这个正常吗？

ok100fen · 发表于 2010-10-23 21:55:43

我用xuetr检测了一下自己的电脑
发现内核钩子竟然这么多被挂钩的地方？
请问，这正常吗？

ok100fen · 发表于 2010-10-23 21:56:15

[XueTr][Kernel Hook]: 78
挂钩对象挂钩位置钩子类型挂钩处当前值挂钩处原始值
ks.sys:KsSynchronousIoControlDevice[drmk.sys] [0xF96D4B1D]->[0x5015FF56] Iat 56 FF 15 50 1D 4B 6D F9
[*]ks.sys:KsRemoveItemFromObjectBag[drmk.sys] [0xF96D8CF4]->[0x33000180] Iat 80 01 00 33 F4 8C 6D F9
ks.sys:KsPinGetParentFilter[drmk.sys] [0xF96E3819]->[0x74DB85F6] Iat F6 85 DB 74 19 38 6E F9
[*]ks.sys:_KsEdit[drmk.sys] [0xF96E3F14]->[0x75FF5309] Iat 09 53 FF 75 14 3F 6E F9
ks.sys:KsPinGetConnectedPinFileObject[drmk.sys] [0xF96E59B6]->[0xABD0E8F0] Iat F0 E8 D0 AB B6 59 6E F9
[*]ks.sys:KsFilterGetFirstChildPin[drmk.sys] [0xF96E2C44]->[0x8B5FFFFF] Iat FF FF 5F 8B 44 2C 6E F9
ks.sys:KsAddEvent[drmk.sys] [0xF96E35A6]->[0xC95B5EC6] Iat C6 5E 5B C9 A6 35 6E F9
[*]ks.sys:KsGenerateEvents[drmk.sys] [0xF96CF20B]->[0x900004C2] Iat C2 04 00 90 0B F2 6C F9
ks.sys:KsAcquireControl[drmk.sys] [0xF96E36B7]->[0x90909090] Iat 90 90 90 90 B7 36 6E F9
[*]ks.sys:KsReleaseControl[drmk.sys] [0xF96E36D7]->[0x8B55FF8B] Iat 8B FF 55 8B D7 36 6E F9
ks.sys:KsGetPinFromIrp[drmk.sys] [0xF96CFCDA]->[0x535151EC] Iat EC 51 51 53 DA FC 6C F9
[*]ks.sys:KsPinGetConnectedPinDeviceObject[drmk.sys] [0xF96E59CD]->[0xF18B5756] Iat 56 57 8B F1 CD 59 6E F9
ks.sys:KsPinGetConnectedPinInterface[drmk.sys] [0xF96E5953]->[0x7E80FF33] Iat 33 FF 80 7E 53 59 6E F9
[*]WMILIB.SYS:WmiSystemControl[serial.sys] [0xF9F345C8]->[0xC48E8900] Iat 00 89 8E C4 C8 45 F3 F9
WMILIB.SYS:WmiCompleteRequest[serial.sys] [0xF9F34300]->[0x8B000004] Iat 04 00 00 8B 00 43 F3 F9
WMILIB.SYS:WmiSystemControl[parport.sys] [0xF9F345C8]->[0x005C0032] Iat 32 00 5C 00 C8 45 F3 F9
[*]WMILIB.SYS:WmiCompleteRequest[parport.sys] [0xF9F34300]->[0x00720044] Iat 44 00 72 00 00 43 F3 F9
NDIS.SYS:NdisCoCreateVc[psched.sys] [0xF9864186]->[0x000269F3] Iat F3 69 02 00 86 41 86 F9
[*]NDIS.SYS:NdisClMakeCall[psched.sys] [0xF9865E3E]->[0x00026A04] Iat 04 6A 02 00 3E 5E 86 F9
NDIS.SYS:NdisCoDeleteVc[psched.sys] [0xF9865557]->[0x00026A1B] Iat 1B 6A 02 00 57 55 86 F9
[*]NDIS.SYS:NdisGetPoolFromPacket[psched.sys] [0xF98457C1]->[0x00026A3C] Iat 3C 6A 02 00 C1 57 84 F9
NDIS.SYS:NdisFreeToBlockPool[psched.sys] [0xF984A5A6]->[0x00026A54] Iat 54 6A 02 00 A6 A5 84 F9
[*]NDIS.SYS:NdisIMCopySendCompletePerPacketInfo[psched.sys] [0xF98623CA]->[0x00026A67] Iat 67 6A 02 00 CA 23 86 F9
NDIS.SYS:NdisFreePacket[psched.sys] [0xF98457D5]->[0x00026A83] Iat 83 6A 02 00 D5 57 84 F9
[*]NDIS.SYS:NdisAllocateFromBlockPool[psched.sys] [0xF984A4B4]->[0x00026A9F] Iat 9F 6A 02 00 B4 A4 84 F9
NDIS.SYS:NdisAllocatePacket[psched.sys] [0xF984572D]->[0x00026ABA] Iat BA 6A 02 00 2D 57 84 F9
