Offset(P) #Ptr #Hnd Access Name ------------------ ------ ------ ------ ---- 0x0000000000186280 16 0 R--rw- \Device\HarddiskVolume3? 0x00000000001863d0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\wctB2B6.tmp 0x00000000002205a0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\rss-feed\widget.json 0x00000000002a08a0 2 0 R--rw- \Device\HarddiskVolume3????????dmin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_player.ooyala.com_0.localstorage-journal 0x000000000037da20 12 0 R--r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\videovimeo\widget.json 0x000000000037dc70 16 0 R--rwd \Device\HarddiskVolume3????dows\System32\dot3api.dll 0x000000000039cf20 8 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 0x0000000000493070 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\CONTAB32.DLL 0x0000000000493460 16 0 R--r-- \Device\HarddiskVolume3\Program Files (x86)\PowerISO\Lang\croatian.lng 0x00000000009a8070 16 0 R--r-d \Device\HarddiskVolume3???????? 0x00000000010ccf20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Data.dll 0x0000000001341070 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0143.JPG 0x0000000001791070 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\2a25fd6c5732f9387b9bb5d8079793c3x000.dat 0x0000000001791f20 15 0 R--r-- \Device\HarddiskVolume3????dows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll 0x00000000017ca070 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\plantc.ttf 0x0000000001811510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000001811f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Tower and Tate in London\IMG_3490.JPG 0x00000000019f1f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x0000000001b8ac70 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\c7f8cc693d8b4ddbdf9c6afef02373a9x000.dat 0x0000000001d49440 2 1 ------ \Device\NamedPipe????svc 0x0000000001d499d0 16 0 -W-rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\catalogue\sdds.local.xml.tmp 0x0000000001f5f620 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000020ec6e0 14 0 R--rwd \Device\HarddiskVolume3??????< 0x0000000002420070 16 0 R--r-- \Device\HarddiskVolume3???? 0x000000000259f070 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Tower and Tate in London\DSCN1028.JPG 0x000000000276e070 16 0 -W---- \Device\HarddiskVolume3????????dmin\AppData\Local\Microsoft\Office\15.0\WebServiceCache\AllUsers\office15client.microsoft.com\config15--lcid=1031&syslcid=1031&uilcid=1031&build=15.0.4727&crev=30 0x000000000276e3e0 2 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\XK14HWIN\mwr-memory-triage-cheatsheet.html 0x0000000002803e20 20 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll 0x0000000002f77390 16 0 R--rwd \Device\HarddiskVolume3 0x0000000002f7b480 16 0 R--rwd \Device\HarddiskVolume3???????? Files (x86)\GFI\LANguard 9.0\traceroute.exe 0x0000000002f7b5d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Kswdmcap.ax 0x0000000002f7c250 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD 0x0000000002f7c870 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000002f7d240 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-ExtraLight.otf 0x0000000002f7da60 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fdProxy.dll 0x0000000002f7de20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4c04815d89563ec495371f1c58ae85e2x000.dat 0x0000000002f7edd0 16 0 RWD--- \Device\HarddiskVolume3????????? 0x0000000002f84490 16 0 R--r-d \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\ifram-my.ide 0x0000000002f9f070 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000002fa0300 16 0 R--r-d \Device\HarddiskVolume3????????\SysWOW64\urlmon.dll 0x0000000002fa0b90 1 1 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x0000000002fa1f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x0000000002fa25c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000002fa27b0 11 0 R--rwd \Device\HarddiskVolume3???????? Files (x86)\Common Files\Sophos\Web Intelligence\swi_filter_64.dll 0x0000000002fada10 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000002faf070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f9657842b2cac4f6e22537cad7661c6dx000.dat 0x0000000002fb0070 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\animierter text\fallender text.html 0x0000000002fb1270 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000002fb3340 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000002fbadc0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\fc11988e4d2ce83c5d31ecfd74a54644x000.dat 0x00000000030971b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000000030c7ae0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000000030c7f20 16 0 R--r-- \Device\HarddiskVolume3????????\servicing\Packages\Package_for_KB2898785_RTM~31bf3856ad364e35~amd64~~10.2.1.0.mum 0x00000000030f8e60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\52ecd8367c5abeba39b0803c5463373ax000.xml 0x000000000318d3c0 18 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$MapAttributeValue 0x000000000318df20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000000031937b0 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\Wilfred.US.jpg 0x000000000319d9d0 16 0 RWD--- \Device\HarddiskVolume3????gram Files (x86)\Sophos\Sophos Anti-Virus\vawtr-bw.ide 0x000000000319e1f0 12 0 R--r-- \Device\HarddiskVolume3\Windows\Installer\45a0722.msp 0x00000000031a84f0 4 0 -W---- \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCService.exe 0x00000000031a9360 16 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll.aux 0x00000000031c6ea0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000031dcf20 16 0 R--rwd \Device\HarddiskVolume3????dows\SysWOW64\shfolder.dll 0x00000000032fa9d0 16 0 RWD--- \Device\HarddiskVolume3???????? Files (x86)\Sophos\Sophos Anti-Virus\dride-ev.ide 0x0000000004325070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\1a573e28c73c2ec470c2452c2144afafx000.dat 0x0000000006b231e0 16 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist 0x0000000006b234c0 10 0 R--rwd \Device\HarddiskVolume3 0x0000000006b2b390 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b2c9d0 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\smallf.fon 0x0000000006b2e4c0 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\browau.ttf 0x0000000006b339a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b33b10 14 0 R--r-- \Device\HarddiskVolume3????????\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll 0x0000000006b33f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x0000000006b34070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b34f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\f8ea0806ee5a90d2aa9516eb686ebe07x000.dat 0x0000000006b3ff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b789a0 16 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\catalogue\sdds.data0910.xml.tmp 0x0000000006b7a980 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5GDQ6VF\index[2].htm 0x0000000006b80070 14 0 R--r-- \Device\HarddiskVolume3????????\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll 0x0000000006b81610 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b82070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006b82e50 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.MetricsPowerShell\Solution.MetricsPowerShellBL.dll 0x0000000006b83740 15 0 R--r-d \Device\HarddiskVolume3????????????? 0x0000000006b844d0 26 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.xml.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.xml.resources.dll 0x0000000006b847b0 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0216.JPG 0x0000000006b84990 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x0000000006b84f20 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\USP10.DLL 0x0000000006bac9d0 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\The.League.jpg 0x0000000006bae8c0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\55a90a9e9bd832d9308d051971f4168ex000.dat 0x0000000006bb2510 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x0000000006bb2f20 16 0 R--rwd \Device\HarddiskVolume3????????? 0x0000000006bb7f20 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\cc34bd31ad37832312cfa8cf70064aa4x000.xml 0x0000000006bc8070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000006bc8560 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem79.PNF 0x0000000006bc8a00 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\timesbd.ttf 0x0000000006bddf20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Bewerbungen.library-ms 0x0000000006be1360 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x0000000006be4560 1 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\USER_ESRV_SVC.evtx 0x0000000006bfa4d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x0000000006bfabb0 2 1 ------ \Device\NamedPipe\0667df40-ecf7-496e-bb66-647fd0308497 0x0000000008d764c0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlansvc.dll 0x0000000008d76790 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000008d778e0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportAPI.dll 0x0000000008d77d00 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\64a3cc0f9e2a13771bfcf5b3ad50e0f6x000.dat 0x0000000008d78070 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\spalten-artikel\widget.png 0x0000000008d78a40 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\trkwks.dll 0x0000000008d798f0 16 0 R--r-- \Device\HarddiskVolume3dmin\OneDrive\Office\scanstation\cygwi 0x0000000008d99500 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000008db1050 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000008dfaa90 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SYSTEM.LOG2 0x0000000008dfabc0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SOFTWARE.LOG1 0x0000000008dfd2d0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\odbc32.dll 0x0000000008ef0dd0 15 0 R--r-d \Device\HarddiskVolume3???????Data\Sophos\AutoUpdate\Cache\decoded\savxp\vdl12.vdb 0x0000000008f528e0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index 0x0000000008f52f20 14 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_de_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll 0x00000000090c9070 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0055.JPG 0x0000000009449b40 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\4e347254b04850d292518c2422371ddex000.dat 0x00000000096ba820 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\formular\widget.json 0x00000000098186d0 11 0 R--rwd \Device\HarddiskVolume3????????? 0x0000000009818ad0 2 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn\0.6.1_0\icons\pop\list.png 0x0000000009900e60 12 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\woodcut.ttf 0x00000000099af240 2 1 ------ \Device\NamedPipe\chrome.6908.439.194423610 0x00000000099af390 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set 0x00000000099af970 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ieframe.dll 0x0000000009a1c3b0 16 0 R--rwd \Device\HarddiskVolume3????dows\System32\eappcfg.dll 0x0000000009a1cf20 16 0 RWD--- \Device\HarddiskVolume3???????? Files (x86)\Sophos\Sophos Anti-Virus\xvdl50.vdb 0x0000000009a2df20 13 0 R--rwd \Device\HarddiskVolume3????????\System32\wship6.dll 0x0000000009a3fa60 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk 0x0000000009a3ff20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\cover.Transformers.Age.of.Extinction.2014.FRENCH.SUBFORCED.BRRip.x264.AC3-SP3CTR3.jpg 0x0000000009c33070 16 0 R--rwd \Device\HarddiskVolume3????????\REGISTRY\MACHINE.dll 0x0000000009c33280 16 0 -W-r-- \Device\HarddiskVolume3\Users\Admin\Downloads\volatility_2.4.win.standalone\volatility_2.4.win.standalone\LEGAL.txt 0x0000000009cd9070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000009f2d070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wwanmm.dll 0x0000000009f2df20 16 0 R--r-d \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\inje-boq.ide 0x000000000a0a2070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000a5101c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000a66c320 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000a672750 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000a672a10 16 0 R--rwd \Device\HarddiskVolume3????????\Fonts\SCRIPTBL.TTF 0x000000000a8003d0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\UIAutomationCore.dll.mui 0x000000000a87cf20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Tower and Tate in London\DSCN0968.JPG 0x000000000a91e7f0 16 0 R--r-d \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\xvdl41.vdb 0x000000000aa03f20 12 0 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Brow 0x000000000ab48370 16 0 R--r-d \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\xvdl59.vdb 0x000000000aca85a0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\af2667b109c1ed1cb067c35c343bee1fx000.dat 0x000000000b2b8f20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\2d64cb79123b9741c69ba59e89e536f1x000.dat 0x000000000b3f9e20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000000b42fa30 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\duser.dll 0x000000000b4453f0 16 0 R--rw- \Device\HarddiskVolume3 0x000000000b5b7930 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcibi.ttf 0x000000000b7001f0 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraBars.v14.2.dll 0x000000000b793f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Tower and Tate in London\IMG_3517.JPG 0x000000000b9aaf20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x000000000b9e3ea0 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Tower and Tate in London\DSCN0966.JPG 0x000000000ba25f20 12 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\segoeuiz.ttf 0x000000000ba9b3a0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2b328122486e1c159e6ed732764ed8bfx000.xml 0x000000000bdc1d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x000000000bfa7f20 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\Links\Google Drive NEW.lnk 0x000000000c641f20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000c98b380 16 0 RWD--- \Device\HarddiskVolume3???????? Files (x86)\Sophos\Sophos Anti-Virus\golrot-d.ide 0x000000000cbb8dd0 26 0 R--r-d \Device\HarddiskVolume3???? 0x000000000cd6b650 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\b70e29ae1dce047c79f5801a6e6d14e4x000.xml 0x000000000d1ef2d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x000000000d1ef7e0 8 0 R--rwd \Device\HarddiskVolume3??????< 0x000000000d4a7850 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0049.JPG 0x000000000d9722e0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\zptabs\standard.html 0x000000000da26070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000000de1b070 10 0 R--rwd \Device\HarddiskVolume3????????\System32\dnsapi.dll 0x000000000e692d10 15 0 R--rwd \Device\HarddiskVolume3????????????? 0x000000000e744c80 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\untermenue\widget.json 0x000000000eb9ef20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\SDU\c01d631cd9d67491edac777ab12a10f8x000.xml 0x000000000ecbff20 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\GOUDOS.TTF 0x000000000ed47070 15 0 R--r-d \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\Cache\decoded\savxp\vdl57.vdb 0x000000000efd8070 12 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Comfortaa-Light.ttf 0x000000000f04cd90 27 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WindowsCodecsExt.dll 0x000000000f107b40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146 0x000000000f5a4070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.PowerShell\Solution.PowerShellBL.dll 0x000000000f5a4360 16 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\content\content.mdb 0x000000000f5a4590 16 0 R--rwd \Device\HarddiskVolume3??????< 0x000000000f63d520 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x000000000f7a3f20 16 0 R--r-d \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\xvdl06.vdb 0x000000000f7eff20 14 0 R--rwd \Device\HarddiskVolume3????? 0x000000000f988e60 16 0 RWD--- \Device\HarddiskVolume3???????? Files (x86)\Sophos\Sophos Anti-Virus\xvdl53.vdb 0x000000000fb60e20 15 0 RW-r-- \Device\HarddiskVolume3????????dmin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\469e4a7982cea4d4.automaticDestinations-ms 0x000000000fc5e9a0 15 0 R--r-- \Device\HarddiskVolume3????????\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll 0x000000001008f980 2 1 ------ \Device\Afd\Endpoint 0x0000000010152dd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll 0x000000001031af20 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\google ?bersetzer\standard.html 0x00000000103fef20 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibri.ttf 0x000000001051f6e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x00000000105e1ca0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.linkedin.com_0.localstorage 0x00000000106e7f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0094.JPG 0x00000000108ca070 1 1 ------ \Device\Afd????????t 0x000000001092f880 14 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\500ACD6C4D3960154EA5ADD97E3AC35A98C4EE8D 0x0000000010c25f20 15 0 R--r-d \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\Cache\decoded\savxp\vdl65.vdb 0x0000000010e75f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000112abf20 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7818312415777740678 0x000000001164cf20 3 1 ------ \Device\NamedPipe????? 0x0000000011bec7e0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\037a68501a2c27aa96a0e7daa4c0a34ex000.xml 0x00000000121cf630 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001256af20 2 0 RWD--- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll 0x00000000126cb280 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Missing.jpg 0x000000001270e3a0 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\utsaahi.ttf 0x00000000128bbd40 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\fb04381c0341dc70dbb9654b42e0c383x000.dat 0x0000000012cdcf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000012cf9250 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\822b9ccbddb353baa03957bb7c2a6bb3x000.dat 0x000000001300bdc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\39ee6f05c265daae41e0fe6d1930a868x000.dat 0x0000000013101170 15 0 R--rwd \Device\HarddiskVolume3????????????????????h 0x000000001324fb80 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Pictures\2015 04 Bude\Jella\IMG_0029.JPG 0x00000000136d8d80 16 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Layouts\Landscape\templates\partials\item-hauptmenu.html 0x00000000136e0a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000136f3270 14 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Waverly_.ttf 0x000000001378bf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000013807c80 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\bilderalbum\widget.json 0x000000001393c450 1 1 ------ \Device\NamedPipe\61954446-d999-4847-8a08-7bd477d6a696 0x0000000013d243f0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.ServiceCore.dll 0x00000000140672e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_web.whatsapp.com_0.localstorage-journal 0x000000001414f220 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x0000000014633f20 11 0 R--rwd \Device\HarddiskVolume3???????? 