Logfile of HijackThis v1.99.1
Scan saved at 9:52:24, on 2005-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\RAV\CCenter.exe
C:\WINDOWS\System32\svchost.exe
e:\Ahead\InCD\InCDsrv.exe
E:\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
E:\RAV\RavStub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\RAV\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\RAV\Ravmon.exe
C:\DOCUME~1\Xegony\LOCALS~1\Temp\Rar$EX03.297\ClockTraySkins.exe
E:\RAV\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\hijack\HijackThis.exe

O1 - Hosts: AmsServer
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [RavTask] "E:\RAV\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\DOCUME~1\Xegony\LOCALS~1\Temp\Rar$EX03.297\ClockTraySkins.exe
O8 - Extra context menu item:  POTU:加入我的博通 - http://www.potu.com/my/rightClick.php
O8 - Extra context menu item:  POTU:订阅RSS地址频道 - E:\RssReader\common\geturl.htm
O8 - Extra context menu item:  POTU:订阅选定的RSS地址频道 - E:\RssReader\common\getselect.htm
O8 - Extra context menu item: &使用迅雷下载 - e:\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\Thunder\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\OFFICE\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - e:\qq\AddEmotion.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\BitSpirit\bsurl.htm
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132378506071
O17 - HKLM\System\CCS\Services\Tcpip\..\{410EE7F7-2404-4028-88DE-85791AEADF12}: NameServer = 219.149.52.3 219.149.52.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{410EE7F7-2404-4028-88DE-85791AEADF12}: NameServer = 219.149.52.3 219.149.52.4
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\WINDOWS\system32\iprepair.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - e:\Ahead\InCD\InCDsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\RAV\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\RAV\Ravmond.exe
O23 - Service: Windows Driver Extersions (Windows Maganbment Instrautati) - Unknown owner - C:\WINDOWS\WindowsConSharing.exe

用瑞星杀毒每次重启又出现鸽子，杀不掉如何是好？

O23 - Service: Windows Driver Extersions (Windows Maganbment Instrautati) - Unknown owner - C:\WINDOWS\WindowsConSharing.exe比较可疑,如果是把那个文件!O1 - Hosts: AmsServer没用的删掉好了!Service: InCD Helper (InCDsrv) - Ahead Software AG - e:\Ahead\InCD\InCDsrv.exe也比较可疑!

多谢楼上的兄弟，这就试试

O23 - Service: Windows Driver Extersions (Windows Maganbment Instrautati) - Unknown owner - C:\WINDOWS\WindowsConSharing.exe
果然这个东西有问题，用木马杀客杀掉就好了，谢谢上面的兄弟了

再修复
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\WINDOWS\system32\iprepair.dll

删除 C:\WINDOWS\system32\iprepair.dll