瑞星卡卡安全论坛

现在察觉的主要症状是开机进入xp登陆画面，如不立即输入密码登陆，则过一分钟后再输入正确密码也无法登陆。按ctrl+alt+del则可以正常登陆；在系统进入屏保状态后，结束屏保，则显示windowsxp欢迎界面，而正常情况下应该出现的可选择登陆名却不见了，ctrl+alt+del也无效果

这是运行进程的扫描报告：
正在运行的进程
[PID: 748][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 804][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\TEMP\4.dll]  <N/A><N/A>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 828][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 876][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 888][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1056][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1204][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1312][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1336][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1516][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1804][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServerKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\TEMP\4.dll]  <N/A><N/A>
[PID: 636][C:\Program Files\DAEMON Tools\daemon.exe]  <DT Soft Ltd.><4.03.0.0>
    [C:\Program Files\DAEMON Tools\daemon.dll]  <DT Soft Ltd.><4.03.0.0>
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  <N/A><1.0.6.0>
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  <GENERIC><1.10.0.0>
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  <GENERIC><1.12.0.0>
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  <GENERIC><1.11.0.0>
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  <GENERIC><1.01.0.0>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 648][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\HostServerKey.DLL]  <N/A><N/A>
[PID: 696][C:\Program Files\Super Rabbit\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\HostServerKey.DLL]  <N/A><N/A>
[PID: 1140][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1256][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [C:\WINDOWS\TEMP\4.dll]  <N/A><N/A>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1296][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1352][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.00.9064.9150>
    [C:\WINDOWS\HostServerKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>
[PID: 1484][C:\WINDOWS\System32\nvsvc32.exe]  <NVIDIA Corporation><6.13.10.2980>
    [C:\WINDOWS\HostServer_Hook.DLL]  <N/A><N/A>


在安全模式下，HostServer_Hook.DLL和4.dll均可删除，但HostServerKey.DLL却无法在相应目录找到，在安全模式下删除了HostServer_Hook.DLL和4.dll及其相关注册表内容后，重新启动又会生成。另外，我并没有打开IE,但IEXPLORE.EXE自动进入进程，请各位高手救助