0x00000000146af070 13 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\kokilai.ttf 0x000000001485c070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000148bdf20 16 0 R--rwd \Device\HarddiskVolume3????????\Fonts\LCALLIG.TTF 0x0000000014912170 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLFLTR.DLL 0x0000000014e3a070 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_B297124AF03174E2C779EAE5E5E08A79 0x000000001534b070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\ec4784723c80708d00bfca18cf963dd7x000.dat 0x000000001560ef20 13 0 R--rwd \Device\HarddiskVolume3????????? 0x00000000156c0a00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000156c0c50 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem72.PNF 0x00000000158c15e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000015b18880 11 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\HGRHG5.TTC 0x0000000016807a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001684f350 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\FRADM.TTF 0x000000001684ff20 11 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\tahomabd.ttf 0x0000000016bf6f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\ac087175d4231c00e7f61382e9abc438x000.dat 0x0000000016f02f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000017307a10 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\73c2f2d1c45d3438b992188bcbec0bf3x000.dat 0x00000000174659d0 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLMIME.DLL 0x000000001776b6d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\9c77f131a9aaa375a1bf63554f0920d7x000.dat 0x00000000177947e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RASMM.dll 0x0000000017d73920 2 0 R--rw- \Device\HarddiskVolume3?????h??Data\Sophos\AutoUpdate\data\warehouse\afd832c20208e0b14da8f33fed58ee90x000.dat 0x0000000017d8a840 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000017d8f070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\088c671eb56381fd2d821bb57604c3adx000.dat 0x0000000017d8f1d0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\74d2c7f5bc645d34ba0ec496b8bb1070x000.dat 0x0000000017e00070 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\LetterGothicStd.otf 0x00000000180e2f20 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Borea___.ttf 0x0000000018259660 25 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist64.dll 0x00000000182679e0 15 0 R--r-- \Device\HarddiskVolume3? 0x00000000189cf850 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4f098888f5fd910f0ffe46f84ab2db4ex000.dat 0x0000000018a95e60 7 0 R--r-- \Device\HarddiskVolume3\Windows\System32\DriverStore\infpub.dat 0x0000000018cc4070 11 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\msyhbd.ttf 0x0000000018ccf2e0 16 0 R--rw- \Device\HarddiskVolume3\Windows\Media\Landscape\Windows User Account Control.wav 0x0000000018f3ae40 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\BOD_R.TTF 0x0000000018f4b710 16 0 R--rwd \Device\HarddiskVolume3???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 0x0000000018f91f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Light.otf 0x000000001923ddc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\39ee6f05c265daae41e0fe6d1930a868x000.dat 0x000000001924d070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem5.PNF 0x0000000019472c80 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000019574070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000196d5220 16 0 -W-rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRYBF8N8\collectKJL817DR.gif 0x00000000197d47b0 16 0 R--rwd \Device\HarddiskVolume3????????? 0x00000000197d4d50 2 1 ------ \Device\NamedPipe\mojo.6908.2092.2196948282843135279 0x0000000019bbff20 2 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn\0.6.1_0\libs\slickgrid\slick.grid.css 0x0000000019cf7550 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x0000000019d585d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x0000000019d58d20 25 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerPublishing.dll 0x0000000019d58f20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wscapi.dll 0x0000000019e91b60 6 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ProcessBridge\ProcessBridgeBL.dll 0x0000000019e91dd0 2 1 ------ \Device\NamedPipe\chrome.6908.439.194423610 0x000000001a2313b0 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\HPSimplified_It.ttf 0x000000001a2776f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\709a48eb7d65ad82ff508915936f5b89x000.dat 0x000000001a37ef20 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn\0.6.1_0\icons\file.png 0x000000001a4e6c80 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\ab464b289aa342db499b9a5d2245ee6fx000.dat 0x000000001a729070 1 1 ------ \Device\NamedPipe\C:\Users\Admin\AppData\Local\Google\Drive\GoogleDriveIpcPipe 0x000000001a86b070 16 0 R--r-- \Device\HarddiskVolume3????????\System32\api-ms-win-downlevel-user32-l1-1-0.dll 0x000000001a86bf20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\ITCEDSCR.TTF 0x000000001acdf520 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem141.PNF 0x000000001acdf670 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x000000001acdf8a0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem47.PNF 0x000000001acdf9f0 4 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x000000001adb8bc0 3 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistAPI.dll 0x000000001ae05dc0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\bc13a18faccbce6f1c9a714c53c88b93x000.dat 0x000000001aef29d0 19 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer12Skin.dll 0x000000001b157070 8 0 R--r-d \Device\HarddiskVolume3????????\System32\sechost.dll 0x000000001b157f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem53.PNF 0x000000001b182150 12 0 R--r-d \Device\HarddiskVolume3???? 0x000000001b579f20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_E5E9A553F201CBEA57F3FB2CD29DEC62 0x000000001b634a10 11 0 R--rwd \Device\HarddiskVolume3min\OneDrive\Office\scanstation\scanstation\perl\site\ 0x000000001b7de7c0 1 1 RW-r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\q 0x000000001b85a6c0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\35aaa6bbe1b6b6ee0407fa659a073c48x000.dat 0x000000001b8a78b0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\Office\scanstation\cygwin\usr\share\zoneinfo\posix\America\Argentina 0x000000001ba54070 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Regular.ttf 0x000000001bf0d420 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001bf38f20 2 1 ------ \Device\Afd\Endpoint 0x000000001c26c890 16 0 R--rwd \Device\HarddiskVolume3???? Color Space Profile.ic 0x000000001c848280 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\GIL_____.TTF 0x000000001c8b2dd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x000000001c947d10 16 0 R--r-d \Device\HarddiskVolume3????????\SysWOW64\pdh.dll 0x000000001ce2f470 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\887FDFEF9DC62EF73EB288690D5944B1_69D8D47AB1AD575C0CF624C7D137AD1B 0x000000001cfe9070 33 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000972.log 0x000000001d2bedb0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\3bcaeb7654c8f398faad5d4dc2dd2725x000.dat 0x000000001d31e070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001d324a30 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000001d482270 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF5B0C376E501D9612.TMP 0x000000001d887b10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\9404635dae255b040b80dafc6a75defdx000.dat 0x000000001dbcf310 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\a22caaa5879f53acabe86277abf2adb8x000.dat 0x000000001dd34070 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\vbajet32.dll 0x000000001dec9070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\0d9e2d053771bc8978b99eb4bd0a15efx000.dat 0x000000001dee9f20 2 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn\0.6.1_0\libs\slickgrid\slick.grid.css 0x000000001e096070 5 0 R--rwd \Device\HarddiskVolume3????dows\System32\cryptsp.dll 0x000000001e1a3500 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\standard\standard.html 0x000000001e20b5e0 9 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_filter.dll 0x000000001e20b730 2 1 ------ \Device\Afd\Endpoint 0x000000001e4edce0 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set 0x000000001e74d640 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001e91c070 10 0 R--r-d \Device\HarddiskVolume3???????? Files (x86)\Sophos\Sophos Anti-Virus\ThreatManagement.dll 0x000000001f180f20 13 0 R--r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widg 0x000000001f1b7070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000001f2b2f20 8 0 R--r-- \Device\HarddiskVolume3\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE 0x000000001f5769d0 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.109.179158716 0x000000001f69fcf0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000001f88cf20 16 0 R--r-d \Device\HarddiskVolume3????age\volume\_??_usbstor#disk&ven_toshiba&prod_transmemory-mx&rev_pmap#ffffffffffffee30600040cb&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}f 0x000000001f98c420 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\d4fd89714cc3c5f30c57f161501b3ed5x000.xml 0x000000001fab9f20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcli.ttf 0x000000001fb06070 4 0 R--r-d \Device\HarddiskVolume3????????\System32\DWrite.dll 0x000000002002b280 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\ab9eaff0172c42766892edf0e17ad59dx000.dat 0x000000002042b260 16 0 R--rwd \Device\HarddiskVolume3????dows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_AD2905D734307F784BBEC99C49201928 0x0000000020441550 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x0000000020478170 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLFLTR.DLL 0x00000000207df8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000209fc4c0 15 0 R--rwd \Device\HarddiskVolume3? 0x0000000020d69bc0 15 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\FRADMCN.TTF 0x0000000020d69f20 15 0 R--rwd \Device\HarddiskVolume3????????\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1 0x0000000020e98860 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\8c1fc479f5cb8f89ddc372ed45c10fdex000.xml 0x0000000020eb0f20 11 0 R--rwd \Device\HarddiskVolume3????????? 0x0000000020f38600 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x000000002116c070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\web-artikeluebersicht\standard.html 0x000000002116c370 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 0x00000000211b0170 15 0 R--rwd \Device\HarddiskVolume3????????????????????h 0x000000002125c4e0 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryAPI.dll 0x000000002154c070 28 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraGrid.v14.2.dll 0x00000000215f3dd0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\9f9fc38ca16990c3319c6ea1ae4b4eb1x000.dat 0x00000000216155b0 1 1 -W-rwd \Device\HarddiskVolume3\pgData93\pg_log\postgresql-2015-07-08_000000.csv 0x00000000218beea0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002198e070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\07e667b8807eb9507f21f12c375d212ax000.dat 0x0000000021a60f20 15 0 R--rwd \Device\HarddiskVolume3????????\System32\vdsutil.dll 0x0000000021b10cc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x0000000021cff220 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\b1075fa07e91c8e41e2169460bcc6106x000.dat 0x0000000021cff4d0 15 0 R--r-- \Device\HarddiskVolume3?? 0x00000000221f54e0 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryAPI.dll 0x00000000225255f0 13 0 R--rwd \Device\HarddiskVolume3????dows\System32\gpapi.dll 0x00000000225258b0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Layouts\Landscape\variants\variants.json 0x00000000225a5cc0 15 0 R--rwd \Device\HarddiskVolume3????????????? 0x0000000022bb2070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem38.PNF 0x0000000022bb2520 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000022dcd460 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000022fe8f20 8 0 R--rwd \Device\HarddiskVolume3???????? Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll 0x000000002356bd50 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000023746070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\fe62676b8b07e0279a347fde86edbf56x000.dat 0x0000000023865f20 11 0 R--rwd \Device\HarddiskVolume3??????ws 0x000000002387cbb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000023a51070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x0000000023b7fc70 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x0000000023c9f070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4cd20c190c55ab4d461f6f87cbdb6c73x000.xml 0x0000000023cf9c60 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000023debb70 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x0000000023e332a0 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Acme____.ttf 0x0000000023fea5d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x0000000023fead20 25 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerPublishing.dll 0x0000000023feaf20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wscapi.dll 0x00000000240cb3e0 14 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8 0x00000000244a8170 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\radarrs.dll 0x000000002463ef20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002480bf20 10 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\7baa4a43446f330666644c544096646ex000.dat 0x0000000024909190 13 0 R--rwd \Device\HarddiskVolume3????kel-nebeneinander.html.dll 0x0000000024909dd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll 0x0000000024941e60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\5edc3d62a00d392ce1e0295aa70547ccx000.dat 0x0000000024a9a4f0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.4158977825606325072 0x0000000024dd55a0 15 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Mft 0x0000000024e0c880 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000024e3b5a0 5 0 R--rwd \Device\HarddiskVolume3????rs\ 0x0000000024e3b880 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000024f61f20 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001060.ldb 0x0000000024fbe840 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000025186c50 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem120.PNF 0x0000000025347f20 2 1 ------ \Device\NamedPipe\mojo.6908.2092.11742668360370183132 0x0000000025379b80 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Pictures\2015 04 Bude\Jella\IMG_0029.JPG 0x00000000253b6f20 14 0 R--rwd \Device\HarddiskVolume3sRGB Color Space Profile.ic 0x00000000253e1630 4 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\RosewoodStd-Regular.otf 0x0000000025702ae0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000258a3dd0 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_90B3B324E3BA4570766294418E22080D 0x0000000025a814b0 16 0 R--r-- \Device\HarddiskVolume3????????? 0x0000000025b3f500 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3b81c07b0dfc4ec4a7ab4a843d51f9dcx000.xml 0x0000000025b3fbd0 4 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\seguisb.ttf 0x0000000025b4e360 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 0x0000000025ef46e0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\0cff8150e1cf2135e22b2b07aaa252e3x000.dat 0x000000002600b070 1 1 ------ \Device\Afd\Endpoint 0x0000000026152510 13 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\kokila.ttf 0x00000000266ebf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000026c9c070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\b1759d5afd477bcb01c36b1a9ba9f3a7x000.xml 0x0000000026c9c6d0 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 0x0000000026c9ca10 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4724d90c9fef00ed155ccef3ba3ede70x000.dat 0x0000000026d25e20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000026dddf20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\02d3d5c5d948606d3e0568fbd580e8b3x000.dat 0x0000000027130a10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002734bf20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem158.PNF 0x00000000277693a0 13 0 R--rwd \Device\HarddiskVolume3????????\System32\fdWNet.dll 0x0000000027791f20 13 0 R--rwd \Device\HarddiskVolume3????dows\System32\services.exe 0x00000000277f87e0 1 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x0000000027802d20 15 0 R--r-d \Device\HarddiskVolume3????????\SysWOW64\ntmarta.dll 0x0000000027e9af20 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\JosefinSlab-SemiBold.ttf 0x0000000027ed85e0 14 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log 0x0000000027ed8730 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\e194a1588400625b0ede079586ffb9acx000.xml 0x0000000027ed8880 14 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\Russrite.ttf 0x0000000027f7c3d0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000000281f5300 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x0000000028273d20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000028303810 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage-journal 0x0000000028c7bf20 13 0 R--rw- \Device\HarddiskVolume3????????\Fonts\HTOWERTI.TTF 0x0000000028ca7390 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\9ded17a20446b33b9986670af5afcdb1x000.dat 0x00000000294c71a0 16 0 R--r-d \Device\HarddiskVolume3???? 0x0000000029622d10 12 0 R--rw- \Device\HarddiskVolume3????????\Fonts\GARABD.TTF 0x000000002965fca0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000029a0a600 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\ACaslonPro-Italic.otf 0x0000000029a524d0 15 0 R--rwd \Device\HarddiskVolume3????????????? 0x0000000029a9eb60 6 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ProcessBridge\ProcessBridgeBL.dll 0x0000000029a9edd0 2 1 ------ \Device\NamedPipe\chrome.6908.439.194423610 0x000000002a099580 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x000000002a5ee070 32 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000002a5ee200 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\corbelb.ttf 0x000000002a8d0b70 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem106.PNF 0x000000002aa63ad0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\48eaa5d571bb351c31d8717d799b6d14x000.dat 0x000000002ab06070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\06b983560b170cafe1fd77e8b1d48b22x000.xml 0x000000002b044070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\088c671eb56381fd2d821bb57604c3adx000.dat 0x000000002b0441d0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\74d2c7f5bc645d34ba0ec496b8bb1070x000.dat 0x000000002b1a85e0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4e2492021ff8d373955be0def9a6657ax000.xml 0x000000002b1e0230 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\6823d0ebc8d03ebdcf48f20ac41a4802x000.dat 0x000000002b1f23b0 16 0 R--r-- \Device\HarddiskVolume3\Program Files (x86)\PowerISO\Lang\Russian.lng 0x000000002b1f29e0 2 1 ------ \Device\NamedPipe\f8876be6-912f-4c2e-bdff-9f5b84a354a6 0x000000002b770d10 18 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$MftMirr 0x000000002b7a8070 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001063.ldb 0x000000002b9a5f20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x000000002bcb7dc0 5 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\HttpUpdate\HttpUpdateBL.dll 0x000000002bddaf20 16 0 R--rwd \Device\HarddiskVolume3???????? 