GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-02 16:24:53 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925082 rev.3.CM 232,89GB Running: kdcv7qn6.exe; Driver: C:\Users\marek\AppData\Local\Temp\pwdoypog.sys ---- System - GMER 2.2 ---- INT 0x51 ? 86335BF8 INT 0x51 ? 87CCCF00 INT 0x51 ? 87CCCF00 INT 0x51 ? 86335BF8 INT 0x72 ? 87CCCF00 INT 0x82 ? 87CCCF00 INT 0x92 ? 87CCCF00 INT 0xA2 ? 87CCCF00 INT 0xA2 ? 87CCCF00 ---- Kernel code sections - GMER 2.2 ---- ? System32\Drivers\spov.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F60E340, 0x3E9407, 0xE8000020] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [751576CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [75195B61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7515B9D2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7514F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [751574A1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7514E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [751A8EE5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7515D910] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7514FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7514FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [751471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [751DCE35] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7517C5BC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7514D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [75146853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7514687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll IAT C:\Windows\Explorer.EXE[3112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [75152AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19672_none_9e57fb02ca111192\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 863361F8 AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\volmgr \Device\VolMgrControl 8556E1F8 Device \FileSystem\cdfs \Cdfs 85BF01F8 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86414014]<< 86414014 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87645ac8] 87645ac8 Trace 3 CLASSPNP.SYS[8b1cd8b3] -> nt!IofCallDriver -> [0x86418578] 86418578 Trace 5 acpi.sys[82e0b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8638e028] 8638e028 Trace \Driver\iaStor[0x863e7678] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86414014 86414014 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@0017e4cf6de7 0xD3 0xA3 0xE7 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@1c62b8d87cc1 0x6B 0x47 0x69 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@a04e04d7b2df 0xBA 0x88 0x75 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@0026ff00a9f1 0xA0 0x88 0x91 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@8c3ae3df8e2f 0x22 0xA1 0xC2 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234def4a90@502e5c7a81fd 0xE3 0xF1 0x64 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 18070 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDF 0xBF 0x9D 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x36 0x45 0x07 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x58 0x3A 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B03283F2-D92B-447F-99C4-73EF2DA30B97}@LeaseObtainedTime 1475365139 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B03283F2-D92B-447F-99C4-73EF2DA30B97}@T1 1475408339 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B03283F2-D92B-447F-99C4-73EF2DA30B97}@T2 1475440739 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B03283F2-D92B-447F-99C4-73EF2DA30B97}@LeaseTerminatesTime 1475451539 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@0017e4cf6de7 0xD3 0xA3 0xE7 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@1c62b8d87cc1 0x6B 0x47 0x69 0x1C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@a04e04d7b2df 0xBA 0x88 0x75 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@0026ff00a9f1 0xA0 0x88 0x91 0xEA ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@8c3ae3df8e2f 0x22 0xA1 0xC2 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00234def4a90@502e5c7a81fd 0xE3 0xF1 0x64 0x4A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDF 0xBF 0x9D 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x36 0x45 0x07 0xCE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x58 0x3A 0xEE ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9B592DB4091045C40BE8336ACE9A22FD\Usage@ThinkVantage_Access_Con 1229102540 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\bmgrmode.dat 29 bytes File C:\RRbackups\common\css.dat 8192 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\restore.log 110 bytes File C:\RRbackups\common\rr.log 359161 bytes File C:\RRbackups\common\rr_bcdenum.dat 4609 bytes File C:\RRbackups\common\SAM 262144 bytes File C:\RRbackups\common\seccache.dat 8192 bytes File C:\RRbackups\common\secpolicy.dat 28672 bytes File C:\RRbackups\common\settings.dat 32768 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\tvtcmn.dat 8192 bytes File C:\RRbackups\common\tvtns.bin 23 bytes File C:\RRbackups\common\usersids.dat 21840 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\Administrator 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-500\a077ead69703e3bf1fd373a3c9376faa_ad18dae1-ed09-4d09-be99-7f96ddc5d568 77 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-500\f209e1c6-e19a-4e81-806e-a0fb1fc39c7f 388 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\marek 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\83aa4cc77f591dfc2374580bbd95f6ba_ad18dae1-ed09-4d09-be99-7f96ddc5d568 45 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\22296ea5bcbaac0e7e6cac8ee21ae6d8_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1301 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\43e3a4a9826996aba5d7727553958fbf_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1285 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\5550e7cb640347345a345c63aa7a6848_ad18dae1-ed09-4d09-be99-7f96ddc5d568 59 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\62a45886e06c7d046ea8b819bec0598a_ad18dae1-ed09-4d09-be99-7f96ddc5d568 45 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\64823036320bd02b6b09186b90099f5d_ad18dae1-ed09-4d09-be99-7f96ddc5d568 46 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\6b29ae44e85efac3c72ff4d1865d73f1_ad18dae1-ed09-4d09-be99-7f96ddc5d568 53 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\89facafc0026437efa3c336e003f3316_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1311 