, Inc. - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: Crypkey License (Crypkey License) - Kenonic Controls Ltd. - crypserv.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - キングソフト株式会社 - "D:\Program Files\KAV2005\KPfwSvc.EXE"
O23 - Service: Msupdate (Msupdate) -  - C:\WINDOWS\helps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Logical Disk Managex (Provides system and desktop ) -  - C:\WINDOWS\Messenger.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\PTOOLS\RISING\RAV\CCENTER.EXE
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs

hijackthis扫描

以下为HijackThis扫描：
Logfile of HijackThis v1.99.1
Scan saved at 14:54:27, on 2006-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
D:\PTOOLS\RISING\RAV\CCENTER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
D:\PTools\SkyNet\FireWall\pfw.exe
C:\WINDOWS\System32\vssvc.exe
D:\PTools\rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PTools\rising\Rav\Rav.exe
C:\Program Files\Rising\KakaToolBar\KkScan.exe
C:\WINDOWS\system32\notepad.exe
D:\PTools\rising\Rav\RsLogVw.exe
D:\Program Files\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\PTools\Sandai Technologies Inc\xulei5\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\PTools\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTask] "D:\PTools\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\PTools\Sandai Technologies Inc\xulei5\Program\GetUrl.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cn_spi.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E056C30-ACB0-402A-92A7-8EEA6CD8240D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{75E439AE-C5BA-4CB6-B767-667EB545CC14}: NameServer = 192.168.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Logical Disk Managex (Provides system and desktop ) - Unknown owner - C:\WINDOWS\Messenger.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\PTOOLS\RISING\RAV\CCENTER.EXE

我倒是能看懂一点可是这么多
不知道如何在这繁杂的信息中找出头绪
请高手指点如何看这扫描结果？
有什么规律和特点。

开始 运行 输入 services.msc 找到 Logical Disk Managex (Provides system and desktop ) 双击 停止并且将启动类型改为 已禁用
开始 运行 输入regedit 分别定位到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services（X代表任意，比如1，2 ，3……）
查找 Logical Disk Managex (Provides system and desktop ) 目录，查到的清删除整个目录
重启计算机
显示所有文件并且显示隐藏的系统文件
删除如下文件C:\WINDOWS\Messenger.exe

谢谢哦！！！！