0x000000002c302dd0 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x000000002c3fd240 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\e5c3580a28eb61613d6b440e7e1c2e44x000.dat 0x000000002c429720 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002c554f20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x000000002c703880 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\7f86fa65df48881a8185f73f84689c3fx000.xml 0x000000002c7d02d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll 0x000000002c810a50 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem52.PNF 0x000000002c810f20 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\Those.Who.Kill.US.jpg 0x000000002d008070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000002d008230 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\0eb682e3c75f5cf8ffb3eaca783efa31x000.xml 0x000000002d397370 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\6FBF6404996781DD948971ADDDC456B873B81527 0x000000002d489f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002d55e5b0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_de.slideshare.net_0.localstorage-journal 0x000000002d5ff070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000002d633f20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002d777070 16 0 R--r-d \Device\HarddiskVolume3?t??dows\SysWOW64\winnsi.dll 0x000000002d782f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaLongPaths.dll 0x000000002d908070 15 0 R--rwd \Device\HarddiskVolume3??/ 0x000000002de55930 13 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Gazzarelli.ttf 0x000000002e19b310 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Regular.otf 0x000000002e19b950 1 1 ------ \Device\Afd\Endpoint 0x000000002e411e20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002e640f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Killing.jpg 0x000000002e86b360 6 0 R--r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\ 0x000000002e992540 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002eb29f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002f1022b0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\b18ddeafb51d4bcadd474b909b98200ax000.dat 0x000000002f255490 1 1 -W-rwd \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x000000002f255d40 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\expsrv.dll 0x000000002f255f20 14 0 R--rwd \Device\HarddiskVolume3????? 0x000000002f289f20 15 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF48EB7F5955EA9F651376F7F40DA1AD_4AD96472AF2E72CC9C741BD59F4AA39B 0x000000002f3fb650 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\rssimport\widget.json 0x000000002f468f20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.linkedin.com_0.localstorage-journal 0x000000002fbf91d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000002fc55070 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x000000002fe45990 24 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\setup_chrispc_free_videotube_downloader_7_55.exe 0x000000002fe45f20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\33d8f513814c7c603081a48bd4840af1x000.dat 0x0000000030055070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x0000000030055c60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x0000000030164f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\54c1edae9df790450a73f5cf42cbeeecx000.dat 0x0000000030180dc0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\b11c600e65c955f0609f57bc485afce6x000.dat 0x0000000030189070 16 0 R--rw- \Device\HarddiskVolume3???????Data\Sophos\AutoUpdate\data\warehouse\7357ab71c53d25b7f7b25242ab69c6abx000.xml 0x00000000304e1a60 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\produktalbum\widget.json 0x0000000030779f20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\162a397ce59df85e320259b48dcac55ax000.xml 0x0000000030829dc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\0cc6b00f49d2118f71d00ac5aaf8fc60x000.dat 0x0000000030cf99b0 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Village.jpg 0x0000000030cf9bc0 2 0 RW-rwd \Device\HarddiskVolume3\$SetEndOfFileInfo 0x0000000030cf9f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\cd2a5386-f08c-42b1-8d98-40240059e361\f21094318d25d8d571cce1418a5ec9c0x000.xml 0x0000000030de1f20 14 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\ChaparralPro-Regular.otf 0x0000000030f9f580 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\fb61ba95d30048cb20c3ca22490757c9x000.dat 0x000000003116c830 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\ACaslonPro-Semibold.otf 0x0000000031244070 16 0 R--rwd \Device\HarddiskVolume3????????\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21 0x00000000312c6070 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\kartikab.ttf 0x000000003138cf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000314f9070 14 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\76ABAD06B739E40C58AD9A6DA4C8A3A97A10CDBE 0x0000000031516800 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\formular\form.css 0x0000000031516950 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.Types.dll 0x0000000031516bc0 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\The.Mysteries.Of.Laura.jpg 0x0000000031697320 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000000317a4920 2 0 R--rw- \Device\HarddiskVolume3?????h??Data\Sophos\AutoUpdate\data\warehouse\afd832c20208e0b14da8f33fed58ee90x000.dat 0x000000003187b380 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareBL.dll 0x00000000318e5f20 1 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 0x0000000031ad8dc0 5 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\HttpUpdate\HttpUpdateBL.dll 0x0000000031c098f0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x0000000031c9e6e0 2 0 R--r-d \Device\HarddiskVolume3?????????? 0x0000000031cfd220 11 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\ANNOT_M.VSS 0x0000000031e86970 6 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-Heavy.otf 0x0000000032424070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x000000003244a780 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000032564a10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\17f3ef954fc89b3aa352ca5b9d649fa6x000.dat 0x0000000032567070 16 0 R--r-- \Device\HarddiskVolume3???????? Files (x86)\PowerISO\Lang\Arabic.lng 0x0000000032567f20 3 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\MSOSYNC.EXE 0x00000000325ecf20 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.100.jpg 0x000000003281a7f0 15 0 R--rwd \Device\HarddiskVolume3????????dmin\OneDrive\Office\scanstation\scanstation\perl\site\lib\auto\Test\Log\Dispatchv.json 0x00000000332a5070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Favorites 0x0000000033379d50 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000000334eeb50 14 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82414F9D7AB8999991FFEB2BC378A4EB_376643DBA507E2F631E33255C6BD3D64 0x0000000033602f20 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\kbhook.dll 0x000000003361fa10 15 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\25B805271E0F9D56BFC89357C46DA01FB9207415 0x000000003376da10 13 0 R--rw- \Device\HarddiskVolume3????????\Fonts\DejaVuSansMono-Bold.ttf 0x00000000337e68d0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003381e070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\e1e10aa4a78a5763a9fb9bda9de853b5x000.xml 0x0000000033886f20 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001065.ldb 0x0000000033a06070 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000973.ldb 0x0000000033abdf20 13 0 R--r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widg 0x0000000033afb070 2 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x0000000033b3e700 15 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\076f1e8db8f36f51f247c42b068c4097\System.Transactions.ni.dll 0x0000000033b45c50 16 0 R--r-d \Device\HarddiskVolume3????????? 0x0000000033c41160 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wpdshext.dll 0x0000000033d53860 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000033d53f20 1 1 ------ \Device\NamedPipe 0x0000000033dfb2c0 11 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\constan.ttf 0x00000000341354c0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.4158977825606325072 0x0000000034135610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000034184f20 16 0 R--rwd \Device\HarddiskVolume3???????? 0x00000000344bd8f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\531c219a933b978b4e34b1c09cb6aa9fx000.xml 0x00000000345cef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x0000000034957530 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.Data.v14.2.dll 0x0000000034957680 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.direct.aviva.co.uk_0.localstorage 0x0000000034bb38f0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\c360bd183432b02db804f116e9c14933x000.dat 0x0000000034f83910 16 0 R--rwd \Device\HarddiskVolume3????????????? 0x000000003502ff20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem65.PNF 0x00000000352f3f20 2 1 ------ \Device\NamedPipe\5d58abae-b88a-426b-a67e-99c0435d4136 0x00000000353be070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4143dd415b3136330f50c6203e45d55bx000.dat 0x00000000353be980 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryGE0407.lex 0x0000000035402440 9 0 R--rwd \Device\HarddiskVolume3????????? 0x000000003554af20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\db3e3b9cbfddbb3d6ebd2df533bc42e3x000.xml 0x00000000357ca350 1 1 RW---- \Device\HarddiskVolume2\Boot\BCD 0x00000000357dd070 14 0 R--rwd \Device\HarddiskVolume3????????\Fonts\webdings.ttf 0x000000003589d750 13 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\angsauz.ttf 0x0000000035a73e20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\26653679066297df76cab7864e2760fax000.xml 0x0000000035a75f20 15 0 R--rwd \Device\HarddiskVolume3???? 0x0000000036196070 8 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\42eeade25d6bb48babce9b6653a093ad\System.Data.DataSetExtensions.ni.dll 0x00000000361ba2f0 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76 0x0000000036472640 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000036472b10 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Last.Ship.jpg 0x0000000036472c60 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2ea8d6a5ea8e4abcd5bdab6a9abba1dax000.dat 0x0000000036677f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000000367d2350 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x0000000036ac1070 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\d92e2cec74ec9a3b1db4b6620af0fa68x000.xml 0x0000000036f1ce20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\5080119aea9770f23570260306ff8f9fx000.dat 0x0000000037136cd0 14 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4 0x0000000037209070 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msvcp60.dll 0x00000000374155c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000000375fff20 1 1 ------ \Device\Afd\Endpoint 0x000000003760b770 3 0 R--rw- \Device\HarddiskVolume3????rs\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C3 0x00000000377a3e20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 0x00000000378459b0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcfb.ttf 0x0000000037bddf20 22 0 R--r-d \Device\HarddiskVolume3dmin\OneDrive\Office\scanstation\cygwin\usr\sh 0x0000000037dc9540 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000037e84f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Tunnel.jpg 0x0000000037f35300 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\disqus-kommentare\disqus-kommentar 0x0000000037fd3290 15 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\d6fdcae36640054642606bde9e143c83x000.xml 0x0000000038318810 14 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0CCA7F4B3366C6FAA13012C139D5D8C6_E77DC11542CE3F962DAC0865DA59B5C8 0x0000000038592070 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\qmgrprxy.dll 0x0000000038592a10 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000386aa3b0 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\HPSimplified_It.ttf 0x000000003883a550 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Windows Mail\de-DE\msoeres.dll.mui 0x000000003883a800 16 0 R--rwd \Device\HarddiskVolume3???dows\System32\es.dll 0x00000000389cb070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\fe62676b8b07e0279a347fde86edbf56x000.dat 0x0000000038cce1d0 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\Candara.ttf 0x0000000038d12c70 16 0 R--rw- \Device\HarddiskVolume3 0x0000000038d87220 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\5725d0c36024ff074256c7a149a0f9bdx000.dat 0x000000003983d770 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\BERNHC.TTF 0x0000000039952070 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_ADC728A885BCE2A7A73B1D92DF32143F 0x0000000039bebdd0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\Office\scanstation\cygwin\usr\share\locale\de\LC_MESS 0x0000000039cb5070 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000039f81800 16 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\WWINTL.DLL 0x000000003a100270 2 1 ------ \Device\Afd\Endpoint 0x000000003a100f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 0x000000003a2838f0 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\COMPS_M.VSS 0x000000003a3215b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e 0x000000003a5f5f20 9 0 R--rwd \Device\HarddiskVolume3ven_kingston&prod_datatraveler_3.0&rev_pmap#7&37a415ba&0&60a44c3fac2dbe81d98a01b8&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.dll 0x000000003a735070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\7b92cb9e13de26923db2a0afc9c26ffdx000.dat 0x000000003a7c79d0 12 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arabtype.ttf 0x000000003aa4d070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003aa706f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\709a48eb7d65ad82ff508915936f5b89x000.dat 0x000000003abe98b0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\adaa19579e9b0b6901cc86fa95d2690cx000.xml 0x000000003abf3070 2 1 ------ \Device\Afd\Endpoint 0x000000003ae1b070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\21310d0c8d9d73ccc119d59e8d8f1e3dx000.dat 0x000000003b05c070 12 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Tangerine_Bold.ttf 0x000000003b164f20 11 0 R--rwd \Device\HarddiskVolume3??????ws 0x000000003b17bbb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000003b189260 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\be0817a99860adbb8d98b1ff6236d317x000.dat 0x000000003b235950 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\7bd5175d\00ef6b63_70cece01\SophosOutlookAddIn.resources.DLL 0x000000003b235b60 15 0 R--rwd \Device\HarddiskVolume3???????? 0x000000003b29c6d0 6 0 R--r-- \Device\HarddiskVolume3????????\Fonts\calibriz.ttf 0x000000003b29cf20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem98.PNF 0x000000003b437f20 2 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S6R1AO1L.txt 0x000000003b917d60 15 0 R--r-- \Device\HarddiskVolume3????????\System32\nvvsvc.exe 0x000000003bb5a070 1 1 ------ \Device\Afd\Endpoint 0x000000003bb5aa10 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\weblog\standard.html 0x000000003bb79e60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\c6d752011048d1319048ab88e61fcacbx000.dat 0x000000003bf0fa10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003c194f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat 0x000000003c1b0070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rdpcorets.dll 0x000000003c1bb9d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\b21040c352d3baa9137b7f1d43e90a26x000.dat 0x000000003c21daa0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sony Corporation\VAIO Care\Scripts\Battery_IsOverDischargeProtection4.ps1 0x000000003c21df20 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\The.Newsroom.2012.jpg 0x000000003c22c070 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\LetterGothicStd.otf 0x000000003c270070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\27c1055420efb3377aa941a09778feeax000.dat 0x000000003c684070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x000000003c7d6630 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Desktop 0x000000003c7d6e60 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Heavy.otf 0x000000003c9f4f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2f8eb50ebbc5ef51c914d4f9c53c79fex000.xml 0x000000003cdbb3a0 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareBL.dll 0x000000003cdbb860 2 1 ------ \Device\Afd\Endpoint 0x000000003ce3fde0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\e26625a4a22e5badf495b8fb613f27adx000.dat 0x000000003d035630 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003d145070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000003d145560 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003d5ffc00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003d63aa10 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\courf.fon 0x000000003d755f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\1bdb0764b71c32190e6e586b0f4be641x000.xml 0x000000003da79550 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\2f39d4c9ca2ed84b1d1524d166e0e12ax000.dat 0x000000003db72f20 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn\0.6.1_0\icons\file.png 0x000000003e122a00 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL 0x000000003e184dd0 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x000000003e213bc0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003e213d10 8 0 R--rwd \Device\HarddiskVolume3????dows\System32\riched20.dll 0x000000003e246cf0 16 0 R--r-- \Device\HarddiskVolume3????gram Files (x86)\PowerISO\Lang\Serbian(cyrl).lng 0x000000003e376d80 16 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Layouts\Landscape\templates\partials\item-hauptmenu.html 0x000000003e4311c0 10 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll 0x000000003e6571d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x000000003e7ecdd0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\054219328d63f18d165682df1cc8237cx000.dat 0x000000003ea99410 1 1 ------ \Device\Afd\Endpoint 0x000000003ea996f0 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Novem___.ttf 0x000000003ea99840 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\02A6E134F6A89DA799C55486D5477C4308B14D02 0x000000003ea99a10 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.Utils.v14.2.dll 0x000000003eaef240 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\e5c3580a28eb61613d6b440e7e1c2e44x000.dat 0x000000003eeb4f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem125.PNF 0x000000003f122a00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x000000003f363360 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003f39fe60 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StencilStd.otf 0x000000003f491270 14 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Waverly_.ttf 0x000000003f593d10 16 0 R--rwd \Device\HarddiskVolume3 0x000000003f879070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem67.PNF 0x000000003f8ef070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x000000003f8efdd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003f8eff20 16 0 R----- \Device\HarddiskVolume3????????????? 