PID 0 Parent PID 0 [System Process]
PID 4 Parent PID 0 System
PID 424 Parent PID 4 kind {Session manager} C:\WINDOWS\system32\smss.exe
PID 720 Parent PID 424 kind {Client Server Runtime Process} C:\WINDOWS\system32\csrss.exe
PID 744 Parent PID 424 kind {WinLogon} C:\WINDOWS\system32\winlogon.exe
PID 788 Parent PID 744 kind {Services.exe} C:\WINDOWS\system32\services.exe
PID 800 Parent PID 744 kind {lsass} C:\WINDOWS\system32\lsass.exe
PID 984 Parent PID 788 kind {DCom Server} C:\WINDOWS\system32\svchost.exe
PID 1040 Parent PID 788 kind {RPC Service} C:\WINDOWS\system32\svchost.exe
PID 1108 Parent PID 788 kind {DHCP Client} C:\WINDOWS\system32\svchost.exe
PID 1152 Parent PID 788 service {WudfSvc} C:\WINDOWS\system32\svchost.exe
PID 1260 Parent PID 788 kind {DNS Client} C:\WINDOWS\system32\svchost.exe
PID 1324 Parent PID 788 kind {WebClient} C:\WINDOWS\system32\svchost.exe
PID 1528 Parent PID 1488 kind {Explorer} C:\WINDOWS\explorer.exe
PID 1680 Parent PID 788 kind {Print Spooler} C:\WINDOWS\system32\spoolsv.exe
PID 1840 Parent PID 1528 C:\WINDOWS\system32\igfxpers.exe
PID 1924 Parent PID 984 C:\WINDOWS\system32\igfxsrvc.exe
PID 1972 Parent PID 1528 C:\WINDOWS\system32\igfxtray.exe
PID 1980 Parent PID 1528 C:\WINDOWS\system32\hkcmd.exe
PID 212 Parent PID 1528 C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE
PID 236 Parent PID 1528 C:\Program Files\Elantech\ETDCtrl.exe
PID 244 Parent PID 1528 C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PID 376 Parent PID 1528 kind {CTF Loader} C:\WINDOWS\system32\ctfmon.exe
PID 456 Parent PID 1528 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PID 560 Parent PID 788 kind {WebClient} C:\WINDOWS\system32\svchost.exe
PID 664 Parent PID 788 service {hpqddsvc} C:\WINDOWS\system32\svchost.exe
PID 684 Parent PID 788 service {Pml Driver HPZ12} C:\WINDOWS\system32\svchost.exe
PID 660 Parent PID 788 service {NIS} C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe
PID 1224 Parent PID 788 service {Pml Driver HPZ12} C:\WINDOWS\system32\svchost.exe
PID 1284 Parent PID 788 kind {Windows Image Acquisition} C:\WINDOWS\system32\svchost.exe
PID 280 Parent PID 660 service {NIS} C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe
PID 2124 Parent PID 788 service {btwdins} C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PID 2588 Parent PID 788 kind {Application Layer Gateway Service} C:\WINDOWS\system32\alg.exe
PID 2644 Parent PID 1108 kind {Windows Security Center Notification App} C:\WINDOWS\system32\wscntfy.exe
PID 3584 Parent PID 1528 kind {Firefox browser} C:\Program Files\Mozilla Firefox\firefox.exe
PID 3368 Parent PID 1528 kind {Cmd.exe} C:\WINDOWS\system32\cmd.exe
PID 2996 Parent PID 3368 C:\Documents and Settings\Nikola\Plocha\wincheck.exe
MyWindowsChecker: len 13, kernel name ntkrnlpa.exe
Major 5 Minor 1 BuildNumber 2600 PlatformId 2 ServicePackMajor 3 ServicePackMinor 0 SuiteMask 256 ProductType 1  CSDVersion Service Pack 3
HighestUserAddress: 7FFEFFFF
UserProbeAddress:   7FFF0000
SystemRangeStart:   80000000
NtMajorVersion: 5
NtMinorVersion: 1
BuildNumber:    2600
GlobalFlag: 0
Processors: 2
MmVerifierFlags 0
MmSystemSize    2 Large
DebuggerEnabled 0
DebuggerNotPresent 0
SafeBootMode    0
NXSupportPolicy 2
CR0 80010031 PE ET NE WP PG
CR4 000006F9 VME DE PSE PAE MCE PGE OSFXSR OSXMMEXCPT
KPCR[0] FFDFF000 major 1 minor 1
KPCR[1] BA338000 major 1 minor 1
WindowsType: Multiprocessor Free
KDDB:
 ETHREAD.StartAddress    224
 PsLoadedModuleList:     8055D720
 MmLoadedUserImageList:  8055D5F0
 KiProcessorBlock:       8055C5A0 (855A0)
 KernelVerifier:         0
 KeBugCheckCallbackList: 8055C758 (85758)
 MmNonPagedPoolStart:    82E0B000
 MmNonPagedPoolEnd:      FFBE0000
 MmPagedPoolStart:       E1000000
 MmPagedPoolEnd:         F77FFFFF
 MmPageSize: 4096
Decode system scheme - simple
Decode scheme - simple
Driver RPHook loaded from C:\DOCUME~1\Nikola\LOCALS~1\Temp\drv2
804D7000:20E000 flags C004000 LoadCount 1 \WINDOWS\system32\ntkrnlpa.exe
806E5000:20D00 flags C004000 LoadCount 1 \WINDOWS\system32\hal.dll