[*]NDIS.SYS:NdisIMCopySendPerPacketInfo[psched.sys] [0xF986236E]->[0x00026ADE] Iat DE 6A 02 00 6E 23 86 F9
NDIS.SYS:NdisGetReceivedPacket[psched.sys] [0xF985AF1A]->[0x00026AFE] Iat FE 6A 02 00 1A AF 85 F9
[*]NDIS.SYS:NdisIMGetCurrentPacketStack[psched.sys] [0xF9845580]->[0x00026B1E] Iat 1E 6B 02 00 80 55 84 F9
NDIS.SYS:NdisDprFreePacket[psched.sys] [0xF98457D5]->[0x00026B36] Iat 36 6B 02 00 D5 57 84 F9
[*]NDIS.SYS:NdisReturnPackets[psched.sys] [0xF985A810]->[0x00026B4D] Iat 4D 6B 02 00 10 A8 85 F9
NDIS.SYS:NdisAllocatePacketPoolEx[psched.sys] [0xF9846718]->[0x00026B69] Iat 69 6B 02 00 18 67 84 F9
[*]NDIS.SYS:NdisDprAllocatePacket[psched.sys] [0xF984572D]->[0x00026B89] Iat 89 6B 02 00 2D 57 84 F9
NDIS.SYS:NdisIMNotifyPnPEvent[psched.sys] [0xF98585DC]->[0x00026BA5] Iat A5 6B 02 00 DC 85 85 F9
[*]NDIS.SYS:NdisReEnumerateProtocolBindings[psched.sys] [0xF985B16B]->[0x00026BBF] Iat BF 6B 02 00 6B B1 85 F9
NDIS.SYS:NdisQueryPendingIOCount[psched.sys] [0xF984928C]->[0x00026BD8] Iat D8 6B 02 00 8C 92 84 F9
[*]NDIS.SYS:NdisClCloseCall[psched.sys] [0xF9865F22]->[0x00026BE7] Iat E7 6B 02 00 22 5F 86 F9
NDIS.SYS:NdisCoRequest[psched.sys] [0xF9863BF0]->[0x00026BF6] Iat F6 6B 02 00 F0 3B 86 F9
[*]NDIS.SYS:NdisRequest[psched.sys] [0xF985A97B]->[0x00026C0A] Iat 0A 6C 02 00 7B A9 85 F9
NDIS.SYS:NdisScheduleWorkItem[psched.sys] [0xF98456CB]->[0x00026C18] Iat 18 6C 02 00 CB 56 84 F9
[*]NDIS.SYS:NdisTerminateWrapper[psched.sys] [0xF98578EC]->[0x00026C2E] Iat 2E 6C 02 00 EC 78 85 F9
NDIS.SYS:NdisIMAssociateMiniport[psched.sys] [0xF9852AD4]->[0x00026C40] Iat 40 6C 02 00 D4 2A 85 F9
[*]NDIS.SYS:NdisIMRegisterLayeredMiniport[psched.sys] [0xF9852A8E]->[0x00026C56] Iat 56 6C 02 00 8E 2A 85 F9
NDIS.SYS:NdisMRegisterUnloadHandler[psched.sys] [0xF9852346]->[0x00026C6F] Iat 6F 6C 02 00 46 23 85 F9
[*]NDIS.SYS:NdisIMDeregisterLayeredMiniport[psched.sys] [0xF9857952]->[0x00026C87] Iat 87 6C 02 00 52 79 85 F9
NDIS.SYS:NdisDeregisterProtocol[psched.sys] [0xF9857821]->[0x00026C9F] Iat 9F 6C 02 00 21 78 85 F9
[*]NDIS.SYS:NdisRegisterProtocol[psched.sys] [0xF984D17F]->[0x00026CB4] Iat B4 6C 02 00 7F D1 84 F9
NDIS.SYS:NdisInitializeWrapper[psched.sys] [0xF98522BF]->[0x00026CCE] Iat CE 6C 02 00 BF 22 85 F9
[*]NDIS.SYS:NdisMInitializeTimer[psched.sys] [0xF9846CE5]->[0x00026CEC] Iat EC 6C 02 00 E5 6C 84 F9
NDIS.SYS:NdisSetTimer[psched.sys] [0xF9845528]->[0x00026CFB] Iat FB 6C 02 00 28 55 84 F9
[*]NDIS.SYS:NdisMCancelTimer[psched.sys] [0xF98634FB]->[0x00026D16] Iat 16 6D 02 00 FB 34 86 F9
NDIS.SYS:NdisOpenConfigurationKeyByName[psched.sys] [0xF984C822]->[0x00026D35] Iat 35 6D 02 00 22 C8 84 F9
[*]NDIS.SYS:NdisOpenProtocolConfiguration[psched.sys] [0xF985AF99]->[0x00026D49] Iat 49 6D 02 00 99 AF 85 F9