0x000000003fc36720 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000003fc48070 14 0 R--rw- \Device\HarddiskVolume3????????\Fonts\GenBkBasB.ttf 0x000000003ff5f8c0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.10295734220425020493 0x000000003ff901c0 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\ROCCB___.TTF 0x000000003ff90f20 16 0 R--r-d \Device\HarddiskVolume3????????? 0x0000000040261f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004036a700 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\tmp\NB2J10OH\VAIOCareToolkit.dll 0x000000004043c750 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000040486070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\cdbe9690cf2b8409facad94fac9479c9x000.dat 0x00000000406928e0 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml 0x00000000406eff20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000000408a9070 16 0 R--rw- \Device\HarddiskVolume3???????? 0x00000000410cf070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.57.17496626 0x00000000413b32a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000000413b3a10 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem71.PNF 0x0000000041404f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004154df20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x000000004169dc10 7 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 0x0000000041702950 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\11e255b4a72a00cf7d893715a7f3f5d9x000.xml 0x0000000041702f20 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\5b2327c5161b3783a664172607fdb065x000.dat 0x000000004178a610 16 0 R--r-- \Device\HarddiskVolume3???????? Files (x86)\PowerISO\Lang\Portuguese(Brazil).lng 0x000000004178a780 14 0 R--r-d \Device\HarddiskVolume3????rs\Admin\Downloads\volatility\vol.exeity-2.4.standalone.exe_2.4.win.standalone\volatility-2.4.standalone.exe 0x00000000419ddf20 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\ntlanman.dll 0x0000000041df8a10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\51f52deb0a802b2a5bff7c7d05eb89ecx000.dat 0x0000000041e46070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x0000000041ec4f20 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\e32c804cafe36fb20a469801715a164ex000.dat 0x00000000423846c0 15 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\MISTRAL.TTF 0x000000004250f070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem70.PNF 0x0000000042c05e40 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.ServiceCore.dll 0x0000000042c18070 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\simfang.ttf 0x0000000042eaaf20 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000430a4c80 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\bilderalbum\widget.json 0x00000000438eb310 11 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 0x0000000043932dd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000043cd9070 16 0 R--r-d \Device\HarddiskVolume3????? 0x0000000043d96cd0 15 0 R--r-- \Device\HarddiskVolume3????????dmin\OneDrive\ID10T's Security-012-013\preview\media\images\linkedin.jpg 0x0000000043defc70 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x00000000442871d0 16 0 R--r-- \Device\HarddiskVolume3???????? Files (x86)\PowerISO\Lang\Korean.lng 0x00000000442c82d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll 0x0000000044576880 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\7f86fa65df48881a8185f73f84689c3fx000.xml 0x0000000044731560 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\148515949068f63afce8f906e9fed21cx000.dat 0x0000000044731f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem157.PNF 0x0000000044acaf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000044c53d10 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\ueberschrift\widget.json 0x0000000044d63d20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Message\MessageBL.dll 0x0000000045061c80 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\ab464b289aa342db499b9a5d2245ee6fx000.dat 0x000000004512db90 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\9fa1d5e3c760ffc78be1d59edce12387x000.dat 0x0000000045489dd0 6 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V28a60cc2#\c0ba8b6afb09e754c0d425edf66af429\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll 0x00000000454cd400 14 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\OLDENGL.TTF 0x0000000045c38310 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Light.otf 0x0000000045fa5a70 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\6563489f6f236f16e2a22bb1d08f6724x000.xml 0x0000000046288310 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x0000000046293f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\60b4e287fcf0492f86dd62a1389980b0x000.dat 0x00000000464e03e0 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Mindy.Project.jpg 0x0000000046609a50 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem52.PNF 0x0000000046609f20 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\Those.Who.Kill.US.jpg 0x00000000467b8720 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000467c1f20 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\cidsync.dll 0x00000000467efdd0 15 0 R--rwd \Device\HarddiskVolume3???????dmin\OneDrive\Office\scanstation\scanstation\perl\lib\auto\Digestt.png 0x000000004681cc60 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000469bd970 13 0 R--rwd \Device\HarddiskVolume3????????\Fonts\cordiai.ttf 0x0000000046a66070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000046a66d10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\d6c950f79056a3df1e4fc0d9b753aa7dx000.xml 0x0000000046b9b7b0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\7ac694cb6a80a4ba051807e4e8533fdex000.dat 0x0000000046c03070 14 0 R----- \Device\HarddiskVolume3????dows\Prefetch\CHROME.EXE-5349D2D7.pf 0x0000000046d7af20 14 0 R--rwd \Device\HarddiskVolume3????????\Fonts\AGaramondPro-Regular.otf 0x0000000046e8a070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4cd20c190c55ab4d461f6f87cbdb6c73x000.xml 0x0000000046f4ba10 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\web-artikeluebersicht\widget.png 0x0000000047116f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000471ca720 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x0000000047398070 1 1 ------ \Device\Afd\Endpoint 0x0000000047520200 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\dda5110cc133815400575f6bee221bd2x000.dat 0x00000000475512c0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Greenshot 0x00000000477e9440 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05EC48341C277FE5110E7DFAA91377DC_F4D89EB1FD4E80AFB0D09F169F9D4E2D 0x00000000479dad40 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001061.ldb 0x0000000047a24070 2 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x000000004847d170 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.SuperSlimScriptingEngine.dll 0x000000004853d390 16 0 R--rw- \Device\HarddiskVolume3???????Data\Sophos\AutoUpdate\data\warehouse\25dcc3b4c318f25c9451b0213193e26dx000.dat 0x00000000486a35b0 16 0 RW---- \Device\HarddiskVolume3????????dmin\AppData\Local\Microsoft\Windows\WebCache\V010010 0x0000000048925280 2 0 R--rw- \Device\HarddiskVolume3???????? ? 0x0000000048bec720 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x0000000048c54f20 16 0 R--r-d \Device\HarddiskVolume3????dows\System32\sendmail.dll 0x0000000048cd8300 16 0 R--r-d \Device\HarddiskVolume3?4??dows\assembly\NativeImages_v4.0.30319_32\System.Transactions\076f1e8db8f36f51f247c42b068c4097\System.Transactions.ni.dll.aux 0x0000000048d622c0 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\UpdateCheckAPI.dll 0x0000000048eb2a00 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL 0x000000004904a070 11 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\APLZOD.resources\de.lproj\APLZODLocalized.dll 0x000000004904a8d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\c462e0d54a22395a028293e1734f9d97x000.dat 0x00000000490f5070 15 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\Bruss___.ttf 0x0000000049307880 21 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL 0x0000000049528bb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000049675770 9 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SelfHeal\SelfHealAPI.dll 0x000000004997cb70 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x00000000499e8230 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\dfshim.dll 0x00000000499e8440 11 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\ado\msado28.tlb 0x0000000049a1ed50 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\weather\widget.png 0x0000000049a1ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x0000000049a9a350 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\ARIALN.TTF 0x0000000049b97070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000049c32360 16 0 R--rw- \Device\HarddiskVolume3?h??????Data\Sophos\AutoUpdate\data\warehouse\5cb43624d38a7a406a538f2c29bb7efex000.dat 0x0000000049c8a7c0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000049f0bf20 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcel.ttf 0x000000004a232f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\454ff75d852a31949f8798e4e1a03aa7x000.dat 0x000000004a2c96c0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive 0x000000004a42e070 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\827E39B16EE05F26980F1B7781F93978DF28A031 0x000000004a5f4950 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\timesbd.ttf 0x000000004a6df470 1 1 RW---- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat.LOG1 0x000000004a7bd670 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.InferenceEngine\Solution.InferenceEngineBL.dll 0x000000004a7d9f20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\OneDrive\ID10T's Security-012-013\vaio-admin @ vaio.cloudlock 0x000000004a7eda70 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Leftovers.jpg 0x000000004a7edbc0 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\The.Bible.jpg 0x000000004abc1dc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\ac720ec35be5da6c43a64c0c9b6f7e8fx000.dat 0x000000004abf3070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\f599f3a11e00a6c8c66f07049cbca7bfx000.xml 0x000000004abf3c60 1 1 ------ \Device\Afd\Endpoint 0x000000004ad0e070 2 1 ------ \Device\NamedPipe\mojo.6908.2092.8195221047334222728 0x000000004afac810 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\CASTELAR.TTF 0x000000004b17d070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x000000004b17df20 15 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x000000004b1f3570 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\0cc083c6ef97d2705864dbfe21ad1500x000.dat 0x000000004b24ef20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcli.ttf 0x000000004b2b1280 16 0 R--rw- \Device\HarddiskVolume3? 0x000000004b2b13d0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\wctB2B6.tmp 0x000000004b873070 2 1 ------ \Device\Afd\Endpoint 0x000000004ba0d070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\06e6d0c92a80434793d02d9364ebfc2ex000.dat 0x000000004bbe9f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\ActionCenter.dll.mui 0x000000004bc6bf20 16 0 -W-r-- \Device\HarddiskVolume3????? 0x000000004bca2f20 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Borea___.ttf 0x000000004bfb0590 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistAPI.dll 0x000000004bfb06e0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk 0x000000004c1be2a0 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Acme____.ttf 0x000000004c24b6c0 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log 0x000000004c4f43d0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\warenkorb-anzeige\widget.png 0x000000004c59a7d0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\701d2b783a7d2420e6a7936446b2280bx000.dat 0x000000004c59a920 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\82958b033c250a9507abce6a52dafc0cx000.dat 0x000000004c675070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\standard\bild-links-(text-umfliessend).html 0x000000004c838070 11 0 R--rwd \Device\HarddiskVolume3\Users\Public\Music\desktop.ini 0x000000004c8a44b0 8 0 R--r-d \Device\HarddiskVolume3????rs\Admin\Downloads\GlassWireSetup.exe 0x000000004c8a4600 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Neighbors.jpg 0x000000004c91b680 1 1 ------ \Device\NamedPipe\srvsvc 0x000000004caa9580 4 0 R--rw- \Device\HarddiskVolume3????????\Fonts\DejaVuSansCondensed-Bold.ttf 0x000000004cb42e60 15 0 R--rwd \Device\HarddiskVolume3tion\perl\site\lib\auto\Mo 0x000000004cc5fda0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\84969f95e00fc925f8121aef80df240bx000.xml 0x000000004cd35e20 16 0 R--rwd \Device\HarddiskVolume3?t??rs\Admin\OneDrive\Office\scanstation\scanstation\perl\lib\CPAN\Kwalify 0x000000004d35f8c0 1 1 ------ \Device\Afd\Endpoint 0x000000004d361cf0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a59c4e7f071a331c0ac3af59c2da18f1x000.xml 0x000000004d37ae60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\d6f1733e1b24748f1271a95cb6bdb473x000.dat 0x000000004d39c720 14 0 R--rwd \Device\HarddiskVolume3????????\Fonts\consolai.ttf 0x000000004d95a670 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\IoloToolOpt.dll 0x000000004dbf2660 25 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist64.dll 0x000000004dc7f9e0 15 0 R--r-- \Device\HarddiskVolume3? 0x000000004dcce070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4cd20c190c55ab4d461f6f87cbdb6c73x000.xml 0x000000004df2bce0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000004e09d710 15 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\BRLNSDB.TTF 0x000000004e0f3130 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004e1c3a10 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VCRescueMetrics\VCRescueMetricsBL.dll 0x000000004e204070 3 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\jscript9.dll 0x000000004e2422e0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004e32e650 20 0 R--r-d \Device\HarddiskVolume3????dows\winsxs\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.dll 0x000000004e337800 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\4008ad29844704823031157192dca64bx000.dat 0x000000004e4a4070 11 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\GenBkBasI.ttf 0x000000004e550070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x000000004e754b80 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x000000004e7ecf20 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Red.Road.jpg 0x000000004e8e0f20 7 0 R--r-d \Device\HarddiskVolume3????? 0x000000004ec86a30 11 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\PLAYBILL.TTF 0x000000004ec86f20 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem105.PNF 0x000000004edca5d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x000000004edcad20 25 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerPublishing.dll 0x000000004edcaf20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wscapi.dll 0x000000004f025f20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Roaming\Microsoft\Windows\Cookies\U6D2ERQX.txt 0x000000004f625070 16 0 R--r-d \Device\HarddiskVolume3????.. 0x000000004f6ba2a0 5 0 R--rwd \Device\HarddiskVolume3????dows\System32\credui.dll 0x000000004f6baa30 13 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\palab.ttf 0x000000004f7b36e0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Downloads 0x000000004f7bac40 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 0x000000004f95b070 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\7dc3a263ebb8b77f1f02fbbb16cc7e78x000.dat 0x000000004fb12070 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\827E39B16EE05F26980F1B7781F93978DF28A031 0x000000004fb1cf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004fc5c070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000004fd32f20 16 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ostrich-black.ttf 0x000000004ff0c070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\dff51503afaa9754e285ba64e14ee857x000.dat 0x000000004ff0c990 16 0 R--r-- \Device\HarddiskVolume3\Windows\Prefetch\SOFTWAREUPDATE.EXE-4F1A260C.pf 0x000000004ff89070 1 1 ------ \Device\NamedPipe\C:\Users\Admin\AppData\Local\Google\Drive\GoogleDriveIpcPipe 0x000000004ffb5f20 15 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\laufschrift\widget.png 0x0000000050268a00 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSAPI.DLL 0x00000000504bbb30 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\NetworkDiagnostics\NetworkDiagnosticsBL.dll 0x00000000504bbd10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000506c1420 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\edd8257cde8e6ac70945c610baf2be01x000.dat 0x000000005085b1c0 2 1 ------ \Device\nativewifip\{247c8ffc-3117-4741-ac84-880ea8b3722e} 0x000000005085bf20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\7de7faeb29b272087e93f8deb09c2cb7x000.dat 0x000000005087f550 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\4b147c335d86f96b6cbb394a5f021048x000.dat 0x000000005087ff20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.InferenceEngineCore.dll 0x0000000050c0b070 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\LetterGothicStd.otf 0x0000000050e27590 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.cybersecurity-airbusds.com_0.localstorage-journal 0x00000000513546c0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005137b400 9 0 R--r-d \Device\HarddiskVolume3????gram Files (x86)\PowerISO\PWRISOSH.DLL 0x00000000513db200 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\simsun.ttc 0x00000000513db370 14 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\F71763FE7F9F7B716276CAA0109103D22831F5EB 0x0000000051470d10 16 0 R--rwd \Device\HarddiskVolume3 0x00000000514ab3e0 14 0 R--r-- \Device\HarddiskVolume3????rs\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8 0x00000000516b2f20 9 0 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2015-7-8.1912.61028.26.odl 0x00000000517d0070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000000517d0230 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\0eb682e3c75f5cf8ffb3eaca783efa31x000.xml 0x00000000519a1f20 16 0 R--r-- \Device\HarddiskVolume3????ISTRY\USER\S-1-5-21-294828654-1168716976-3009358734-1000_Classes\TypeLib\{565783C6-CB41-11D1 0x0000000051b25070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\67ad39758ef21134785c0b0165906981x000.xml 0x0000000051dd13b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x0000000051fa5230 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\kennwortabfrage\widget.png 0x000000005203a2c0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Greenshot 0x00000000520ab070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000520ab410 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\UIAnimation.dll 0x00000000520abdc0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\news\widget.png 0x0000000052376d80 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\VDL\a4ed6801f47a8cc69feede468d8eb0bex000.xml 0x00000000524467a0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\markdown\standard.html 0x0000000052446970 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x000000005276a640 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000000527c6140 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\JOKERMAN.TTF 0x0000000052a002c0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoesc.ttf 0x0000000052b79680 16 0 R--r-d \Device\HarddiskVolume3\Windows\AppPatch\drvmain.sdb 0x0000000052d941e0 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Data.dll 0x0000000052ead070 6 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportBL.dll 0x0000000052ff08c0 13 0 R--rwd \Device\HarddiskVolume3????