BA5A8000:2000 flags 9004000 LoadCount 3 \WINDOWS\system32\KDCOM.DLL
BA4B8000:3000 flags 9004000 LoadCount 2 \WINDOWS\system32\BOOTVID.dll
B9F79000:2E000 flags 9004000 LoadCount 1 ACPI.sys
BA5AA000:2000 flags D004000 LoadCount 19 \WINDOWS\system32\DRIVERS\WMILIB.SYS
B9F68000:11000 flags 9004000 LoadCount 1 pci.sys
BA0A8000:A000 flags 9004000 LoadCount 1 isapnp.sys
BA4BC000:3000 flags 9004000 LoadCount 1 compbatt.sys
BA4C0000:4000 flags D004000 LoadCount 2 \WINDOWS\system32\DRIVERS\BATTC.SYS
BA670000:1000 flags 9004000 LoadCount 1 pciide.sys
BA328000:7000 flags D004000 LoadCount 1 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA0B8000:B000 flags 9004000 LoadCount 1 MountMgr.sys
B9F49000:1F000 flags 9004000 LoadCount 1 ftdisk.sys
BA5AC000:2000 flags 9004000 LoadCount 1 dmload.sys
B9F23000:26000 flags 9004000 LoadCount 1 dmio.sys
BA4C4000:3000 flags 9004000 LoadCount 1 ACPIEC.sys
BA671000:1000 flags D004000 LoadCount 1 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
BA330000:5000 flags 9004000 LoadCount 1 PartMgr.sys
BA0C8000:D000 flags 9004000 LoadCount 1 VolSnap.sys
B9F0B000:18000 flags 9004000 LoadCount 1 atapi.sys
BA0D8000:9000 flags 9004000 LoadCount 1 disk.sys
BA0E8000:D000 flags D004000 LoadCount 2 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
B9EEB000:20000 flags D004000 LoadCount 3 fltMgr.sys
B9E94000:57000 flags 9004000 LoadCount 1 SYMDS.SYS
B9E82000:12000 flags 9004000 LoadCount 1 sr.sys
B9D9E000:E4000 flags 9004000 LoadCount 1 SYMEFA.SYS
B9D87000:17000 flags D004000 LoadCount 6 KSecDD.sys
B9D74000:13000 flags 9004000 LoadCount 1 WudfPf.sys
B9CE7000:8D000 flags 9004000 LoadCount 1 Ntfs.sys
B9CBA000:2D000 flags 9004000 LoadCount 17 NDIS.sys
B9CA0000:1A000 flags 9004000 LoadCount 1 Mup.sys
BA138000:A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\intelppm.sys
B8E9E000:606000 flags 1104000 LoadCount 1 \SystemRoot\system32\DRIVERS\igxpmp32.sys
B8E8A000:14000 flags 9104000 LoadCount 6 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BA3F8000:6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbuhci.sys
B8E66000:24000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\USBPORT.SYS
BA400000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbehci.sys
B8E3E000:28000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\HDAudBus.sys
B8CCE000:170000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\athw.sys
BA148000:E000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\l1e51x86.sys
BA158000:D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\i8042prt.sys
BA408000:6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\kbdclass.sys
B8CAE000:20000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ETD.sys
BA410000:6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouclass.sys
BA168000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\imapi.sys
BA178000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\cdrom.sys
BA188000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\redbook.sys
B8C8B000:23000 flags 9104000 LoadCount 8 \SystemRoot\system32\DRIVERS\ks.sys
BA590000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\CmBatt.sys
BA418000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ATKACPI.sys
B8B9A000:F1000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\btkrnl.sys
BA7AA000:1000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\audstub.sys
BA198000:D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA594000:3000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ndistapi.sys
B8B83000:17000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndiswan.sys
BA1A8000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspppoe.sys
BA1B8000:C000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspptp.sys
BA420000:5000 flags 9104000 LoadCount 11 \SystemRoot\system32\DRIVERS\TDI.SYS
B8B72000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\psched.sys
BA1C8000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\msgpc.sys
BA428000:5000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ptilink.sys
