GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-10 14:23:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000024 ST1000LM014-1EJ164 rev.DEMA 931,51GB Running: 5eyi6x97.exe; Driver: C:\Users\MICHAD~1\AppData\Local\Temp\ugldypob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [388:804] 00007ffc5c2df950 Thread C:\WINDOWS\system32\svchost.exe [388:784] 00007ffc5c2ded20 Thread C:\WINDOWS\system32\svchost.exe [388:1000] 00007ffc5c0d8ae0 Thread C:\WINDOWS\system32\svchost.exe [1028:2144] 00007ffc55a150c0 Thread C:\WINDOWS\system32\svchost.exe [1028:3128] 00007ffc4ea439b0 Thread C:\WINDOWS\system32\svchost.exe [1028:3264] 00007ffc4e7b1a50 Thread C:\WINDOWS\system32\svchost.exe [1028:4816] 00007ffc4a841040 Thread C:\WINDOWS\system32\svchost.exe [1028:4820] 00007ffc4a8f48e0 Thread C:\WINDOWS\system32\svchost.exe [1028:4824] 00007ffc4a8f48e0 Thread C:\WINDOWS\system32\svchost.exe [1028:4832] 00007ffc4a821930 Thread C:\WINDOWS\system32\svchost.exe [1028:5984] 00007ffc55fa30f0 Thread C:\WINDOWS\system32\svchost.exe [1028:7740] 00007ffc56747ac0 Thread C:\WINDOWS\system32\svchost.exe [1028:7744] 00007ffc56747ac0 Thread C:\WINDOWS\system32\svchost.exe [1028:7908] 00007ffc56b36590 Thread C:\WINDOWS\system32\svchost.exe [1028:13916] 00007ffc22adf2b0 Thread C:\WINDOWS\system32\svchost.exe [1028:6472] 00007ffc22abfe40 Thread C:\WINDOWS\system32\svchost.exe [1028:4664] 00007ffc22abfe40 Thread C:\WINDOWS\system32\svchost.exe [1028:5780] 00007ffc22abfe40 Thread C:\WINDOWS\system32\svchost.exe [1028:404] 00007ffc22ac5ed0 Thread C:\WINDOWS\system32\svchost.exe [1028:6712] 00007ffc22abfe40 Thread C:\WINDOWS\system32\svchost.exe [1028:10876] 00007ffc22ac5ed0 Thread C:\WINDOWS\system32\svchost.exe [1028:8960] 00007ffc55f02cf0 Thread C:\WINDOWS\system32\svchost.exe [1028:18208] 00007ffc56b350a0 Thread C:\WINDOWS\System32\svchost.exe [1100:1700] 00007ffc56e14310 Thread C:\WINDOWS\System32\svchost.exe [1100:2068] 00007ffc54da3520 Thread C:\WINDOWS\System32\svchost.exe [1100:2772] 00007ffc51382af0 Thread C:\WINDOWS\System32\svchost.exe [1100:2788] 00007ffc51382a40 Thread C:\WINDOWS\System32\svchost.exe [1100:4472] 00007ffc5137fdf0 Thread C:\WINDOWS\System32\svchost.exe [1100:2656] 00007ffc514351d0 Thread C:\WINDOWS\System32\svchost.exe [1100:5460] 00007ffc514372d0 Thread C:\WINDOWS\System32\svchost.exe [1100:8056] 00007ffc51375c80 Thread C:\WINDOWS\system32\svchost.exe [1440:2348] 00007ffc5172c5a0 Thread C:\WINDOWS\system32\svchost.exe [1440:2480] 00007ffc5172eab0 Thread C:\WINDOWS\system32\svchost.exe [1440:2500] 00007ffc5172d2d0 Thread C:\WINDOWS\system32\svchost.exe [1440:2504] 00007ffc5172e100 Thread C:\WINDOWS\system32\svchost.exe [1440:2508] 00007ffc5167af40 Thread C:\WINDOWS\system32\svchost.exe [1440:2532] 00007ffc5167ca00 Thread C:\WINDOWS\system32\svchost.exe [1440:3520] 00007ffc4e151240 Thread C:\WINDOWS\system32\svchost.exe [1440:3524] 00007ffc4e18a3b0 Thread C:\WINDOWS\system32\svchost.exe [1440:3564] 00007ffc4df525e0 Thread C:\WINDOWS\system32\svchost.exe [1440:1948] 00007ffc4e393bc0 Thread C:\WINDOWS\system32\svchost.exe [1440:8576] 00007ffc4e392080 Thread C:\WINDOWS\System32\svchost.exe [1448:1924] 00007ffc5629a770 Thread C:\WINDOWS\System32\svchost.exe [1448:9516] 00007ffc1964ac90 Thread C:\WINDOWS\System32\svchost.exe [1448:3384] 00007ffc19643590 Thread C:\WINDOWS\System32\svchost.exe [1448:9616] 00007ffc196544e0 Thread C:\WINDOWS\System32\svchost.exe [1448:14368] 00007ffc4df81670 Thread C:\WINDOWS\system32\svchost.exe [1456:1956] 00007ffc56c803d0 Thread C:\WINDOWS\system32\svchost.exe [1456:1964] 00007ffc56c7fa20 Thread C:\WINDOWS\system32\svchost.exe [1456:1384] 00007ffc55e8a420 Thread C:\WINDOWS\system32\svchost.exe [1456:1360] 00007ffc55e883a0 Thread C:\WINDOWS\system32\svchost.exe [1456:1376] 00007ffc55e8b090 Thread C:\WINDOWS\system32\svchost.exe [1456:1352] 00007ffc55e8a9a0 Thread C:\WINDOWS\system32\svchost.exe [1456:1348] 00007ffc55e8a770 Thread C:\WINDOWS\system32\svchost.exe [1456:3420] 00007ffc4e2a99e0 Thread C:\WINDOWS\system32\svchost.exe [1456:3424] 00007ffc55f02cf0 Thread C:\WINDOWS\system32\svchost.exe [1456:7192] 00007ffc3ace2a20 Thread C:\WINDOWS\system32\svchost.exe [1456:10708] 00007ffc3ace2610 Thread C:\WINDOWS\system32\svchost.exe [1456:6956] 00007ffc5637fc10 Thread C:\WINDOWS\system32\svchost.exe [1456:15572] 00007ffc55e88b00 Thread C:\WINDOWS\system32\svchost.exe [1896:1972] 00007ffc561de830 Thread C:\WINDOWS\system32\svchost.exe [1896:1996] 00007ffc55f910a0 Thread C:\WINDOWS\system32\svchost.exe [1896:3400] 00007ffc55f02cf0 Thread C:\WINDOWS\system32\svchost.exe [1896:3480] 00007ffc4e455bd0 Thread C:\WINDOWS\system32\svchost.exe [1896:3488] 00007ffc4e459b20 Thread C:\WINDOWS\system32\svchost.exe [1896:3496] 00007ffc55f02cf0 Thread C:\WINDOWS\system32\svchost.exe [2024:2148] 00007ffc615ab310 Thread C:\WINDOWS\system32\svchost.exe [2024:3180] 00007ffc4e9a44b0 Thread C:\WINDOWS\system32\svchost.exe [2024:3464] 00007ffc5d2f6750 Thread C:\WINDOWS\System32\spoolsv.exe [1788:4316] 00007ffc4e975bc0 Thread C:\WINDOWS\System32\spoolsv.exe [1788:4320] 00007ffc4e8b2740 Thread C:\WINDOWS\System32\spoolsv.exe [1788:4328] 00007ffc4e8b2740 Thread C:\WINDOWS\System32\spoolsv.exe [1788:4548] 00007ffc520992d0 Thread C:\WINDOWS\system32\svchost.exe [2572:400] 00007ffc4f67c070 Thread C:\WINDOWS\system32\svchost.exe [2572:2712] 00007ffc4f67e6e0 Thread C:\WINDOWS\system32\svchost.exe [2572:3688] 000000000040b118 Thread C:\WINDOWS\system32\svchost.exe [2572:3692] 000000000040b118 Thread C:\WINDOWS\system32\svchost.exe [2572:3696] 000000000040b118 Thread C:\WINDOWS\system32\svchost.exe [2572:3836] 00007ffc5bf02830 Thread C:\WINDOWS\system32\svchost.exe [2572:7340] 00007ffc4e975bc0 Thread C:\WINDOWS\system32\svchost.exe [2572:5376] 00007ffc4e8b2740 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2664:8872] 00007ffc61365f10 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2664:15464] 00007ffc15df1070 Thread C:\Program Files\Windows Defender\MsMpEng.exe [2664:14472] 00007ffc15df1070 Thread C:\WINDOWS\system32\svchost.exe [2628:5044] 00007ffc534a59f0 Thread C:\WINDOWS\system32\svchost.exe [2628:6824] 00007ffc4e975bc0 Thread C:\WINDOWS\system32\svchost.exe [2628:12840] 00007ffc4e987d70 Thread C:\WINDOWS\system32\svchost.exe [2628:9920] 00007ffc534cb2b0 Thread C:\WINDOWS\system32\svchost.exe [2628:3192] 00007ffc534cb2b0 Thread C:\WINDOWS\system32\taskhostw.exe [4144:876] 00007ffc49951160 Thread C:\WINDOWS\system32\taskhostw.exe [4144:2236] 00007ffc491b1ba0 Thread C:\WINDOWS\system32\taskhostw.exe [4144:160] 00007ffc49951a20 Thread C:\WINDOWS\system32\taskhostw.exe [4144:4520] 00007ffc6164b600 Thread C:\WINDOWS\system32\taskhostw.exe [4144:1628] 00007ffc48d6a3b0 Thread C:\WINDOWS\system32\taskhostw.exe [4144:2584] 00007ffc5bf030f0 Thread C:\WINDOWS\system32\taskhostw.exe [4144:2580] 00007ffc47d77930 Thread C:\WINDOWS\system32\taskhostw.exe [4144:1920] 00007ffc47d77930 Thread C:\WINDOWS\system32\taskhostw.exe [4144:2568] 00007ffc47d77930 Thread C:\WINDOWS\system32\taskhostw.exe [4144:12428] 00007ffc5078dbe0 Thread C:\WINDOWS\system32\taskhostw.exe [4144:12432] 00007ffc5078dbe0 Thread C:\WINDOWS\Explorer.EXE [5132:10812] 00007ffc4ad84c50 Thread C:\WINDOWS\Explorer.EXE [5132:13196] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:3236] 00007ffc289936f0 Thread C:\WINDOWS\Explorer.EXE [5132:1568] 00007ffc3ecaffd0 Thread C:\WINDOWS\Explorer.EXE [5132:16352] 00007ffc3c35d840 Thread C:\WINDOWS\Explorer.EXE [5132:13404] 00007ffc3c270250 Thread C:\WINDOWS\Explorer.EXE [5132:13508] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:10144] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:16280] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:14224] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:16080] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:13028] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:7684] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:3156] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:12264] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:8656] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15460] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:14532] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:16364] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15228] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:16072] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:18148] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:14580] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:1260] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:6084] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:11064] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15316] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:12472] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:13176] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15632] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:2312] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:14216] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15876] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:15368] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:18216] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:2336] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:8924] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:3612] 