@ 0x0000000053269a10 16 0 R--rwd \Device\HarddiskVolume3????????\Fonts\mriam.ttf 0x000000005375a880 21 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL 0x0000000053783070 16 0 R--rwd \Device\HarddiskVolume3???????? 0x000000005379fdb0 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.107.121285963 0x0000000053b3c270 2 1 ------ \Device\Afd\Endpoint 0x0000000053c86850 15 0 R--rwd \Device\HarddiskVolume3? 0x0000000053cf86f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\709a48eb7d65ad82ff508915936f5b89x000.dat 0x0000000053ec7070 16 0 R--r-- \Device\HarddiskVolume3????????\System32\api-ms-win-downlevel-user32-l1-1-0.dll 0x0000000053ec7f20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\ITCEDSCR.TTF 0x0000000053faaa10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000054091af0 13 0 R--rwd \Device\HarddiskVolume3????????\Fonts\taile.ttf 0x0000000054192250 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\6a99e1046a4e24a9ea5c075436be30edx000.dat 0x000000005442e070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000544eb2a0 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\LEELAWDB.TTF 0x00000000546e9f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOCare.Utilities.dll 0x000000005478ed10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x0000000054b626e0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000054b629d0 2 1 ------ \Device\Afd\Endpoint 0x0000000054ffe880 16 0 R--rw- \Device\HarddiskVolume3????????????? 0x00000000552c7350 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem40.PNF 0x00000000552c7970 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2fdbe3f5eff915d770af8293519826c6x000.dat 0x00000000552c7c80 15 0 R--rwd \Device\HarddiskVolume3????????? 0x00000000556fb7e0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_w32.exe 0x0000000055707070 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\gisha.ttf 0x00000000557b7770 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000557cb900 3 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O5949707a#\87b66b8bde0465cd2f93afc0f7df57e4\Microsoft.Office.Tools.ni.dll 0x000000005594c370 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\6FBF6404996781DD948971ADDDC456B873B81527 0x0000000055afc5c0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\meldungsfenster\meldungsfenster.html 0x0000000055f06070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\geschuetzter-bereich\widget.png 0x00000000560cf070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000564c6f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\96c7181959ebdb9350386793feaddacdx000.dat 0x0000000056617d10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000056a58d10 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Downloads 0x0000000056a85070 17 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000003.log 0x0000000056a85dd0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\26cce11dfa3eb15365585d762af9a917x000.xml 0x0000000056a96a70 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\teaser\bild-rechts.html 0x0000000056aeca10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\2850fa85e80373095f60afd053e47fe7x000.dat 0x0000000056b5a9d0 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f2827e6d53a82d09c1388e964274e4f4x000.dat 0x0000000056e0d070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rdpcorets.dll 0x0000000057296240 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x0000000057321250 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000575d3cd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000057934330 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\HGHANGSO.TTF 0x000000005793e480 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Hour.UK.jpg 0x000000005793e950 29 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraGrid.v14.2.resources.dll 0x0000000057b88070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000580b9f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000058145490 2 1 ------ \Device\NamedPipe\61954446-d999-4847-8a08-7bd477d6a696 0x0000000058612310 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x000000005887bf20 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Digifit.ttf 0x00000000588a8870 19 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000005898d9d0 10 0 R--rw- \Device\HarddiskVolume3????????\Fonts\georgia.ttf 0x0000000058c63f20 12 0 R--rwd \Device\HarddiskVolume3????????\Fonts\shrutib.ttf 0x0000000058c7e070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeGui.dll 0x0000000058cd9230 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\5f429d4f5d2def7ca7b35eb4f8946f34x000.xml 0x0000000058ce4720 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\51598d3de3473ebd3ddffbed560db0e3x000.xml 0x0000000058d1df20 33 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001064.log 0x0000000058e89c00 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\nobile_bold_italic.ttf 0x0000000059256270 16 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\catalogue\cf.sdds.local.xml.tmp 0x0000000059295240 10 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\DejaVuSerif-Italic.ttf 0x00000000593d6070 28 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraGrid.v14.2.dll 0x00000000595095b0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_de.slideshare.net_0.localstorage-journal 0x0000000059ad0070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000059b35840 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x0000000059b78070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000059d68150 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000059d68a10 16 0 R--r-d \Device\HarddiskVolume3???? 0x0000000059de4cf0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a59c4e7f071a331c0ac3af59c2da18f1x000.xml 0x000000005a1581f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\78b62e4c13378f737603136975a07e1ax000.dat 0x000000005a2f0990 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_en.wikipedia.org_0.localstorage 0x000000005a396680 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\seitenuebersichtv12\widget.png 0x000000005a42ff20 16 0 R--rwd \Device\HarddiskVolume3? 0x000000005a482f20 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\BKANT.TTF 0x000000005a5b6b80 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\4b8c8ae8f46ea8567c7dbf5efaee0030x000.dat 0x000000005a671a10 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\73c2f2d1c45d3438b992188bcbec0bf3x000.dat 0x000000005a676070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000005a81f5d0 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\svchost.exe 0x000000005a81f930 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\IDE504\a242a594ab3ce042bd73f0b0f450e739x000.xml 0x000000005a887070 16 0 R--rwd \Device\HarddiskVolume3???????? 0x000000005ad37d50 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\InlineEditing\zpie-sprite.png 0x000000005b33af20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005b46d170 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\radarrs.dll 0x000000005b503c50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005b505c90 16 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\BALTH___.TTF 0x000000005b770070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000005b908070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x000000005b90b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x000000005bd433f0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.ServiceCore.dll 0x000000005be265c0 14 0 R--r-d \Device\HarddiskVolume3\Windows\Resources\Themes\Aero\aero.msstyles 0x000000005beb8de0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005befbf20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005bf8e5c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005c1bae20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\3760e8954ec46ea3fb94c8db4cc8d807x000.dat 0x000000005c218240 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x000000005c23ea10 12 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\725AB63F0A7712B2D99831CCEC683179F9F95390 0x000000005c2da230 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a5874e999d38b4f16489ebe26fb4a4ffx000.dat 0x000000005c3115a0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportBL.dll 0x000000005c3201f0 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\raavi.ttf 0x000000005c320dc0 16 0 R--r-- \Device\HarddiskVolume3????gram Files (x86)\PowerISO\Lang\Malay.lng 0x000000005c398070 16 0 R--r-d \Device\HarddiskVolume3?t??dows\SysWOW64\winnsi.dll 0x000000005c4d9070 15 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\Bruss___.ttf 0x000000005c681b80 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x000000005c734d10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\e6a610986741ec4adb1c6b9631bd7241x000.xml 0x000000005c7c5bf0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\VAIOCareToolkit\v4.0_8.4.2.12030__6b746f706d1a5a7d\VAIOCareToolkit.dll 0x000000005cb05dd0 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\68da15f6ce1d1621be451fae3bebbe09x000.dat 0x000000005cbbf770 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x000000005cca3f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaLongPaths.dll 0x000000005cd72260 11 0 R--rwd \Device\HarddiskVolume3 0x000000005ce36260 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\be0817a99860adbb8d98b1ff6236d317x000.dat 0x000000005cf47070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\27c1055420efb3377aa941a09778feeax000.dat 0x000000005d3cff20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\bilderalbumv12\widget.json 0x000000005dd74ea0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000005e648680 16 0 -W-r-- \Device\HarddiskVolume3????rs\Admin\OneDrive\Office\scanstation\scanstation\perl\site\lib\auto\XML\NamespaceSupportpl 0x000000005e6487d0 16 0 R--r-- \Device\HarddiskVolume3x 0x000000005e718070 10 0 R--rwd \Device\HarddiskVolume3?? 0x000000005e7709a0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000005e94e400 13 0 R--r-d \Device\HarddiskVolume3????rs\Admin\Downloads\winpmem_2.0.1.exe 0x000000005ea85070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem96.PNF 0x000000005eb6a070 1 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\edb.log 0x000000005f09a4d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\7a23dc2a8437d91786180f0eacbf2f9fx000.xml 0x000000005f212250 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\seguisym.ttf 0x000000005f2d0070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005f3e6f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000005f3e77b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3 0x000000005f43b1d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\9099549c3995ca0ac14c007ee751ec74x000.xml 0x000000005f6e8b50 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\0a72b7262b509ac4c9d8dd4d517a0cbdx000.dat 0x000000005fa13e20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\967800de1998e3b01faba2e8d1a1f8e7x000.dat 0x000000005fb3e3a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000005fbf6c70 16 0 R--rw- \Device\HarddiskVolume3????gram Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe 0x000000005fc0c400 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005fc5b770 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000005fd5df20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000000603a6070 15 0 R--rwd \Device\HarddiskVolume3??/ 0x00000000607ec730 16 0 R--rw- \Device\HarddiskVolume3???????Data\Sophos\AutoUpdate\data\warehouse\8b98a2cb079a331f43a22c8adae76c21x000.dat 0x00000000607eca40 14 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\cambriaz.ttf 0x00000000607ecb90 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\catroot2\edb.log 0x00000000607ecf20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\53a0c077625b3542a633fccce0126ff0x000.dat 0x0000000060868b90 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\9fa1d5e3c760ffc78be1d59edce12387x000.dat 0x00000000608ea280 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\OneDrive\Office\scanstation\scanstation\perl\html\site\lib\TAP\Parser\Sourcee 0x0000000060eb3f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000000610c1f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000611f2070 17 0 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index 0x00000000615d22f0 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx 0x00000000615d2a10 1 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x00000000616025f0 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fdWCN.dll 0x00000000616aaf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000061a95c50 1 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceCurrent.5860.0512.etl 0x00000000621e91d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000062477f20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000624b93b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x0000000062694f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\00f1c579833fc8b0bdc971ed9f827f24x000.dat 0x00000000628c69f0 2 1 ------ \Device\Afd\Endpoint 0x0000000062b477c0 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini 0x0000000062b8fd40 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\fb04381c0341dc70dbb9654b42e0c383x000.dat 0x0000000062d11070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000630a07d0 2 1 ------ \Device\NamedPipe\chrome.6908.436.167658528 0x00000000635a3dd0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\9f9fc38ca16990c3319c6ea1ae4b4eb1x000.dat 0x0000000063884270 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\singleimage\widget.png 0x0000000063ba56c0 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\AVS Video Uploader.lnk 0x0000000063ba5c70 1 1 ------ \Device\Afd\Endpoint 0x0000000063d2a3d0 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 0x00000000641d36c0 15 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\upceb.ttf 0x0000000064453f20 13 0 R--rwd \Device\HarddiskVolume3? 0x0000000064520590 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\4b9e6ccb10ac4f56ba70715139559108x000.dat 0x0000000064520910 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000064998a40 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mfc42u.dll 0x0000000064b15e60 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe 0x0000000064b27db0 1 1 ------ \Device\Afd\Endpoint 0x0000000065158c70 16 0 R--rw- \Device\HarddiskVolume3 0x00000000651f6c00 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3db1f74395702d27cdbc5a65093ea1bbx000.dat 0x00000000651f6d50 16 0 R--rw- \Device\HarddiskVolume3?q??????Data\Sophos\AutoUpdate\data\warehouse\39c676a42b3044c166351122bc9b4925x000.dat 0x0000000065427070 16 0 R--rwd \Device\HarddiskVolume3????rs\Admin\OneDrive\Office\scanstation\scanstation\perl\html\site\lib\Template\Tutorial 0x0000000065427320 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF427C89833B9683B4.TMP 0x0000000065427f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3c05981c45ac53b74e54bf6d5648a087x000.xml 0x0000000065534650 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x000000006570e070 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000065831a10 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\seitenuebersichtv12\mehrspaltig-mit-beschreibung.html 0x0000000065a14360 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\8744d94f5f3fac6fb520dbe47e671a43x000.dat 0x0000000065a1cf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000065aa3bb0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\6d9c00b49647f498c6efc8bfedd6928bx000.dat 0x0000000065c9b5d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x0000000065c9bd20 25 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerPublishing.dll 0x0000000065c9bf20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wscapi.dll 0x0000000065dd1520 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem141.PNF 0x0000000065dd1670 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x0000000065dd18a0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem47.PNF 0x0000000065dd19f0 4 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x0000000065f612e0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\15448da1e6b97df6d701f705f26d0407x000.dat 0x000000006613ef20 10 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\7baa4a43446f330666644c544096646ex000.dat 0x00000000662f8f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x00000000665a33e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.accdb 0x0000000066716f20 2 1 ------ \Device\NamedPipe\mojo.6908.2092.8195221047334222728 0x0000000066996070 4 0 R--r-d \Device\HarddiskVolume3????????