BA430000:5000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspti.sys
B8B42000:30000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rdpdr.sys
BA1D8000:A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\termdd.sys
BA5C8000:2000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\swenum.sys
B8AE4000:5E000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\update.sys
B9C74000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mssmbios.sys
BA438000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\btport.sys
BA1F8000:A000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\NDProxy.SYS
BA248000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbhub.sys
BA5CE000:2000 flags 9104000 LoadCount 3 \SystemRoot\system32\DRIVERS\USBD.SYS
A77C9000:103000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\viahduaa.sys
A77A5000:24000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\portcls.sys
BA258000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\drmk.sys
A7651000:154000 flags 1104000 LoadCount 1 \SystemRoot\system32\drivers\monfilt.sys
A762D000:24000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\NIS\1307000.009\ccSetx86.sys
A7606000:27000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\NIS\1307000.009\Ironx86.SYS
A745A000:1AC000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\snp2uvc.sys
BA278000:D000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\STREAM.SYS
BA458000:7000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\sncduvc.SYS
BA5D8000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fs_Rec.SYS
BA7B3000:1000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Null.SYS
BA5DA000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Beep.SYS
BA468000:7000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BA470000:6000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\vga.sys
BA5DC000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\mnmdd.SYS
BA5DE000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\DRIVERS\RDPCDD.sys
BA478000:5000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Msfs.SYS
BA480000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Npfs.SYS
BA564000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasacd.sys
A7427000:13000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ipsec.sys
A73CE000:59000 flags 9104000 LoadCount 3 \SystemRoot\system32\DRIVERS\tcpip.sys
A7370000:5E000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
A7346000:2A000 flags 9104000 LoadCount 1 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
A7320000:26000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ipnat.sys
BA574000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\hidusb.sys
BA288000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
A72C5000:5B000 flags 9104000 LoadCount 1 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120426.001\IDSxpx86.sys
BA578000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouhid.sys
A729D000:28000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbt.sys
BA57C000:3000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\ws2ifsl.sys
A7253000:22000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\afd.sys
BA298000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbios.sys
BA2A8000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\NIS\1307000.009\SRTSPX.SYS
A7228000:2B000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\rdbss.sys
A71B8000:70000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb.sys
BA2B8000:B000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fips.SYS
A715A000:5E000 flags 9104000 LoadCount 1 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
A713C000:1E000 flags 9104000 LoadCount 1 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
A7070000:CC000 flags 9104000 LoadCount 1 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
BA2D8000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wanarp.sys
BA2E8000:10000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Cdfs.SYS
