刚装上SRE就告诉我发现2个隐藏进程让我好好扫描 另外打开sreng的启动项目，它说注册表值UIHOST被修改为非正常值（默认值是logonui.exe），请检查你的系统中可能存在的计算机病毒。
应该怎么该哪

[CODE]

2007-08-09,20:55:13

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  []
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Skype><"D:\Skype\Phone\Skype.exe" /nosplash /minimized>  [N/A]
    <imuu><C:\PROGRA~1\COMMON~1\imuu\imuum.exe>  [N/A]
    <KVFW><"C:\Program Files\KVFW\kvfw.exe" -silent>  [Beijing Jiangmin.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <EssSpkPhone><essspk.exe>  []
    <Acronis?True?Image Monitor><"C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe">  [Acronis]
    <Acronis Scheduler2 Service><"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe">  [Acronis]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE Teclast WE PC Camera>  [N/A]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <KVMON><D:\Jiangmin\AntiVirus\KVMonXP.kxp>  [Jiangmin Co.Ltd]
    <ISUSPM Startup><c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Royale.exe">  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[Rainlendar精美日历]
  <C:\Documents and Settings\Nico\「开始」菜单\程序\启动\Rainlendar精美日历.lnk --> C:\PROGRA~1\RAINLE~1\RAINLE~1.EXE [N/A]><N>

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)

服务
[Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start]
  <"C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"><Acronis>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\Jiangmin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
  <"D:\Jiangmin\AntiVirus\KVWSC.exe"><Jiangmin Co.,Ltd>
[StyleXPService / StyleXPService][Running/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[BsDeamon / BsDeamon][Running/System Start]
  <\??\D:\Jiangmin\ANTIVI~1\BsDeamon.sys><Jiangmin Co.,Ltd.>
[EDSP Port Driver / Edspport][Running/Manual Start]
  <system32\DRIVERS\es56hpi.sys><ESS Technology, Inc.>
[Network Fire Hydrant / HdFw_slot][Running/Auto Start]
  <\??\C:\Program Files\KVFW\hdfw.sys><北京江民新科技术有限公司>
[KAnalyser / KAnalyser][Stopped/System Start]
  <\??\D:\Jiangmin\ANTIVI~1\KANALY~1.SYS><Jiangmin Co.,Ltd.>
[KPGuard / KPGuard][Running/System Start]
  <\??\D:\Jiangmin\ANTIVI~1\KPGuard.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
  <\??\D:\Jiangmin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall / KSysCall][Running/System Start]
  <\??\D:\Jiangmin\Common\KSysCall.sys><Jiangmin Co.,  Ltd.>
[KSysFilter / KSysFilter][Running/Boot Start]
  <\SystemRoot\System32\Drivers\KSysFilt.sys><Jiangmin Co. Ltd.>
[KSysMon / KSysMon][Running/System Start]
  <\??\D:\Jiangmin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Running/Manual Start]
  <\??\D:\Jiangmin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Stopped/Manual Start]
  <\??\D:\KV2006\KvMemon.sys><N/A>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\D:\Jiangmin\AntiVirus\KVREDIR.sys><Jiangmin Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PProtect / PProtect][Stopped/System Start]
  <\??\D:\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Acronis Snapshots Manager / snapman][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\snapman.sys><Acronis>
[StyleXPHelper / StyleXPHelper][Running/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Acronis TrueImage FS Filter / tifsfilter][Running/Auto Start]
  <system32\DRIVERS\tifsfilt.sys><Acronis>
[Acronis TrueImage Backup Archive Explorer / timounter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\timntr.sys><Acronis>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Teclast WE PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[CoTGT_BHO Class]
  {C333CF63-767F-4831-94AC-E683D962C63C} <C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[BitComet Search]
  {461CC20B-FB6E-4f16-8FE8-C29359DB100E} <d:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll, BitComet>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ2005\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[HelperObject Class]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll, TechSmith Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <d:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll, BitComet>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[CoTGT_BHO Class]
  {C333CF63-767F-4831-94AC-E683D962C63C} <C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, ShenZhen Thunder Networking Technologies Ltd.>
[&使用BitComet下载]
  <res://d:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://d:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://d:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\QQ2005\AddEmotion.htm, N/A>

==================================

正在运行的进程
[PID: 472 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 604 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876 / SYSTEM][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe]  [, 0, 20, 0, 3000]
[PID: 956 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
[PID: 1260 / SYSTEM][C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe]  [Acronis, 1,0,0,54]
[PID: 1428 / SYSTEM][D:\Jiangmin\AntiVirus\KVWSC.exe]  [Jiangmin Co.,Ltd, 1, 0, 7, 131]
    [D:\Jiangmin\Kernel\EngFace.dll]  [Jiangmin Co., Ltd., 2, 0, 7, 724]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
[PID: 1492 / Nico][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [c:\documents and settings\nico\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Jiangmin\AntiVirus\KVshell.dll]  [Jiangmin Co.Ltd, 1, 0, 7, 806]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [D:\Jiangmin\AntiVirus\lang\kvxp0804.lng]  [N/A, ]
    [D:\Jiangmin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 1, 0, 7, 626]
    [D:\Jiangmin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\PROGRA~1\FlashGet\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll]  [N/A, ]
    [D:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1640 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1904 / Nico][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 6.00.1027]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll]  [CyberLink Corp., 3.2.2021 ]
[PID: 1944 / Nico][C:\WINDOWS\essspk.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1952 / Nico][C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe]  [Acronis, 8,0,0,768]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 1960 / Nico][C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe]  [Acronis, 1,0,0,54]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 1968 / Nico][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
[PID: 1984 / Nico][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 00, 100, 1161]
[PID: 2024 / Nico][C:\Program Files\TGTSoft\StyleXP\StyleXP.exe]  [, 0, 30, 0, 0]
    [c:\documents and settings\nico\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 2032 / Nico][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 176 / Nico][C:\Program Files\KVFW\kvfw.exe]  [Beijing Jiangmin., 9.0.5.1205]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\KVFW\KVFWUtil.DLL]  [, 1, 0, 0, 1]
[PID: 228 / Nico][C:\Program Files\Rainlendar\Rainlendar.exe]  [N/A, ]
    [C:\Program Files\Rainlendar\Rainlendar.dll]  [, 0, 19, 3, 0]
    [C:\WINDOWS\system32\MAPI32.dll]  [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 1056 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2100 / Nico][C:\WINDOWS\system32\DllHost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Jiangmin\common\ComUI.dll]  [Jiangmin Co,.Ltd, 1, 0, 7, 112]
    [D:\Jiangmin\common\ComUIPS.dll]  [Jiangmin Co.Ltd, 1.0.0.808]
    [C:\WINDOWS\system32\HiveBase.dll]  [Jiangmin Co., Ltd., 1, 0, 7, 226]
    [D:\Jiangmin\common\GUIEXT.DLL]  [Jiangmin Co.Ltd, 1, 0, 7, 626]
    [D:\Jiangmin\common\lang\guiext0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 1768 / Nico][D:\Program Files\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [D:\Program Files\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1904, C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1944, C:\WINDOWS\ESSSPK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1952, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1960, C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1968, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1984, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2024, C:\PROGRAM FILES\TGTSOFT\STYLEXP\STYLEXP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 176, C:\PROGRAM FILES\KVFW\KVFW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 228, C:\PROGRAM FILES\RAINLENDAR\RAINLENDAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
    [1309] D:\Jiangmin\AntiVirus\kvsrvxp.exe
    [2009] D:\Jiangmin\AntiVirus\KVMonXP.kxp

==================================


[/CODE]

日志没有问题