\System32\DWrite.dll 0x0000000066a1fa10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000066c196c0 2 1 ------ \Device\Afd\Endpoint 0x0000000066c19b90 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Burn 0x0000000066c19de0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x0000000066de0350 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\NetworkDiagnostics\NetworkDiagnosticsBL.dll 0x0000000066de0600 1 1 ------ \Device\NamedPipe\ 0x0000000066e02650 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\87572e4a77dd2478a8372f2f342fd783x000.dat 0x0000000066f37f20 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationBL.dll 0x0000000066fb4f20 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationAPI.dll 0x0000000066fe24a0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\NetworkDiagnostics\NetworkDiagnosticsBL.dll 0x00000000670322c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000671b4290 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ManageUSBDevice\ManageUSBDeviceBL.dll 0x00000000671e3d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x0000000067235c40 1 1 ------ \Device\Afd\Endpoint 0x00000000672f5df0 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdateCommon\VAIOCareUpdateCommonBL.dll 0x00000000673f3630 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000674a3c70 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000675e9f20 8 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ComponentModel.Composition.resources.dll 0x00000000676b35c0 6 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SoftwareHub\SoftwareHubPL.dll 0x00000000676ef480 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk 0x0000000067865070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\67e5f5caf15a3f684612c64075a42ff5x000.dat 0x0000000067865f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000067938780 2 1 ------ \Device\Afd\Endpoint 0x0000000067a63d60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\03478c6144b6595a5be24370ed626652x000.dat 0x0000000067b54930 13 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Gazzarelli.ttf 0x0000000067d26d00 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\b4fe11f9dd68a2c30d1a236ed5c3a194x000.dat 0x0000000067ddd9b0 2 1 ------ \Device\Afd\Endpoint 0x00000000686e2070 14 0 R----- \Device\HarddiskVolume3????dows\Prefetch\CHROME.EXE-5349D2D7.pf 0x00000000686f2f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000687bf700 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a93572dac141d99ff297cb3c689964b3x000.dat 0x0000000068a413e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x0000000068c64f20 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.64.110744284 0x0000000068d6ce60 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\5edc3d62a00d392ce1e0295aa70547ccx000.dat 0x0000000068fe2640 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.exe 0x00000000691914a0 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Sony\VAIO Care 0x00000000692ba3a0 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareBL.dll 0x00000000692ba860 2 1 ------ \Device\Afd\Endpoint 0x00000000693d5c50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000000693d5df0 2 1 ------ \Device\NamedPipe\8b9ee9e2-104f-4f7c-ad58-784ff7a591d6 0x0000000069520e20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\eb2e399df4eca60f2d7b9d6e4554ebffx000.xml 0x00000000697603e0 2 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\SyncEngine.dll 0x0000000069760830 7 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\SERVER_M.VSS 0x0000000069a9f070 14 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\ROCKB.TTF 0x0000000069cc3270 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\GenBasB.ttf 0x0000000069df0240 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000069ea5dd0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\342e0ef9907fa633d777362a0bbacd8cx000.dat 0x0000000069ecd190 13 0 R--rwd \Device\HarddiskVolume3????kel-nebeneinander.html.dll 0x0000000069ecddd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll 0x0000000069f16770 15 0 R--rwd \Device\HarddiskVolume3????? 0x0000000069f53070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem68.PNF 0x000000006a909f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x000000006a95a6f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x000000006ac20260 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\f0a40616d55882ecd3b6b4f1d3b89fb2x000.dat 0x000000006adc4f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006ade4070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem68.PNF 0x000000006b06bbf0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006b0c8790 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Bold.ttf 0x000000006b232c00 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Hairline.ttf 0x000000006b4ddf20 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\PremiumTools\PremiumToolsPL.dll 0x000000006b5c76b0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\f043ee417d637a4a5b606c8eda0538e3x000.dat 0x000000006b5c7800 3 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a28d93e11a4673d74e51005715ec2d4dx000.dat 0x000000006b6e82e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_web.whatsapp.com_0.localstorage-journal 0x000000006b6faf20 16 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\QUIVEIT_.TTF 0x000000006b7ea4c0 15 0 R--rwd \Device\HarddiskVolume3? 0x000000006b83b070 16 0 R--r-d \Device\HarddiskVolume3????? 0x000000006b9d6070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006bb60400 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationAPI.dll 0x000000006bce4070 14 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\tapiperf.dll 0x000000006bce48c0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006bdcdf20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f22b948a6abb6c714865b21c51044882x000.xml 0x000000006be66f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x000000006beb5450 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\75b02855c613640639beb0b60ded2c15x000.xml 0x000000006bf97dd0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006c07dbc0 3 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistAPI.dll 0x000000006c13a770 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x000000006c237070 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 0x000000006c248250 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f69c4bf174cd2112571747a547674721x000.xml 0x000000006c32b280 16 0 R--rwd \Device\HarddiskVolume3???????? 0x000000006c49c610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000006c5472f0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\9aa5295ebf908e3ae906a19da5213fe6x000.dat 0x000000006c5c04f0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.4158977825606325072 0x000000006c94dc10 7 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 0x000000006ca3c790 16 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Emmett__.ttf 0x000000006cddaf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000006ce07d30 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\GenericVAIOCareReminders\GenericVAIOCareRemindersBL.dll 0x000000006ce08cb0 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareMetrics\VAIOCareMetricsBL.dll 0x000000006ce15f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem99.PNF 0x000000006ce2ecb0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\184a0066a1b62009b7069566ed01c78bx000.xml 0x000000006ceefaa0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem94.PNF 0x000000006d063070 2 1 ------ \Device\NamedPipe\chrome.6908.342.77901400 0x000000006d0657b0 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem69.PNF 0x000000006d2e3070 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\5b03a43e986a2701cb22c10ff1d20904x000.dat 0x000000006d384460 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x000000006d384ca0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x000000006d38ce60 5 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsBL.dll 0x000000006d392e60 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x000000006d568600 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x000000006d9bdf20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f3a2bd426baf4e3854b567a395240a06x000.xml 0x000000006daa61d0 1 1 -W-rw- \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x000000006db0d310 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Regular.otf 0x000000006db0d950 1 1 ------ \Device\Afd\Endpoint 0x000000006dbd53d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\f93a8cb6f506c9a42e181dac170c6771x000.dat 0x000000006dca6f20 16 0 R--rwd \Device\HarddiskVolume3????????\Fonts\LCALLIG.TTF 0x000000006ddcdc10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006de36070 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OART.DLL 0x000000006dff75a0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\Office\scanstation\scanstation\perl\lib\auto\Compresszipon 0x000000006e0c8070 2 1 ------ \Device\NamedPipe\wkssvc 0x000000006e0c8240 14 0 R--rw- \Device\HarddiskVolume3???????? ? 0x000000006e0db600 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x000000006e426bf0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e730590 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\5aaf750f594743eded69a49a79756032x000.dat 0x000000006e73a840 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e73a990 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e744dd0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e771270 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e819210 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000006e890070 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\dc0e1ebfe3aee2dc98a7efc258a2379ex000.xml 0x000000006e890ab0 2 1 ------ \Device\NamedPipe\617a8568-eabc-4f9c-aaa4-73fa304df56e 0x000000006ec65070 16 0 R--r-d \Device\HarddiskVolume3????.. 0x000000006ec68070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x000000006ed03070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.57.17496626 0x000000006f2bc9d0 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a175e6f222dec4c3d69a85fb6fdbfe40x000.dat 0x000000006f47c550 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Windows Mail\de-DE\msoeres.dll.mui 0x000000006f47c800 16 0 R--rwd \Device\HarddiskVolume3???dows\System32\es.dll 0x000000006f71c3b0 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\HPSimplified_It.ttf 0x000000006f73cd10 1 1 RW---- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat 0x000000006f73cf20 16 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\AGENCYB.TTF 0x000000006f94cdc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\c62ad388873867e1abf17f53e99d037cx000.dat 0x00000000702a6f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000070423f20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\OneDrive\ID10T's Security-012-013\vaio-admin @ vaio.cloudlock 0x00000000705f7070 13 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\43651373251E26411F1F7E11E9B005AF86E5C376 0x00000000708a78f0 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.MetricsEngine\Solution.MetricsEngineBL.dll 0x00000000709639d0 19 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer12Skin.dll 0x0000000070db1070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x0000000070e576e0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOCare.Utilities.dll 0x0000000070fea6b0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\PhilatelistWrapper.dll 0x0000000070feaa10 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x0000000071054e20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareMetrics\VAIOCareMetricsBL.dll 0x00000000713b3280 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Microsoft.WindowsAPICodePack.dll 0x0000000071743670 2 1 R--rw- \Device\HarddiskVolume3????????dmin\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist 0x0000000071969bc0 3 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistAPI.dll 0x00000000719b4920 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000071c48250 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk 0x0000000071c9ec70 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\81a6738b561aa7f1c7c67888b8c63098x000.dat 0x0000000071d3a1a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000071ec4dc0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\bc13a18faccbce6f1c9a714c53c88b93x000.dat 0x0000000071f6c200 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000071fc5630 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000071fc5d50 2 1 ------ \Device\Afdtion\perl 0x00000000721a7d80 2 1 ------ \Device\Afd\Endpoint 0x00000000721e1f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f22b948a6abb6c714865b21c51044882x000.xml 0x0000000072203dd0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.linkedin.com_0.localstorage-journal 0x000000007222cf20 2 1 RW-rw- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C 0x000000007223e100 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000000722e8c00 23 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\HtmlAgilityPack.dll 0x00000000724463b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000725ce220 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000726bdd50 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\e7b23dc7d77f74edf7156c09868468ddx000.dat 0x00000000726bdea0 16 0 R--rw- \Device\HarddiskVolume3???????? 0x00000000728ab070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\22068e39eac3cf83c231530a604248e0x000.dat 0x0000000072948240 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerExtendedControlsLibrary.dll 0x00000000729f6e20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000072ab9cf0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\83b3f6d00599cf9376ed72c1f0073c5ax000.dat 0x0000000072ab9e40 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\bfa4bd9dc5f17b7120eae2e383764557x000.dat 0x0000000072b9a6f0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000072c3a400 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem116.PNF 0x0000000072efa850 15 0 R--rwd \Device\HarddiskVolume3? 0x000000007317c580 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.db.com_0.localstorage-journal 0x000000007336a070 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updatercore.dll 0x00000000734be070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\818cbb90c97b2000257d908be9291dffx000.xml 0x00000000736bb5b0 1 1 -W-rwd \Device\HarddiskVolume3\pgData93\pg_log\postgresql-2015-07-08_000000.csv 0x00000000738172d0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Tools.dll 0x000000007381df20 16 0 R--rw- \Device\HarddiskVolume3? 0x000000007382a3f0 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000073851640 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.exe 0x00000000738716c0 15 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$BitMap 0x0000000073888070 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000738882c0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000000738884d0 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Message\MessageBL.dll 0x000000007390b070 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CollectPOTData\CollectPOTDataBL.dll 0x000000007390ba10 2 0 RWD--- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\xmlcpp.dll 0x000000007390d070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000000739114f0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CollectPOTData\CollectPOTDataBL.dll 0x0000000073911800 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportBL.dll 0x0000000073c4ad40 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001061.ldb 0x0000000073c6ff20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\upcli.ttf 0x00000000742c7070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007430de20 11 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraEditors.v14.2.dll 0x00000000745ec070 6 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportBL.dll 0x0000000074690dc0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\e9316a4814f8be7e5dc8ccdf7349a4d4x000.dat 0x0000000074798f20 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Downloads\The.Killing.jpg 0x000000007491cf20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\ueberschrift\Ueberschrift 3.html 0x0000000074a89f20 2 1 ------ \Device\NamedPipe\a1e12ba1-3b56-43d9-b7ba-9793f1cc926a 0x0000000074abcc60 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta ?com.google.android.apps.plusCOM.GOOGLE.ANDROID.APPS.PLUS.json 0x00000000750faf20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a667ba541f52fdf6abd54897dde17841x000.dat 0x00000000752d7250 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\822b9ccbddb353baa03957bb7c2a6bb3x000.dat 0x000000007567b5a0 15 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Mft 0x0000000075bc0570 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FD65412E-6CF7-4ED5-83D1-A42898EADACA}.tmp 0x0000000075e83780 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000000762a3070 1 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs 0x00000000765794c0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\62f500106dc060909d030fa92cee7433x000.xml 0x0000000076852070 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000076a5ec10 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\untermenue\widget.json 0x0000000076d90960 2 1 ------ \Device\Afd\Endpoint 0x0000000076e9ac80 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\eb618ac468293cc14c88051defd7cb3dx000.dat 0x000000007704b300 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\VISDLGU.DLL 0x0000000077129720 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x0000000077138070 17 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.InferenceEngineCore.dll 0x0000000077930b00 2 0 R--rw- \Device\HarddiskVolume3\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe685c1fb059ca41e89776480x000.dat 0x0000000077bc6070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\dff51503afaa9754e285ba64e14ee857x000.dat 0x0000000077bc6990 16 0 R--r-- \Device\HarddiskVolume3\Windows\Prefetch\SOFTWAREUPDATE.EXE-4F1A260C.pf 0x0000000077cea3c0 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a2ef2d3f15221d69c4ab332b1f344edax000.dat 0x0000000077cea510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000077ceaf20 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\baa8ab032bba0b3399cb8838394b5c5ax000.dat 0x0000000077dfe760 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationBL.dll 0x00000000781cd5a0 5 0 R--rwd \Device\HarddiskVolume3????rs\ 0x00000000781cd880 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000782cdf20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Data.dll 0x0000000078391380 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2b4fb71beca3120c7faaf62d2cd56874x000.dat 0x00000000783be070 16 0 R--r-d \Device\HarddiskVolume3???????? 0x0000000078ba7600 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\cbf47e70a5498dec4c63b18939488f85x000.dat 0x0000000078c35700 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage 0x0000000078c35950 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000078e82070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\geschuetzter-bereich\widget.png 0x0000000079723b70 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x0000000079841930 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3800eee3229bc0b15880220a8a6d0eeex000.dat 0x0000000079c99f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\db5a5e18caa9a048c4889f64c885de58x000.dat 0x0000000079d6af20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000079f7d9c0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\00afcefe268ea63e18e7a886cbce958bx000.dat 0x0000000079fb8360 6 0 R--r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\ 0x000000007a04c070 14 0 R--rw- \Device\HarddiskVolume3????????\Fonts\GenBkBasB.ttf 0x000000007a16cd10 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.64.110744284 0x000000007a1b84d0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.it_0.localstorage-journal 0x000000007a39d880 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007a886f20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\0152e13163139bb1d57dbb9af77bcc44x000.dat 0x000000007aee2070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007af4af20 11 0 R--rwd \Device\HarddiskVolume3????gram Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 0x000000007b593710 9 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\INTLDATE.DLL 0x000000007b6be130 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x000000007b7db540 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007bba0070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007bbca840 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007beedf20 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001060.ldb 0x000000007c4eaf20 2 1 ------ \Device\Afd\Endpoint 0x000000007cbba8d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x000000007cc5c070 16 0 R--r-- \Device\HarddiskVolume3????????