GMER 2.1.19163 - httpwww.gmer.net
Rootkit scan 2013-05-30 163322
Windows 6.1.7601 Service Pack 1 DeviceHarddisk0DR0 - Device00000061 ATA_____ rev.CC4B 931,51GB
Running v9zk7ohl.exe; Driver CUsersDamianoAppDataLocalTemppgpiikow.sys


---- System - GMER 2.1 ----

SSDT   966E8DB6                                                                                          ZwCreateSection
SSDT   966E8DC0                                                                                          ZwRequestWaitReplyPort
SSDT   966E8DBB                                                                                          ZwSetContextThread
SSDT   966E8DC5                                                                                          ZwSetSecurityObject
SSDT   966E8DCA                                                                                          ZwSystemDebugControl
SSDT   966E8D57                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwSaveKey + 13C1                                                                     82C4D339 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82C86D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                               82C8DEEC 4 Bytes  [B6, 8D, 6E, 96] {MOV DH, 0x8d; OUTS DX, BYTE [ESI]; XCHG ESI, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                               82C8E248 4 Bytes  JMP F156A2CF 
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                               82C8E28C 4 Bytes  [BB, 8D, 6E, 96]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                               82C8E308 4 Bytes  [C5, 8D, 6E, 96]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                               82C8E35C 4 Bytes  [CA, 8D, 6E, 96] {RETF 0x6e8d; XCHG ESI, EAX}
.text  ...                                                                                               

---- User code sections - GMER 2.1 ----

.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] ntdll.dll!LdrGetProcedureAddress + 26          77C222B3 7 Bytes  JMP 5CF89CF0 CProgram FilesMozilla Firefoxxul.dll
.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D  77B28996 7 Bytes  JMP 5D535408 CProgram FilesMozilla Firefoxxul.dll
.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] kernel32.dll!GetEnvironmentStringsA + 11       77B32FB1 7 Bytes  JMP 5D53542B CProgram FilesMozilla Firefoxxul.dll
.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] kernel32.dll!BaseThreadInitThunk + C9          77B33CFC 7 Bytes  JMP 5CF9369E CProgram FilesMozilla Firefoxxul.dll
.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] USER32.dll!GetWindowInfo                       77956A82 5 Bytes  JMP 5D45B719 CProgram FilesMozilla Firefoxxul.dll
.text  CProgram FilesMozilla Firefoxfirefox.exe[3668] GDI32.dll!GetViewportOrgEx + 26C               77D0884B 7 Bytes  JMP 5D535389 CProgram FilesMozilla Firefoxxul.dll

---- EOF - GMER 2.1 ----