A6F90000:18000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_atapi.sys
BA668000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000:1C7000 flags 29104000 LoadCount 1 \SystemRoot\System32\win32k.sys
A7289000:3000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\Dxapi.sys
BA3A8000:5000 flags 9104000 LoadCount 1 \SystemRoot\System32\watchdog.sys
BF000000:12000 flags 29104000 LoadCount 1 \SystemRoot\System32\drivers\dxg.sys
BA688000:1000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\dxgthk.sys
BF024000:3B000 flags 21104000 LoadCount 1 \SystemRoot\System32\igxpgd32.dll
BF012000:12000 flags 21104000 LoadCount 1 \SystemRoot\System32\igxprd32.dll
BF05F000:2C5000 flags 21104000 LoadCount 1 \SystemRoot\System32\igxpdv32.DLL
BF324000:35B000 flags 21104000 LoadCount 1 \SystemRoot\System32\igxpdx32.DLL
A6E50000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndisuio.sys
A6B93000:15000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\wdmaud.sys
A6EC8000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\sysaudio.sys
A6748000:2D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxdav.sys
A6600000:58000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\srv.sys
A610F000:41000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\HTTP.sys
A5F8B000:94000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\NIS\1307000.009\SRTSP.SYS
A5E0B000:180000 flags 9104000 LoadCount 1 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.002\NAVEX15.SYS
A5DCF000:14000 flags 9104000 LoadCount 1 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120427.002\NAVENG.SYS
A5B2F000:70000 flags 9104000 LoadCount 1 \??\C:\Documents and Settings\Nikola\Plocha\XueTr\XueTr.sys
A6460000:F000 flags 9104000 LoadCount 1 \??\C:\DOCUME~1\Nikola\LOCALS~1\Temp\drv2
7C900000:B1000 flags 0 LoadCount 1 \WINDOWS\system32\ntdll.dll
Patched KeReleaseInStackQueuedSpinLockFromDpcLevel + C72
Patched KiDispatchInterrupt + 2BE
KernelSection .text rva 1000, size 6F15C, 0x2768 relocs has 0x14 patched bytes !
SDT entry C (ZwAlertResumeThread) hooked 8A881F48 !
SDT entry D (ZwAlertThread) hooked 8A3880E8 !
SDT entry 11 (ZwAllocateVirtualMemory) hooked 8954FF00 !
SDT entry 13 (ZwAssignProcessToJobObject) hooked 89516008 !
SDT entry 1F (ZwConnectPort) hooked 8A8F1140 !
SDT entry 29 (ZwCreateKey) hooked A735ED40 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS!
SDT entry 2B (ZwCreateMutant) hooked 8AA15BD0 !
SDT entry 34 (ZwCreateSymbolicLinkObject) hooked 895890E8 !
SDT entry 35 (ZwCreateThread) hooked 8A8900E0 !
SDT entry 39 (ZwDebugActiveProcess) hooked 8956B738 !
SDT entry 3F (ZwDeleteKey) hooked A735EFC0 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS!
SDT entry 41 (ZwDeleteValueKey) hooked A735F680 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS!
SDT entry 44 (ZwDuplicateObject) hooked 8950E370 !
SDT entry 53 (ZwFreeVirtualMemory) hooked 89554950 !
SDT entry 59 (ZwImpersonateAnonymousToken) hooked 8A9A2070 !
SDT entry 5B (ZwImpersonateThread) hooked 8A881EC8 !
SDT entry 61 (ZwLoadDriver) hooked 8A8B99A8 !
SDT entry 6C (ZwMapViewOfSection) hooked 8A898668 !
SDT entry 72 (ZwOpenEvent) hooked 89521F90 !
SDT entry 7A (ZwOpenProcess) hooked 8A9492D8 !
SDT entry 7B (ZwOpenProcessToken) hooked 8954FFD0 !
SDT entry 7D (ZwOpenSection) hooked 8950EF10 !
SDT entry 80 (ZwOpenThread) hooked 8950E400 !
SDT entry 89 (ZwProtectVirtualMemory) hooked 895160A0 !
SDT entry CE (ZwResumeThread) hooked 8A3881A8 !
SDT entry D5 (ZwSetContextThread) hooked 8A878630 !
SDT entry E4 (ZwSetInformationProcess) hooked 8AA13238 !
SDT entry F0 (ZwSetSystemInformation) hooked 89589D08 !
SDT entry F7 (ZwSetValueKey) hooked A735F910 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS!
SDT entry FD (ZwSuspendProcess) hooked 8950EFD0 !
SDT entry FE (ZwSuspendThread) hooked 8AA57F48 !
SDT entry 101 (ZwTerminateProcess) hooked 89585978 !
SDT entry 102 (ZwTerminateThread) hooked 8A878570 !
SDT entry 10B (ZwUnmapViewOfSection) hooked 8A8985A8 !
SDT entry 115 (ZwWriteVirtualMemory) hooked 89591AA0 !