NDIS.SYS:NdisCloseConfiguration[psched.sys] [0xF984C7E0]->[0x00026D60] Iat 60 6D 02 00 E0 C7 84 F9
[*]NDIS.SYS:NdisReadConfiguration[psched.sys] [0xF984C61F]->[0x00026D7A] Iat 7A 6D 02 00 1F C6 84 F9
NDIS.SYS:NdisOpenAdapter[psched.sys] [0xF984D399]->[0x00026D8F] Iat 8F 6D 02 00 99 D3 84 F9
[*]NDIS.SYS:NdisClModifyCallQoS[psched.sys] [0xF986491C]->[0x00026DA6] Iat A6 6D 02 00 1C 49 86 F9
NDIS.SYS:NdisClOpenAddressFamily[psched.sys] [0xF984E129]->[0x00026DBC] Iat BC 6D 02 00 29 E1 84 F9
[*]NDIS.SYS:NdisCoSendPackets[psched.sys] [0xF9865AF1]->[0x00026DE0] Iat E0 6D 02 00 F1 5A 86 F9
NDIS.SYS:NdisMQueryAdapterInstanceName[psched.sys] [0xF9851679]->[0x00026DF2] Iat F2 6D 02 00 79 16 85 F9
[*]NDIS.SYS:NdisMDeregisterDevice[psched.sys] [0xF9849585]->[0x00026E12] Iat 12 6E 02 00 85 95 84 F9
NDIS.SYS:NdisMSleep[psched.sys] [0xF984E5C2]->[0x00026E29] Iat 29 6E 02 00 C2 E5 84 F9
[*]NDIS.SYS:NdisSetEvent[psched.sys] [0xF98456F7]->[0x00026E39] Iat 39 6E 02 00 F7 56 84 F9
NDIS.SYS:NdisDestroyBlockPool[psched.sys] [0xF984A466]->[0x00026E48] Iat 48 6E 02 00 66 A4 84 F9
[*]NDIS.SYS:NdisFreePacketPool[psched.sys] [0xF9848D8C]->[0x00026E5B] Iat 5B 6E 02 00 8C 8D 84 F9
NDIS.SYS:NdisWriteEventLogEntry[psched.sys] [0xF985D894]->[0x00026E6A] Iat 6A 6E 02 00 94 D8 85 F9
[*]NDIS.SYS:NdisIMInitializeDeviceInstanceEx[psched.sys] [0xF98502A4]->[0x00026E79] Iat 79 6E 02 00 A4 02 85 F9
NDIS.SYS:NdisMSetAttributesEx[psched.sys] [0xF9850A6F]->[0x00026E8C] Iat 8C 6E 02 00 6F 0A 85 F9
[*]NDIS.SYS:NdisInitializeEvent[psched.sys] [0xF9845712]->[0x00026E9D] Iat 9D 6E 02 00 12 57 84 F9
NDIS.SYS:NdisCreateBlockPool[psched.sys] [0xF9847065]->[0x00026EB1] Iat B1 6E 02 00 65 70 84 F9
[*]NDIS.SYS:NdisIMGetDeviceContext[psched.sys] [0xF9851665]->[0x00026ECD] Iat CD 6E 02 00 65 16 85 F9
NDIS.SYS:NdisClCloseAddressFamily[psched.sys] [0xF9865D5E]->[0x00026EEC] Iat EC 6E 02 00 5E 5D 86 F9
[*]NDIS.SYS:NdisCloseAdapter[psched.sys] [0xF9857642]->[0x00026F0A] Iat 0A 6F 02 00 42 76 85 F9
NDIS.SYS:NdisIMDeInitializeDeviceInstance[psched.sys] [0xF9857EE3]->[0x00026F2A] Iat 2A 6F 02 00 E3 7E 85 F9
[*]NDIS.SYS:NdisWaitEvent[psched.sys] [0xF9845668]->[0x00026F43] Iat 43 6F 02 00 68 56 84 F9
NDIS.SYS:NdisIMCancelInitializeDeviceInstance[psched.sys] [0xF9855FF3]->[0x00026F57] Iat 57 6F 02 00 F3 5F 85 F9
[*]NDIS.SYS:NdisResetEvent[psched.sys] [0xF9846AB9]->[0x00026F74] Iat 74 6F 02 00 B9 6A 84 F9
NDIS.SYS:NdisMRegisterDevice[psched.sys] [0xF9851072]->[0x00026F95] Iat 95 6F 02 00 72 10 85 F9

ok100fen · 发表于 2010-10-23 21:56:59

是不是中毒了？

Tesla.Angela · 发表于 2010-10-23 22:38:23

不像中毒，应该是安全类软件修改的。

ok100fen · 发表于 2010-10-23 22:56:02

可是，我没装杀毒软件啊

一样都没装

Tesla.Angela · 发表于 2010-10-24 20:12:41

自己在谷歌上搜索一下驱动名嘛。。。

账号		自动登录	找回密码
密码			加入我们