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\8f71098770f72c7a67cd8f1151619865_ad18dae1-ed09-4d09-be99-7f96ddc5d568 54 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\90465be05b8939c84e21979d69c28c0b_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1294 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\a077ead69703e3bf1fd373a3c9376faa_ad18dae1-ed09-4d09-be99-7f96ddc5d568 77 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\a64731a25811fa88f16bf243447fbb69_ad18dae1-ed09-4d09-be99-7f96ddc5d568 65 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-300751917-3985659210-3560172915-1003\dd508fb67e3df5d722d6ce98ff404371_ad18dae1-ed09-4d09-be99-7f96ddc5d568 63 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\11f4c52e-8f9e-4c96-a938-b4897d9cca6a 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\15d2caad-9a5c-4794-89ce-6610631656b7 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\2925bd58-5a68-452c-b769-4fbd0a0f1dee 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\2b45af93-21cb-45d5-bcfb-5d08f87852ec 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\44ff3299-100d-4da3-b232-533418ad5e52 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\45e598ba-36e4-4c82-9654-4f6a85595a01 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\4bc9725b-ee04-4570-ba63-c2e59b52c16b 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\5b38782e-ae70-419c-8df5-6b82275d2f95 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\7575f1b0-58a4-4f9f-af63-96d06bbfd165 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\7af7b86a-46df-4601-aa13-5dc1af526cc6 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\8014ad1e-876c-4993-bac0-4555e1bb9cc5 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\89a51020-f432-45ce-8d68-a0475934c6d2 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\982516f1-5e90-4fba-b7b2-88d2f059b413 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\9b316cad-6698-476a-977e-9c9b1afd3a6f 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\a32f5dc3-5bad-4bfe-b51e-fae93391570f 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\a4cc1a2c-380d-49c9-8b81-693f3119bb46 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\aa05138d-445b-410c-872a-71eeda8eda23 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\b75efed0-5f47-4962-a13e-9f9bf64ac151 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\be8e66a5-5463-4a2a-a5ab-a91a396ac179 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\c093968c-0c68-441d-be53-743c6a0b4b73 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\c5032c90-3888-4c84-a1f2-46712f1e1c00 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\ccbc6ea8-cdfc-45fb-9531-0d62912ef565 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\da121dd6-1e30-4ab3-915c-c6c52521e9f3 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\dc1a2530-0c1a-465c-9f2b-ded409de93f3 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\e65c2c85-5c62-4783-af50-d99256448cd7 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\e7d86958-5282-4c6c-8de2-56a0b1488dec 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\efe5a180-27fa-4079-a366-e28dc345555d 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\f7cc761c-b7b4-4490-9fb7-3e892b578064 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\f9b9965f-2a53-4616-97e4-10ba9329ffe6 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\558777e6-e2d0-4b42-8020-0340931dfbee 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\9ef0d5ac-f89b-4750-94fd-50cd2ddcbc26 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\Protect\S-1-5-21-300751917-3985659210-3560172915-1003\c9b30038-a00f-4277-9687-48d27ba3bfb7 388 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\2F152460653AB478A5AF3DE2A2FADD941EBFD293 852 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\87705B8E2DEBBBC68C7359881FED73527C8F6F4D 1038 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\Keys 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\F2167802900C3689B22CA29A271BBA4C76B76266 152 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\Request 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\Request\CRLs 0 bytes File C:\RRbackups\Documents and Settings\marek\AppData\Roaming\Microsoft\SystemCertificates\Request\CTLs 0 bytes File C:\RRbackups\ProgramData 0 bytes File C:\RRbackups\ProgramData\Lenovo 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\ProgramData\Microsoft 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\025534d3b58679fb8e58cab0d2477dfa_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1757 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a4ad61fa149c392e4743d21f2b24756_ad18dae1-ed09-4d09-be99-7f96ddc5d568 2087 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89facafc0026437efa3c336e003f3316_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1319 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d2450622ab7fcd10abb073fb349a251_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1319 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_ad18dae1-ed09-4d09-be99-7f96ddc5d568 907 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d013304477f3689e5815d4051f89c4af_ad18dae1-ed09-4d09-be99-7f96ddc5d568 1313 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec0d180d427673e2fc3a72cb659934ca_ad18dae1-ed09-4d09-be99-7f96ddc5d568 913 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_ad18dae1-ed09-4d09-be99-7f96ddc5d568 56 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_ad18dae1-ed09-4d09-be99-7f96ddc5d568 45 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_ad18dae1-ed09-4d09-be99-7f96ddc5d568 53 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_ad18dae1-ed09-4d09-be99-7f96ddc5d568 47 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_ad18dae1-ed09-4d09-be99-7f96ddc5d568 45 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_ad18dae1-ed09-4d09-be99-7f96ddc5d568 54 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_ad18dae1-ed09-4d09-be99-7f96ddc5d568 56 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_ad18dae1-ed09-4d09-be99-7f96ddc5d568 899 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\dd508fb67e3df5d722d6ce98ff404371_ad18dae1-ed09-4d09-be99-7f96ddc5d568 63 bytes File C:\RRbackups\Q 0 bytes File C:\RRbackups\S 0 bytes File C:\RRbackups\SIS 0 bytes File C:\RRbackups\SIS\C 0 bytes File C:\RRbackups\SIS\Q 0 bytes File C:\RRbackups\SIS\S 0 bytes ---- EOF - GMER 2.2 ----