\System32\api-ms-win-downlevel-user32-l1-1-0.dll 0x000000007cc5cf20 16 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\ITCEDSCR.TTF 0x000000007d423920 2 0 R--rw- \Device\HarddiskVolume3?????h??Data\Sophos\AutoUpdate\data\warehouse\afd832c20208e0b14da8f33fed58ee90x000.dat 0x000000007d54c070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000007d5d7070 16 0 R--r-- \Device\HarddiskVolume3????????dmin\Pictures\2015 04 Bude\Jella\IMG_0143.JPG 0x000000007d8c51f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x000000007d8fa820 2 1 ------ \Device\Afd\Endpoint 0x000000007d997280 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000007db74f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007dfb3610 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\eba214c1e8433a137c5ede3d9e67510fx000.dat 0x000000007e205070 8 0 R--r-d \Device\HarddiskVolume3????????\System32\sechost.dll 0x000000007e205f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem53.PNF 0x000000007e933930 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3800eee3229bc0b15880220a8a6d0eeex000.dat 0x000000007efdf070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000007efdfd10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\d6c950f79056a3df1e4fc0d9b753aa7dx000.xml 0x000000007f42e670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000007f430150 12 0 R--r-d \Device\HarddiskVolume3???? 0x000000007f742f20 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\winpmem_1.6.2.exe 0x000000007f8fb270 14 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Waverly_.ttf 0x0000000080085880 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\trebucbd.ttf 0x00000000802abf20 16 0 R--r-d \Device\HarddiskVolume3????age\volume\_??_usbstor#disk&ven_toshiba&prod_transmemory-mx&rev_pmap#ffffffffffffee30600040cb&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}f 0x000000008032c1d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000804f52b0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\spalten-artikel\2-3-spalte.html 0x00000000805e8f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000080641f20 8 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 0x0000000080777280 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem131.PNF 0x0000000080961d10 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x0000000080cf8070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000080f30660 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.47.33189520 0x000000008116c370 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\6FBF6404996781DD948971ADDDC456B873B81527 0x0000000081631f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000081b89c50 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem120.PNF 0x0000000082056070 16 0 -W-r-- \Device\HarddiskVolume3Drive\Office\scanstation\scanstation\perl\site\lib\ 0x00000000820e3280 16 0 R--rwd \Device\HarddiskVolume3???????? 0x00000000824165c0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\meldungsfenster\meldungsfenster.html 0x00000000829af170 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000082a1cf20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\popup-fenster\standard.html 0x00000000835935f0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12475579679998394784 0x0000000083593f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.CommonInterfaces.dll 0x000000008367c580 16 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a48bd2a02ed1ae2fbb79ef8797f0c5f6\System.Management.ni.dll 0x00000000837a1640 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.exe 0x00000000839ba1f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x0000000083a15f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x0000000083af4210 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x0000000083e14630 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000083e14d50 2 1 ------ \Device\Afdtion\perl 0x0000000084174070 16 0 -W-r-- \Device\HarddiskVolume3Drive\Office\scanstation\scanstation\perl\site\lib\ 0x000000008428b560 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fundisc.dll 0x00000000842fa070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rdpcorets.dll 0x00000000846ecdc0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x0000000084cc98d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000084cd5660 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem56.PNF 0x0000000084d70a00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x0000000085003790 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Bold.ttf 0x000000008538f9e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x000000008538fbc0 15 0 R--rwd \Device\HarddiskVolume3sti\Texte\Kinnula Referenzliste\ln_images_src\lt_NetrixLoadHtml_e8f575594015428382c34bbe88e5c028 0x000000008563cf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000008582ddd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000008593d290 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 0x00000000859861f0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage 0x0000000085b3df20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000000861bec50 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Links 0x000000008633aba0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\rssimport\dynamic.php 0x0000000086610250 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x000000008678ff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000868fb070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x0000000086a14210 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dtsh.dll 0x0000000086b09760 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationBL.dll 0x0000000086d9da10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000086dcdf20 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RstrtMgr.dll 0x000000008751bf20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaLongPaths.dll 0x0000000087c7b370 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\6FBF6404996781DD948971ADDDC456B873B81527 0x0000000088116070 16 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\veranstaltungsuebersicht\widget.json 0x0000000088872b80 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Pictures\2015 04 Bude\Jella\IMG_0029.JPG 0x0000000088ac0f20 2 1 ------ \Device\NamedPipe\mojo.6908.2092.11742668360370183132 0x0000000089312f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000089377780 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000008950da10 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\2850fa85e80373095f60afd053e47fe7x000.dat 0x00000000896b5070 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\06e6d0c92a80434793d02d9364ebfc2ex000.dat 0x000000008982ff20 14 0 R--rwd \Device\HarddiskVolume3sRGB Color Space Profile.ic 0x00000000899242b0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\b18ddeafb51d4bcadd474b909b98200ax000.dat 0x00000000899d2c40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x0000000089bfe550 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Windows Mail\de-DE\msoeres.dll.mui 0x0000000089bfe800 16 0 R--rwd \Device\HarddiskVolume3???dows\System32\es.dll 0x0000000089c51070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem146.PNF 0x0000000089e4c320 2 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\de\FileSync.LocalizedResources.dll.mui 0x0000000089e67630 4 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\RosewoodStd-Regular.otf 0x000000008ae71490 1 1 -W-rwd \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x000000008ae71d40 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\expsrv.dll 0x000000008ae71f20 14 0 R--rwd \Device\HarddiskVolume3????? 0x000000008ae93740 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000008aea6f20 15 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF48EB7F5955EA9F651376F7F40DA1AD_4AD96472AF2E72CC9C741BD59F4AA39B 0x000000008af3a070 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E82ACDA9F5169E971D6B19B65E168F2A_ADC728A885BCE2A7A73B1D92DF32143F 0x000000008b3b1070 2 1 ------ \Device\Afd\Endpoint 0x000000008b61aa10 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x000000008b7de3e0 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem124.PNF 0x000000008ba63e40 17 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x000000008ba92f20 1 1 ------ \Device\Afd\Endpoint 0x000000008bbcbf40 1 1 ------ \Device\Afd\Endpoint 0x000000008c353f20 1 1 R-D--- \Device\HarddiskVolume3\Users\Admin\OneDrive\.849C9593-D756-4E56-8D6E-42412F2A707B 0x000000008c796650 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\rssimport\widget.json 0x000000008d179bb0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000008d2fbf20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.linkedin.com_0.localstorage-journal 0x000000008d498f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem51.PNF 0x000000008d6c5f20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\zptabledata\standard.html 0x000000008d7e25c0 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x000000008d967f20 2 1 ------ \Device\Afd\Endpoint 0x000000008dbff8e0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x000000008dc37f20 2 1 ------ \Device\Afd\Endpoint 0x000000008de4ac70 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x000000008e467560 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000008e51edd0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000008e87f280 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem131.PNF 0x000000008ef6c240 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x000000008efa2f20 1 1 ------ \Device\NamedPipe\lsass 0x000000008f336910 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x000000008f3736e0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\de\mscorrc.dll 0x000000008f6d2d20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Message\MessageBL.dll 0x000000008fb39a10 15 0 R--r-- \Device\HarddiskVolume3?????????? 0x000000008fc75bc0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000008fc75d10 8 0 R--rwd \Device\HarddiskVolume3????dows\System32\riched20.dll 0x000000008fca33b0 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WcnApi.dll 0x000000008ff87070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000090063d10 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x0000000090490dd0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000904ae720 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\51598d3de3473ebd3ddffbed560db0e3x000.xml 0x00000000906ff6d0 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.Data.v14.2.dll 0x00000000908ff6f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\709a48eb7d65ad82ff508915936f5b89x000.dat 0x00000000909eac10 1 1 ------ \Device\Afd\Endpoint 0x0000000090b02380 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000090c97070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000091026f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.BackendRuntime.dll 0x00000000912f3070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000914085e0 1 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemdisp.tlb 0x00000000914926c0 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\AVS Video Uploader.lnk 0x0000000091492c70 1 1 ------ \Device\Afd\Endpoint 0x0000000091cc67f0 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000920b2f20 2 1 ------ \Device\NamedPipe\chrome.6908.342.77901400 0x00000000921c5f20 15 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\fading ticker\widget.png 0x00000000923fb070 15 0 R--rwd \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\zphtml5audio\standard.html 0x00000000926881c0 2 1 ------ \Device\nativewifip\{247c8ffc-3117-4741-ac84-880ea8b3722e} 0x0000000092688f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\7de7faeb29b272087e93f8deb09c2cb7x000.dat 0x0000000092825070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000092beef20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000092c14f20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1060B7ADDE0FF6DE85637BF89FC4CEBC_E5E9A553F201CBEA57F3FB2CD29DEC62 0x0000000092c3f580 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.db.com_0.localstorage-journal 0x000000009309e070 13 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\kokilai.ttf 0x0000000093411290 15 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\TektonPro-BoldCond.otf 0x0000000093411900 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\PoplarStd.otf 0x00000000938aaf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x0000000093adcc00 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\Office\scanstation\scanstation\perl\html\site\lib\Log\Log4perl\Util 0x0000000093bc58b0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000093e53f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000000941f8070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000094264070 2 1 ------ \Device\Afd\Windows\ 0x0000000094289150 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000094316070 12 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Tangerine_Bold.ttf 0x0000000094352f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x0000000094423f20 11 0 R--rwd \Device\HarddiskVolume3???????? 0x0000000094551210 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x0000000094551360 2 1 ------ \Device\NamedPipe\a1e12ba1-3b56-43d9-b7ba-9793f1cc926a 0x00000000947becd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000947d69b0 19 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\de-DE\VCAdmin.resources.dll 0x0000000094ccbf20 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\teaser\widget.png 0x0000000094fa9570 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FD65412E-6CF7-4ED5-83D1-A42898EADACA}.tmp 0x00000000955d6cd0 15 0 R--r-- \Device\HarddiskVolume3????????dmin\OneDrive\ID10T's Security-012-013\preview\media\images\linkedin.jpg 0x000000009574a070 1 1 ------ \Device\Afd\Endpoint 0x0000000095acbf20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000095e1a070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000963121c0 27 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll 0x00000000963c9e90 3 1 ------ \Device\Afd\Endpoint 0x00000000965a5250 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000096a8ef20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x0000000096bc2950 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\11e255b4a72a00cf7d893715a7f3f5d9x000.xml 0x0000000096bc2f20 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\5b2327c5161b3783a664172607fdb065x000.dat 0x00000000974d13e0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x0000000097768a40 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx 0x0000000097836550 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk 0x00000000978e9ae0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000978f5070 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000097bd7520 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\artikelumbruch\widget.json 0x000000009821b1e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forensicfocus.com_0.localstorage-journal 0x000000009880c070 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\827E39B16EE05F26980F1B7781F93978DF28A031 0x0000000098adbcf0 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Layouts\Landscape\templates\pages\default.json 0x0000000098c932c0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\PS5UI.DLL 0x0000000098e9a1b0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000990da070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsecurity.techtarget.com_0.localstorage-journal 0x00000000991ca070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000099386dd0 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_90B3B324E3BA4570766294418E22080D 0x0000000099395070 7 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\IntelMonitor\IntelMonitorBL.dll 0x00000000994151d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000994368c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x0000000099564a10 11 0 R--rwd \Device\HarddiskVolume3min\OneDrive\Office\scanstation\scanstation\perl\site\ 0x00000000997ac470 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000998e75b0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_de.slideshare.net_0.localstorage-journal 0x00000000999e20f0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.LicensingV125.dll 0x0000000099a10070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\NetworkDiagnostics\NetworkDiagnosticsAPI.dll 0x0000000099bd7170 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLFLTR.DLL 0x0000000099c6cdc0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\e9316a4814f8be7e5dc8ccdf7349a4d4x000.dat 0x0000000099d85410 1 1 ------ \Device\Afd\Endpoint 0x0000000099d856f0 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Novem___.ttf 0x0000000099d85840 14 0 R--rwd \Device\HarddiskVolume3????rs\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\02A6E134F6A89DA799C55486D5477C4308B14D02 0x0000000099d85a10 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.Utils.v14.2.dll 0x0000000099e2dcb0 2 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx 0x0000000099ef1bb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000099f19260 16 0 R--rwd \Device\HarddiskVolume3????dows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_AD2905D734307F784BBEC99C49201928 0x000000009a025960 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\social bookmarks\standard.html 0x000000009a3e4310 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Light.otf 0x000000009a643050 1 1 RW---- \Device\HarddiskVolume2\Boot\BCD.LOG 0x000000009a8114f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009ad486f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x000000009aec0070 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x000000009af35070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009b8375c0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\meldungsfenster\meldungsfenster.html 0x000000009bbc3070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x000000009bbc7070 2 1 ------ \Device\NamedPipe\chrome.6908.339.90014565 0x000000009bcecdd0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\Office\scanstation\cygwin\usr\share\locale\de\LC_MESS 0x000000009bd5e9d0 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\f2827e6d53a82d09c1388e964274e4f4x000.dat 0x000000009c071070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009c40af20 16 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\QUIVEIT_.TTF 0x000000009cae6650 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000009ccf53c0 2 1 ------ \Device\Afd\Endpoint 0x000000009ccf57c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009cd8f7c0 1 1 RW-r-d \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\q 0x000000009d18a070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009d4cbad0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009d84c950 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\nvapi.dll 0x000000009d8a1070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\reflektion\bild-rechts.html 0x000000009d9de070 15 0 R--rwd \Device\HarddiskVolume3? 