GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-07 13:08:44 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.SB4I Running: f6i46tty.exe; Driver: C:\Users\JAGODA~1\AppData\Local\Temp\ugkcrfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x8E360782] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x8E3606C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x8E360726] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E36DBAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E36D9D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E36DB0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_alloca_probe + 230 82C56128 4 Bytes [82, 07, 36, 8E] .text ntoskrnl.exe!_alloca_probe + 334 82C5622C 4 Bytes [C2, 06, 36, 8E] .text ntoskrnl.exe!_alloca_probe + 350 82C56248 4 Bytes [26, 07, 36, 8E] PAGE ntoskrnl.exe!ZwLoadDriver 82D55AEC 7 Bytes JMP 8E36DB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 82D7D06B 5 Bytes JMP 8E3695D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 82DD4481 5 Bytes JMP 8E36AFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!NtCreateSection 82E0397E 7 Bytes JMP 8E36D9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82E6C03F 7 Bytes JMP 8E36DBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1652] kernel32.dll!SetUnhandledExceptionFilter 773ED177 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Mozilla Firefox\firefox.exe[5424] ntdll.dll!LdrLoadDll 7759EB00 5 Bytes JMP 00AC13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002 IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000 IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743FFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743BCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743B8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743B7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743B7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743B6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743D7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743C2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743C21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743C7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [743FFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [743CB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [743BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [743BCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [743B8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [743CCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [743B7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [743B7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [743B6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7444C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [743D7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [743B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [743C2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [743C21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [743C7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [743C7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5368] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF7 0x49 0x7D 0x9F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\PROGRAMY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xC3 0x5E 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0xB2 0x7D 0xBE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x43 0xA7 0x00 0x26 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\PROGRAMY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xC3 0x5E 0xD1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0xB2 0x7D 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x43 0xA7 0x00 0x26 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\PROGRAMY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xC3 0x5E 0xD1 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0xB2 0x7D 0xBE ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x43 0xA7 0x00 0x26 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\PROGRAMY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xC3 0x5E 0xD1 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0xB2 0x7D 0xBE ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x43 0xA7 0x00 0x26 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\PROGRAMY\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xC3 0x5E 0xD1 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0xB2 0x7D 0xBE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x43 0xA7 0x00 0x26 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001bee6baefe 0x19 0x33 0x97 0xE8 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001ca4e1fb72 0x24 0x4B 0xA7 0x0B ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e7d1257a1 0x47 0xF2 0xD7 0x15 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001e45cdba7a 0xAD 0x75 0x9C 0x88 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@002567621978 0x33 0x39 0xD6 0x54 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@0025e51d15c3 0x75 0x26 0xA3 0x59 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@001f5dce87e3 0x1B 0x7B 0x23 0x34 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001dd9f81b29@3cf72a8a3c03 0x0B 0x22 0x1B 0xC7 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF7 0x49 0x7D 0x9F ... ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\bmgrmode.dat 29 bytes File C:\RRbackups\common\css.dat 12288 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\restore.log 110 bytes File C:\RRbackups\common\rr.log 167808 bytes File C:\RRbackups\common\rr_bcdenum.dat 4908 bytes File C:\RRbackups\common\SAM 262144 bytes File C:\RRbackups\common\seccache.dat 8192 bytes File C:\RRbackups\common\secpolicy.dat 24576 bytes File C:\RRbackups\common\settings.dat 32768 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\tvtcmn.dat 8192 bytes File C:\RRbackups\common\usersids.dat 11440 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\Administrator 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-500\a077ead69703e3bf1fd373a3c9376faa_24aba190-1139-49fa-a002-36d8a451a97d 77 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-500\3a53afc6-c82b-48b0-a433-9b08885896ad 388 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Default 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Default User 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Gość 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-501 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-501\987b2301-4404-4c37-a9ed-8beebdcaae51 388 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-501\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Gość\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\config.ini 61 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\cssversion.dat 1908 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 11256 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\swkeys.dat 6372 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Lenovo\Client Security Solution\symkeys.dat 1968 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\3cbd04a2e846e54f831870c234e29875_24aba190-1139-49fa-a002-36d8a451a97d 2484 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\49ac1cf87687c5a4c794042acbff288e_24aba190-1139-49fa-a002-36d8a451a97d 2081 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\533145ef011ddf5ca3983e2545a902b4_24aba190-1139-49fa-a002-36d8a451a97d 2081 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\6b29ae44e85efac3c72ff4d1865d73f1_24aba190-1139-49fa-a002-36d8a451a97d 53 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\83aa4cc77f591dfc2374580bbd95f6ba_24aba190-1139-49fa-a002-36d8a451a97d 45 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\8f71098770f72c7a67cd8f1151619865_24aba190-1139-49fa-a002-36d8a451a97d 54 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\8f96978fc46d9f00d8780351026924d7_24aba190-1139-49fa-a002-36d8a451a97d 59 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\926636f51ef48f0c98157baef7b758e0_24aba190-1139-49fa-a002-36d8a451a97d 1311 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\a077ead69703e3bf1fd373a3c9376faa_24aba190-1139-49fa-a002-36d8a451a97d 77 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\a64731a25811fa88f16bf243447fbb69_24aba190-1139-49fa-a002-36d8a451a97d 65 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4182308462-1003076708-3753380735-1003\dac56a91d0232dd42d2178b7ebc3b6e8_24aba190-1139-49fa-a002-36d8a451a97d 885 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\CREDHIST 432 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\27e7388c-7418-4e25-8218-aab71110e30d 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\30fef584-e6b5-4324-b5fe-0b4d5e6eb0ff 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\38a7f2f9-8d8c-45f2-b760-de38f238834c 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\4b4cd388-4dfd-4aa4-a1d8-ef8ca310e736 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\4fd2ed3b-b083-4e93-aaaf-a4d4fffbf559 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\87165ac4-eecc-4307-bc57-b7e2b2edde29 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\87395c6f-55b1-471c-8e6e-6011b543db80 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\8c57e1f8-a1c5-413b-97ca-570b7a0a30c9 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\a3e9d8e2-e2e6-410a-9119-49487df14009 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\e38e3a81-a40c-44f6-9a05-cfdf03c3e547 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\eff99e12-a570-4b94-88e1-7e9c0ae29652 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\fa995fc7-6b1e-4702-bc0b-fea3e6fca7ec 388 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\Protect\S-1-5-21-4182308462-1003076708-3753380735-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\81D22D8284D5B13AE010785724D8CF907D4C73C9 970 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\Keys 0 bytes File C:\RRbackups\Documents and Settings\Jagoda i Michał\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\65FA8526CD7326AE6E3851632EFC88F21F217CE1 152 bytes File C:\RRbackups\ProgramData 0 bytes File C:\RRbackups\ProgramData\Lenovo 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\encobject.dat 1608 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\swkeys.dat 6372 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\symkeys.dat 656 bytes File C:\RRbackups\ProgramData\Microsoft 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_24aba190-1139-49fa-a002-36d8a451a97d 907 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat 8 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec0d180d427673e2fc3a72cb659934ca_24aba190-1139-49fa-a002-36d8a451a97d 913 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_24aba190-1139-49fa-a002-36d8a451a97d 2055 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_24aba190-1139-49fa-a002-36d8a451a97d 47 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_24aba190-1139-49fa-a002-36d8a451a97d 54 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_24aba190-1139-49fa-a002-36d8a451a97d 899 bytes ---- EOF - GMER 1.0.15 ----