00007ffc289a20e0 Thread C:\WINDOWS\Explorer.EXE [5132:1124] 00007ffc289a20e0 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:8932] 00000000619af0e3 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:8456] 00000000619af0e3 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:9236] 000000006486bfb4 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:9244] 000000006486bfb4 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:8460] 000000006486bfb4 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:9128] 000000006486bfb4 Thread C:\Users\Micha³ Dresler\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2740:8464] 000000006486bfb4 Thread C:\WINDOWS\system32\svchost.exe [8988:11940] 00007ffc5078dbe0 Thread C:\WINDOWS\system32\svchost.exe [8988:11944] 00007ffc5078dbe0 Thread C:\WINDOWS\system32\taskhostw.exe [8516:10356] 00007ffc51550610 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:1772] 00007ffc290adb00 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:4376] 00007ffc290adf30 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:8544] 00007ffc290ac380 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:376] 00007ffc3ccd8800 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:11208] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:968] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:12492] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:10684] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:6800] 00007ffc175d89a0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:8008] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [10608:9712] 00007ffc1735d240 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:7172] 00007ffc290adb00 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:16184] 00007ffc290adf30 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:15544] 00007ffc290ac380 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:15440] 00007ffc54a0a370 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:11304] 00007ffc54a09480 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:16212] 00007ffc175d89a0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [6868:5720] 00007ffc3ccd8800 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:4400] 00007ffc290adb00 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:2220] 00007ffc290adf30 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:10904] 00007ffc290ac380 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:11512] 00007ffc4042aea0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:12988] 00007ffc4061d0e0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:15224] 00007ffc4069b290 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:5708] 00007ffc4065a6a0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:9160] 00007ffc5a6348e0 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:2168] 00007ffc406a2d10 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:7208] 00007ffc4069b290 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:5660] 00007ffc4069b290 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:1084] 00007ffc4069b290 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:15760] 00007ffc4069b290 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [14508:15816] 00007ffc406a2d10 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:14884] 00007ffc290adb00 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:15092] 00007ffc290adf30 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:11904] 00007ffc290ac380 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:12332] 00007ffc54a0a370 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:6896] 00007ffc54a09480 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:12260] 00007ffc3ccd8800 Thread C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe [9720:10844] 00007ffc175d89a0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1451841140 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e35889ee6 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 40352 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x59 0x62 0xDC 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x59 0xCA 0xA0 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x59 0xFA 0x17 0x67 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@RwMask 0x64 0x62 0x03 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----