KPRCB worker routines:
KPRCB[0].WorkerRoutine: 804FB1EE \WINDOWS\system32\ntkrnlpa.exe
KPRCB[0].IdleFunction:  80528710 \WINDOWS\system32\ntkrnlpa.exe
KPRCB[1].WorkerRoutine: 804FB1EE \WINDOWS\system32\ntkrnlpa.exe
KPRCB[1].IdleFunction:  80528710 \WINDOWS\system32\ntkrnlpa.exe

ObType Directory:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Mutant:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80539060 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Thread:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805D1E9C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType FilterCommunicationPort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       B9EFF90A fltMgr.sys
 DeleteProcedure:      B9EFF190 fltMgr.sys
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Controller:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Profile:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80617A58 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Event:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Type:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805C1550 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Section:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805A8A38 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType EventPair:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType SymbolicLink:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805C39D4 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       805C3696 \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Desktop:
 DumpProcedure:        00000000 
 OpenProcedure:        8060D864 \WINDOWS\system32\ntkrnlpa.exe
 CloseProcedure:       8060D742 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      8060D81A \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 8060D7A8 \WINDOWS\system32\ntkrnlpa.exe
ObType Timer:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80538AD6 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType File:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       8058370E \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805839EC \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       805835FC \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    80583D70 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   805826A6 \WINDOWS\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000 
ObType WindowStation:
 DumpProcedure:        00000000 
 OpenProcedure:        8060D864 \WINDOWS\system32\ntkrnlpa.exe
 CloseProcedure:       8060D742 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      8060D81A \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       8060D8D8 \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 8060D7A8 \WINDOWS\system32\ntkrnlpa.exe
ObType Driver:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80583654 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType WmiGuid:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       80604214 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      80604272 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    8060476C \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType KeyedEvent:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Device:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805836CE \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       8058280E \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    80583D70 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Token:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805F8C12 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType DebugObject:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       80643740 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      80573578 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType IoCompletion:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80578E5A \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Process:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805D1D14 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Adapter:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Key:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       80637BBE \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      80637AA4 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       8062F98A \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    80637908 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   8063693E \WINDOWS\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000 
ObType Job:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       805D68C0 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805D5B2C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType WaitablePort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       805A68B0 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805A68E8 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Port:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       805A68B0 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805A68E8 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Callback:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80573578 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType FilterConnectionPort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       B9EFF1AA fltMgr.sys
 DeleteProcedure:      B9EFF1CA fltMgr.sys
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Semaphore:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805F8A98 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 

