GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-01 15:07:08 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST500LT012-1DG142 rev.0002LVM1 465,76GB Running: gmer.exe; Driver: C:\Users\Bartosz\AppData\Local\Temp\uwdyipow.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [704:772] fffff55315b36c20 ---- Services - GMER 2.2 ---- Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_88cba <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_88cba <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_88cba <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_88cba <-- ROOTKIT !!! Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_88cba <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_88cba <-- ROOTKIT !!! Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_88cba <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x00 0xC9 0x9B 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x96 0xEF 0xC0 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xBA 0x8D 0xA0 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x3E 0xB1 0xC2 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO139E0_2D_07DE_5A^74252948C3E70E81DD831E38C11E7C03@Timestamp 0xBD 0xF9 0x7E 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 860 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -980656991 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 96799acb-d7e7-4f33-a93e-8be5c81 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{12be84a9-e7de-40ee-8e41-c4f2b957c7ab} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b46d83bb9d5f Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@DisplayName CDPUserSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba@Description @%SystemRoot%\system32\cdpusersvc.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{a437f8b8-ede2-4342-9643-82b70f103fad}@LastProbeTime 1477957548 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\b0-c2-87-71-ac-b0@AddressCreationTimestamp 0xEE 0x5B 0x28 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\b0-c2-87-71-ac-b0@NatDetectionTimestamp 0xEE 0x5B 0x28 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\b0-c2-87-71-ac-b0@TeredoAddress 2001:0:9d38:90d7:2ce9:2a00:a6bf:e93b Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@DisplayName Us?uga wiadomo?ci_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba@Description @%SystemRoot%\system32\MessagingService.dll,-101 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@DisplayName Synchronizuj hosta_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba@Description @%SystemRoot%\system32\APHostRes.dll,-10001 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@DisplayName Dane kontaktowe_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-15000 Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?pon.?, ?pa? ?31 ?16, 11:52:26????????????????????????y???????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 384 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 865 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 133 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{F3EF3903-5E80-4B88-AEA2-996714BF537D} v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|App=System|Name=@IpHlpSvc.dll,-502|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9A5F1426-EA6C-40C2-A248-0754A7B329CA} v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:*|Name=@IpHlpSvc.dll,-503|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-25000| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b625d6b1-d75f-48bc-b2bd-14c1e440b87f}@LeaseObtainedTime 1477953948 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b625d6b1-d75f-48bc-b2bd-14c1e440b87f}@T1 1477997148 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b625d6b1-d75f-48bc-b2bd-14c1e440b87f}@T2 1478029548 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b625d6b1-d75f-48bc-b2bd-14c1e440b87f}@LeaseTerminatesTime 1478040348 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}@Dhcpv6State 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}@Dhcpv6InformationObtainedTime 1477953951 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}@Dhcpv6InformationRefreshTime 86400 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6Iaid 162819459 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@DhcpV6NetworkHint 55053453439323338393 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6DNSServers 0x20 0x01 0x07 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6InterfaceOptions 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6MaxLeaseExpireTime 1477957548 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6ServerPreference 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IsUnicastEnabled 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6LeaseObtainedTime 1477953948 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6ServerDUID 0x00 0x03 0x00 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IanaIaids 0x83 0x6D 0xB4 0x09 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IataIaids Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6T1 0x84 0x03 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6T2 0x46 0x05 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IanaAddr 0x2A 0x02 0xA3 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IataAddr Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IanaLeases 0x08 0x07 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{B625D6B1-D75F-48BC-B2BD-14C1E440B87F}\55053453439323338393@Dhcpv6IataLeases Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@ImagePath C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@DisplayName Magazyn danych u?ytkownika_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@DisplayName Dost?p do danych u?ytkownika_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba@Description @%SystemRoot%\system32\UserDataAccessRes.dll,-14000 Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x92 0x9B 0x34 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x92 0x03 0xF9 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x92 0x33 0x70 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 12372 12378 12390 12400 12410 12430 12474 12484 12522 12528 12544 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 12550 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 12551 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 12372 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 12373 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@Type 224 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@ImagePath C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@DisplayName Us?uga u?ytkownika powiadomie? WNS_88cba Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba@Description @%SystemRoot%\system32\WpnUserService.dll,-2 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_88cba Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\63\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----