病毒名称是Backdoor.Gpigeon.2006.aeh名称是G_server2006key.dll和G_server2006.dll
下面是扫描的日志
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 21:43:30, on 2006-09-23
Platform: Microsoft Windows 2000 Professional  (Build 2195)
MSIE: Internet Explorer v6.00 SP1; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = C:\WINNT\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "E:\工具\瑞星软件\Rising\Rav\CCenter.exe"

[Ravmond.exe]
CommandLine = "E:\工具\瑞星软件\Rising\Rav\Ravmond.exe"

[spoolsv.exe]
CommandLine = C:\WINNT\system32\spoolsv.exe

[svchost.exe]
CommandLine = C:\WINNT\System32\svchost.exe -k netsvcs

[regsvc.exe]
CommandLine = C:\WINNT\system32\regsvc.exe

[MSTask.exe]
CommandLine = C:\WINNT\system32\MSTask.exe

[WinMgmt.exe]
CommandLine = C:\WINNT\System32\WBEM\WinMgmt.exe

[mspmspsv.exe]
CommandLine = C:\WINNT\System32\mspmspsv.exe

[RavStub.exe]
CommandLine = E:\工具\瑞星软件\Rising\Rav\RavStub.exe /RAVMOND

[Explorer.exe]
CommandLine = Explorer.exe

[racer.exe]
CommandLine = "C:\Program Files\racer-scn\racer.exe"

[RavTask.exe]
CommandLine = "E:\工具\瑞星软件\RISING\RAV\RAVTASK.EXE" -SYSTEM

[Ravmon.exe]
CommandLine = "E:\工具\瑞星软件\Rising\Rav\Ravmon.exe" -SYSTEM

[QQ.exe]
CommandLine = D:\蝴\QQ\QQ.exe

[TIMPlatform.exe]
CommandLine = D:\蝴\QQ\TIMPlatform.exe -Embedding

[qqpet.exe]
CommandLine = "D:\蝴\QQ\qqpet\qqpet.exe" 514401010600041200BDA8B9B2BD8C9F8C80B2899AA58C8389818804000000D4030D00040F00A0B5A4AFA09182919DAF9487A5999E0400000025ABED0D061100BEABBAB1BE8F9C8F83B19D9A9CA0878D8509000000D99C839B862230400F061000BFAABBB0BF8E9D8E82B09C9B9DA48A96400000008B89FBFBF9F98C86FB888B87FC87F98987FD898CFC8D878D8E888AFCFA8BFC868886FD88878D8AFE8B89FBFA898C87FBF988FB86FA8C8D89FC8F89F9FEFA86FB040100AE04000000B5321545021400BBAEBFB4BB8A998A86B488BB99849392BF929B8E0100000000

[Rav.exe]
CommandLine = "E:\工具\瑞星软件\Rising\Rav\Rav.exe"

[RsAgent.exe]
CommandLine = "E:\工具\瑞星软件\Rising\Rav\RsAgent.exe"

[AgentSvr.exe]
CommandLine = C:\WINNT\msagent\AgentSvr.exe -Embedding

[KillProc.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KillProc.exe"

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

[TTraveler.exe]
CommandLine = "C:\Program Files\Tencent\TT\TTraveler.exe" "http://tool.ikaka.com/onlinehelp/scan.htm?u=RSTB"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINNT\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.163.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\ddt\ddtinit.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\蝴\QQ\QQIEHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - D:\ddt\ddtkillw.ocx
O2 - BHO: 珊瑚虫工具栏 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\蝴\0810_mydown_8\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\System32\kakatool.dll
O3 - Toolbar: 珊瑚虫工具栏 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\ddt\DDTONG~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [racer] C:\Program Files\racer-scn\racer.exe
O4 - HKLM\..\Run: [RavTask] "E:\工具\瑞星软件\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINNT\System32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - Startup: 腾讯QQ.lnk = D:\2006beta3\QQ.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = D:\蝴\QQ\CoralQQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - D:\蝴\0810_mydown_8\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\蝴\0810_mydown_8\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\2006beta3\AddToNetDisk.htm
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - D:\ddt\sinadl.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\2006beta3\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\2006beta3\AddEmotion.htm
O8 - Extra context menu item: 珊瑚虫搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\2006beta3\SendMMS.htm
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\蝴\0810_mydown_8\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\蝴\0810_mydown_8\Thunder\Thunder.exe
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\System32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\2006beta3\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\2006beta3\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\蝴\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\蝴\QQ\QQIEHelper.dll
O9 - Extra Button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINNT\System32\shdocvw.dll
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C41ED90-C61B-457F-A0B9-DE65C5F19866}: NameServer = 202.102.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF0E9FE6-366B-40F8-81E9-2E0791DE1C01}: NameServer = 202.102.154.3 202.102.152.3
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe /com
O23 - Service: sdfa (fsda) -  - C:\WINNT\G_Server2006.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "E:\工具\瑞星软件\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "E:\工具\瑞星软件\Rising\Rav\Ravmond.exe"

O23 - Service: sdfa (fsda) - - C:\WINNT\G_Server2006.exe
删除,灰鸽子

开始-运行,输入services.msc打开服务,找到fsda停止并禁用,重起系统后删除:
C:\WINNT\G_Server2006.exe
G_server2006key.dll和G_server2006.dll