Callbacks:
CB: SymD2D_ccHP, total 5:
  B9DA5B00 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
CB: SetSystemState, total 0:
CB: NdisBindUnbind, total 0:
CB: PowerState, total 8:
  806EBA30 (\WINDOWS\system32\hal.dll)
  B9F87568 (ACPI.sys)
  B9F7C7A8 (ACPI.sys)
  B9CBB14D (NDIS.sys)
  BA13D8F8 (\SystemRoot\system32\DRIVERS\intelppm.sys)
  BA59152E (\SystemRoot\system32\DRIVERS\CmBatt.sys)
  B8EA3120 (\SystemRoot\system32\DRIVERS\igxpmp32.sys)
  B8E8A62A (\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS)
CB: SymD2D_SYMTDI, total 2:
  A73B14A0 (\SystemRoot\System32\Drivers\NIS\1307000.009\SYMTDI.SYS)
  A7100B70 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys)
CB: TcpConnectionCallback, total 1:
  A73279D0 (\SystemRoot\system32\DRIVERS\ipnat.sys)
CB: SymD2D_spbbcdrv, total 5:
  A73B1150 (\SystemRoot\System32\Drivers\NIS\1307000.009\SYMTDI.SYS)
  A72D9C30 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120426.001\IDSxpx86.sys)
  A72D9C30 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120426.001\IDSxpx86.sys)
  A7100750 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys)
  A5FA5280 (\SystemRoot\System32\Drivers\NIS\1307000.009\SRTSP.SYS)
CB: SymD2D_SYMIM, total 1:
  A73B1150 (\SystemRoot\System32\Drivers\NIS\1307000.009\SYMTDI.SYS)
CB: SetSystemTime, total 0:
CB: SymD2D_symIDSCoD2DServer, total 3:
  A72D9FC0 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120426.001\IDSxpx86.sys)
  B9DA5750 (SYMEFA.SYS)
  A5FA5280 (\SystemRoot\System32\Drivers\NIS\1307000.009\SRTSP.SYS)
CB: SymD2D_strspD2DServer, total 6:
  A72D9C30 (\??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120426.001\IDSxpx86.sys)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  B9DA5750 (SYMEFA.SYS)
  A5FA5610 (\SystemRoot\System32\Drivers\NIS\1307000.009\SRTSP.SYS)

bugcheck callbacks - 3:
  B9CBE5EF (NDIS.sys)
  B9CBE5EF (NDIS.sys)
  806ECC14 (\WINDOWS\system32\hal.dll)

bugcheck reason callbacks - 7:
  A7376B60 (\SystemRoot\System32\Drivers\NIS\1307000.009\SYMTDI.SYS)
  B9C74AB8 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  B9C74A70 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  B9C74A28 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  B8E741BE (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  B8E7411E (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  B8E8B522 (\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS)

Process notifiers:
[0] A73529A0 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
[1] A70C9530 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys

Thread notifiers:
[0] A7352930 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Image notifiers:
[0] A73524E0 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
[1] A70C9460 \??\C:\Documents and Settings\All Users\Data aplikac\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys

FS Change notifiers: 3 (actual 3)
DriverObj 8ADD44E8 addr B9EFB4B8 fltMgr.sys
DriverObj 8AD24DC8 addr B9E8D876 sr.sys
DriverObj 8ADD44E8 addr B9EFB4B8 fltMgr.sys

LogonSessionTerminatedRoutines: 1
[0] A71CD375 \SystemRoot\system32\DRIVERS\mrxsmb.sys

Callouts (16):
 PspW32ProcessCallout: BF853D4C \SystemRoot\System32\win32k.sys
 PspW32ThreadCallout: BF819BB2 \SystemRoot\System32\win32k.sys
 ExGlobalAtomTableCallout: BF819889 \SystemRoot\System32\win32k.sys
 PopEventCallout: BF893D67 \SystemRoot\System32\win32k.sys
 PopStateCallout: BF933AC4 \SystemRoot\System32\win32k.sys
 PspW32JobCallout: BF873958 \SystemRoot\System32\win32k.sys
 KeGdiFlushUserBatch: BF80C331 \SystemRoot\System32\win32k.sys
 ExDesktopOpenProcedureCallout: BF8568E0 \SystemRoot\System32\win32k.sys
 ExDesktopOkToCloseProcedureCallout: BF858005 \SystemRoot\System32\win32k.sys
 ExDesktopCloseProcedureCallout: BF858049 \SystemRoot\System32\win32k.sys
 ExDesktopDeleteProcedureCallout: BF91B0F6 \SystemRoot\System32\win32k.sys
 ExWindowStationOkToCloseProcedureCallout: BF857D40 \SystemRoot\System32\win32k.sys
 ExWindowStationCloseProcedureCallout: BF857E74 \SystemRoot\System32\win32k.sys
 ExWindowStationDeleteProcedureCallout: BF91B18D \SystemRoot\System32\win32k.sys
 ExWindowStationParseProcedureCallout: BF856921 \SystemRoot\System32\win32k.sys
 ExWindowStationOpenProcedureCallout: BF858FB0 \SystemRoot\System32\win32k.sys

Pnp Notifiers: total 19, readed 19
 Pnp[0] CategoryHardwareProfileChange KSCATEGORY_AUDIO addr A6ED1FCC \SystemRoot\system32\drivers\sysaudio.sys
 Pnp[1] CategoryHardwareProfileChange DEVINTERFACE_HID addr 805C8F00 \WINDOWS\system32\ntkrnlpa.exe
 Pnp[2] CategoryHardwareProfileChange DEVICE_THERMAL_ZONE addr 805C8F00 \WINDOWS\system32\ntkrnlpa.exe
 Pnp[3] CategoryHardwareProfileChange DEVINTERFACE_HID addr BF882A1E \SystemRoot\System32\win32k.sys
 Pnp[4] CategoryHardwareProfileChange DEVICE_SYS_BUTTON addr 805C8F00 \WINDOWS\system32\ntkrnlpa.exe
 Pnp[5] CategoryHardwareProfileChange SYSAUDIO addr A6B9A44E \SystemRoot\system32\drivers\wdmaud.sys
 Pnp[6] CategoryHardwareProfileChange SYSAUDIO addr A6B9A44E \SystemRoot\system32\drivers\wdmaud.sys
 Pnp[7] CategoryHardwareProfileChange SYSAUDIO addr A6B9A44E \SystemRoot\system32\drivers\wdmaud.sys
 Pnp[8] CategoryHardwareProfileChange SYSAUDIO addr A6B9A44E \SystemRoot\system32\drivers\wdmaud.sys
 Pnp[9] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr BF882A1E \SystemRoot\System32\win32k.sys
 Pnp[10] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr BF883645 \SystemRoot\System32\win32k.sys
 Pnp[11] CategoryHardwareProfileChange PREFERRED_WAVEOUT_DEVICE addr BA18BAC0 \SystemRoot\system32\DRIVERS\redbook.sys
 Pnp[12] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr BA0C0C26 MountMgr.sys
 Pnp[13] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr BA0D0544 VolSnap.sys
 Pnp[14] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr BF882A1E \SystemRoot\System32\win32k.sys
 Pnp[15] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 805C8F00 \WINDOWS\system32\ntkrnlpa.exe
 Pnp[16] CategoryHardwareProfileChange DEVCLASS_BATTERY addr BA4BCB5A compbatt.sys
 Pnp[17] CategoryHardwareProfileChange VOLMGR_VOLUME_MANAGER addr BA33185E PartMgr.sys
 Pnp[18] CategoryHardwareProfileChange ACOUSTIC_ECHO_CANCEL addr A6ED1FCC \SystemRoot\system32\drivers\sysaudio.sys

PlugPlayHandlerTable: 23 items
 PlugPlayHandlerTable[0] 80644F4A \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[1] 80644EF0 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[2] 80644E46 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[3] 806463EC \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[4] 80644D8E \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[6] 80644FBA \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[7] 80645096 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[8] 80646442 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[9] 806450F2 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[10] 80646528 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[11] 806451FA \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[12] 806453A8 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[13] 80645480 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[14] 80645572 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[15] 806456A0 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[16] 806466E8 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[17] 80645732 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[18] 80645860 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[19] 806459B4 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[20] 80644DEA \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[21] 80645C56 \WINDOWS\system32\ntkrnlpa.exe
 PlugPlayHandlerTable[22] 80645CB4 \WINDOWS\system32\ntkrnlpa.exe

Driver Disk DrvObj 8AD5DA08:
 DriverUnload patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EF4B4
 AddDevice patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0F0E36
 Handler MJ_CREATE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EEBB0
 Handler MJ_CLOSE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EEBB0
 Handler MJ_READ patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0E8D1F
 Handler MJ_WRITE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0E8D1F
 Handler MJ_FLUSH_BUFFERS patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0E92E2
 Handler MJ_DEVICE_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0E93BB
 Handler MJ_INTERNAL_DEVICE_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0ECF28
 Handler MJ_SHUTDOWN patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0E92E2
 Handler MJ_POWER patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EAC82
 Handler MJ_SYSTEM_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EF99E
 Handler MJ_PNP patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr BA0EEC93

Driver usbehci DrvObj 8AD0E220:
 DriverUnload patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E73856
 AddDevice patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E7429E
 Handler MJ_CREATE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_CLOSE patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_INTERNAL_DEVICE_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_POWER patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_SYSTEM_CONTROL patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A
 Handler MJ_PNP patched by \SystemRoot\system32\DRIVERS\USBPORT.SYS, addr B8E6828A

Driver MRxSmb DrvObj 895403E8:
 FastIOHandler FastIoCheckIfPossible patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A723FFA1
 FastIOHandler FastIoRead patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A72400CD
 FastIOHandler FastIoWrite patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A7241522
 FastIOHandler FastIoDeviceControl patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A7228B4D
 FastIOHandler AcquireFileForNtCreateSection patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A7239321
 FastIOHandler ReleaseFileForNtCreateSection patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A7239383
 FastIOHandler AcquireForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A722A242
 FastIOHandler ReleaseForCcFlush patched by \SystemRoot\system32\DRIVERS\rdbss.sys, addr A722A242

Shadow SDT: BF99D000, limit 29B
win32k_sdt[307] (NtUserAttachThreadInput) hooked, addr 8952DEB8 UNKNOWN
win32k_sdt[383] (NtUserGetAsyncKeyState) hooked, addr 8ACBCEE0 UNKNOWN
win32k_sdt[414] (NtUserGetKeyboardState) hooked, addr 8AAE8600 UNKNOWN
win32k_sdt[416] (NtUserGetKeyState) hooked, addr 8AAC0078 UNKNOWN
win32k_sdt[428] (NtUserGetRawInputData) hooked, addr 8A928008 UNKNOWN
win32k_sdt[460] (NtUserMessageCall) hooked, addr 8AA981F8 UNKNOWN
win32k_sdt[475] (NtUserPostMessage) hooked, addr 8A442388 UNKNOWN
win32k_sdt[476] (NtUserPostThreadMessage) hooked, addr 8A8C1230 UNKNOWN
win32k_sdt[549] (NtUserSetWindowsHookEx) hooked, addr 8A4408C8 UNKNOWN
win32k_sdt[552] (NtUserSetWinEventHook) hooked, addr 8A8C6508 UNKNOWN
ks count: 0
RtlpStartThreadFunc: C:\WINDOWS\system32\kernel32.dll (7C812A20)
RtlpExitThreadFunc: C:\WINDOWS\system32\kernel32.dll (7C80C280)
LdrpManifestProberRoutine: C:\WINDOWS\system32\kernel32.dll (7C8112B0)
UnhandledExceptionFilter: C:\Documents and Settings\Nikola\Plocha\wincheck.exe (004A1644)
ConsoleCtrlHandler: C:\WINDOWS\system32\kernel32.dll (7C8763B1)
Check took 1578 msecs