0x000000009db0b710 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\seguisym.ttf 0x000000009dbe6f20 15 0 R--rwd \Device\HarddiskVolume3????????dmin\OneDrive\Backup\Samsung S4\backup\com.google.android.apps.authenticator2 0x000000009dcb1e30 10 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\ado\msjro.dll 0x000000009dda7990 24 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\setup_chrispc_free_videotube_downloader_7_55.exe 0x000000009dda7f20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\33d8f513814c7c603081a48bd4840af1x000.dat 0x000000009df15ad0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\DejaVuSerif.ttf 0x000000009e35edd0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bankjob.de_0.localstorage 0x000000009eb6f170 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009edda4b0 16 0 R--r-- \Device\HarddiskVolume3????????? 0x000000009ef23220 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x000000009f226f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009f639070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\DownloadManager\DownloadManagerBL.dll 0x000000009f6decf0 15 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeArabic-Bold.otf 0x000000009f6def20 14 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.RunTime.Serialization.resources.dll 0x000000009f7e7f20 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\popup-fenster\standard.html 0x000000009f9fb250 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000009fca3cb0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x000000009fcb89d0 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\RCKSVR_M.VSS 0x00000000a062f770 15 0 R--rwd \Device\HarddiskVolume3????????\Fonts\BERNHC.TTF 0x00000000a07ef070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a0ef4f20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal 0x00000000a1196c80 1 1 ------ \Device\Afd\Endpoint 0x00000000a11eef20 2 1 R--rwd \Device\HarddiskVolume3\ 0x00000000a1367130 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000000a15d6f20 16 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLPH.DLL 0x00000000a1660070 20 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_de_31bf3856ad364e35\System.Management.Automation.Resources.dll 0x00000000a19ad070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000000a19adc60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000000a1a37f20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\54c1edae9df790450a73f5cf42cbeeecx000.dat 0x00000000a1a6b470 17 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm 0x00000000a1aea280 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a1b23360 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 0x00000000a1c23a60 26 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll 0x00000000a1c23f20 2 1 ------ \Device\Afd\Endpoint 0x00000000a1d2b670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000000a1d2b7c0 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsAPI.dll 0x00000000a2120730 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\PlugIns\IDE_ACDStd.apl 0x00000000a2817070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000a2a5c070 16 0 R--rw- \Device\HarddiskVolume3???????Data\Sophos\AutoUpdate\data\warehouse\7357ab71c53d25b7f7b25242ab69c6abx000.xml 0x00000000a2dd3dc0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\b11c600e65c955f0609f57bc485afce6x000.dat 0x00000000a2edd310 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Light.otf 0x00000000a2fe13f0 6 0 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2015-7-8.1926.61028.28.odl 0x00000000a303eea0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a31e2070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk 0x00000000a3289da0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryAPI.dll 0x00000000a32b6f20 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOIntegrations.dll 0x00000000a33bd070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\standard\bild-links-(text-umfliessend).html 0x00000000a3762f20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\zipfldr.dll 0x00000000a3d94500 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3b81c07b0dfc4ec4a7ab4a843d51f9dcx000.xml 0x00000000a3d94bd0 4 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\seguisb.ttf 0x00000000a4252770 15 0 R--rwd \Device\HarddiskVolume3????? 0x00000000a4290f20 10 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem136.PNF 0x00000000a4344410 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a473bf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a53c4730 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a54e4a30 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Downloads 0x00000000a55a91b0 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraBars.v14.2.resources.dll 0x00000000a55ab610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000a562b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000a576f1a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a5b6c070 20 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_de_31bf3856ad364e35\System.Management.Automation.Resources.dll 0x00000000a5cba330 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\HGHANGSO.TTF 0x00000000a5e2bf20 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF6BFEC84FE906F709.TMP 0x00000000a647d8b0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\adaa19579e9b0b6901cc86fa95d2690cx000.xml 0x00000000a6517230 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\kennwortabfrage\widget.png 0x00000000a6a28400 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000000a6dfae20 16 0 R--r-- \Device\HarddiskVolume3????????sers\Admin\OneDrive\ID10T's Security-012-013\layouts\Modern Responsive\variants\Automatisc 0x00000000a709c270 2 1 ------ \Device\Afd\Endpoint 0x00000000a7df9070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000a7df91c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000000a7e23070 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a7f36a60 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\produktalbum\widget.json 0x00000000a85bb300 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\disqus-kommentare\disqus-kommentar 0x00000000a85c2800 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000a8aaff20 13 0 R--rwd \Device\HarddiskVolume3? 0x00000000a8e32070 1 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs 0x00000000a8e965f0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12475579679998394784 0x00000000a8e96f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.CommonInterfaces.dll 0x00000000a8f75580 16 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a48bd2a02ed1ae2fbb79ef8797f0c5f6\System.Management.ni.dll 0x00000000a96cef20 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O4b20f4dd#\2a1f56b7eddcc05f434d1a2f3365ad63\Microsoft.Office.Tools.Outlook.ni.dll 0x00000000a98cecb0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\184a0066a1b62009b7069566ed01c78bx000.xml 0x00000000a9912950 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000a9fa43b0 15 0 R--rw- \Device\HarddiskVolume3????????\Fonts\HPSimplified_It.ttf 0x00000000aa006c20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000000aa46a5a0 5 0 R--rwd \Device\HarddiskVolume3????rs\ 0x00000000aa46a880 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000aa497e20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000000aa995070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000aa995240 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000000aac9e070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000000aaeea210 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000ab121640 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.exe 0x00000000ab424470 17 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm 0x00000000abba49d0 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\b21040c352d3baa9137b7f1d43e90a26x000.dat 0x00000000abc391b0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000ac7c0f20 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\2f8eb50ebbc5ef51c914d4f9c53c79fex000.xml 0x00000000ac8341f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000000ac8aff20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\162a397ce59df85e320259b48dcac55ax000.xml 0x00000000ad58ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000000ad5e94a0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\7bd5175d\00ef6b63_70cece01\SophosOutlookAddIn.resources.DLL 0x00000000ad6e2aa0 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeFanHeitiStd-Bold.otf 0x00000000ad6f6210 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000000ad798dc0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000ae094650 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000ae16c920 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Desktop 0x00000000af0bde60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000af276dd0 2 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts 0x00000000af276f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000af3e2070 16 0 R--rwd \Device\HarddiskVolume3???????? 0x00000000af578dc0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\0cc6b00f49d2118f71d00ac5aaf8fc60x000.dat 0x00000000af7506b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000000af8faf20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\0152e13163139bb1d57dbb9af77bcc44x000.dat 0x00000000afd70d60 2 1 ------ \Device\Afd\Endpoint 0x00000000aff3f070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b007d070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.57.17496626 0x00000000b01e45b0 16 0 RW---- \Device\HarddiskVolume3????????dmin\AppData\Local\Microsoft\Windows\WebCache\V010010 0x00000000b078a240 10 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\DejaVuSerif-Italic.ttf 0x00000000b0836a50 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem52.PNF 0x00000000b0836f20 16 0 R--r-- \Device\HarddiskVolume3????rs\Admin\Downloads\Those.Who.Kill.US.jpg 0x00000000b09fe1d0 13 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\Candara.ttf 0x00000000b0df5630 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b0df5d50 2 1 ------ \Device\Afdtion\perl 0x00000000b109d5f0 11 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 0x00000000b1309920 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b1559ad0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b15de6f0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b1f834a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b2137440 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05EC48341C277FE5110E7DFAA91377DC_F4D89EB1FD4E80AFB0D09F169F9D4E2D 0x00000000b2711070 2 1 ------ \Device\NamedPipe\mojo.6908.2092.11742668360370183132 0x00000000b2a49070 16 0 -W-r-- \Device\HarddiskVolume3Drive\Office\scanstation\scanstation\perl\site\lib\ 0x00000000b2a87a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b2dbe070 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\UpdateCheckAPI.dll 0x00000000b31404f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b3140870 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b35a1f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x00000000b3cdcf20 16 0 -W-r-- \Device\HarddiskVolume3????? 0x00000000b3d62070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rdpcorets.dll 0x00000000b418f6a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b42eb560 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fundisc.dll 0x00000000b433f750 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b44b9f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O2eb0cc9a#\e6a96b6a160e02c9a8861c1c324506c3\Microsoft.Office.Tools.v4.0.Framework.ni.dll 0x00000000b44c2070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b45ef140 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\JOKERMAN.TTF 0x00000000b473dc60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b4aa8300 15 0 R--r-- \Device\HarddiskVolume3????????dmin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\disqus-kommentare\disqus-kommentar 0x00000000b4b6ad10 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.64.110744284 0x00000000b4cd5070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b51693c0 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a2ef2d3f15221d69c4ab332b1f344edax000.dat 0x00000000b5169510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000b5169f20 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\baa8ab032bba0b3399cb8838394b5c5ax000.dat 0x00000000b5383a10 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\web-artikeluebersicht\widget.png 0x00000000b54bee20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000000b661c070 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\UpdateCheckAPI.dll 0x00000000b6798aa0 1 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm 0x00000000b6819070 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\fe62676b8b07e0279a347fde86edbf56x000.dat 0x00000000b6b02dc0 7 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll 0x00000000b6cad800 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000b6f4edc0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000000b74b22a0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000000b76b18a0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\RegBack\SAM 0x00000000b7754070 28 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraGrid.v14.2.dll 0x00000000b7a36070 2 1 ------ \Device\Afd\Endpoint 0x00000000b7a68c60 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraBars.v14.2.resources.dll 0x00000000b80267f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000000b834e310 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000000b866a2e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\DejaVuSerif.ttf 0x00000000b8a1de60 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.ServiceCore.dll 0x00000000b8a8e6c0 15 0 R--rwd \Device\HarddiskVolume3????dows\Fonts\MISTRAL.TTF 0x00000000b91fd240 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerExtendedControlsLibrary.dll 0x00000000b92a5f20 1 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Cache\e1c13e426e7011e18a7e806e6f6e6963.cache 0x00000000b9bf9070 2 1 ------ \Device\Afd\Endpoint 0x00000000b9d69f20 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Digifit.ttf 0x00000000ba29c870 19 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000000ba83fda0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\84969f95e00fc925f8121aef80df240bx000.xml 0x00000000babef9d0 10 0 R--rw- \Device\HarddiskVolume3????????\Fonts\georgia.ttf 0x00000000bbc2e660 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem56.PNF 0x00000000bbec3f20 8 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 0x00000000bc13d070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeGui.dll 0x00000000bc19f230 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\5f429d4f5d2def7ca7b35eb4f8946f34x000.xml 0x00000000bc2dbb30 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bc320f20 12 0 R--rwd \Device\HarddiskVolume3????????\Fonts\shrutib.ttf 0x00000000bc3de4b0 8 0 R--r-d \Device\HarddiskVolume3????rs\Admin\Downloads\GlassWireSetup.exe 0x00000000bc3de600 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\The.Neighbors.jpg 0x00000000bc65cf20 33 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001064.log 0x00000000bc6d9b30 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bc7b9c00 14 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\nobile_bold_italic.ttf 0x00000000bc9988d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bcd78070 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Update\GoogleUpdate.exe 0x00000000bcd78e60 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\rasapi32.dll 0x00000000bcdc4a00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x00000000bcfdcda0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x00000000bd166f20 1 1 ------ \Device\NamedPipe\lsass 0x00000000bd5c7070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000000bd7cb270 16 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\catalogue\cf.sdds.local.xml.tmp 0x00000000bda985c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bdbf1f20 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\RegBack\SYSTEM 0x00000000bdc4df20 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000bddff4f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bddff870 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bea24070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000000bea242b0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000bebcd070 14 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll 0x00000000bf036f20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x00000000bf7fd400 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem116.PNF 0x00000000bf857790 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Bold.ttf 0x00000000bf8796e0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOCare.Utilities.dll 0x00000000bfa29070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c05ef070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem33.PNF 0x00000000c06c7de0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c09db070 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\reflektion\bild-rechts.html 0x00000000c0e56ce0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000000c0fc9070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c1618070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c16f18d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x00000000c18639e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000c1863bc0 15 0 R--rwd \Device\HarddiskVolume3sti\Texte\Kinnula Referenzliste\ln_images_src\lt_NetrixLoadHtml_e8f575594015428382c34bbe88e5c028 0x00000000c1991070 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\3282b347\00ab0e48_3db7cb01\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL 0x00000000c19c1c40 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\timesbd.ttf 0x00000000c1d0e070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c1ed0840 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000000c1ee4cf0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a59c4e7f071a331c0ac3af59c2da18f1x000.xml 0x00000000c1ffbd10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000000c2005070 12 0 R--rw- \Device\HarddiskVolume3????????\Fonts\Tangerine_Bold.ttf 0x00000000c20ebf20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x00000000c24e8150 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c24e8a10 16 0 R--r-d \Device\HarddiskVolume3???? 0x00000000c2959620 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaAsync.dll 0x00000000c2aed710 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\seguisym.ttf 0x00000000c2c9df20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c2cc9d10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000000c2e57f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000000c2fa05d0 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\svchost.exe 0x00000000c2fa0930 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\IDE504\a242a594ab3ce042bd73f0b0f450e739x000.xml 0x00000000c320b070 16 0 R--rwd \Device\HarddiskVolume3???????? 0x00000000c320f050 18 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$MftMirr 0x00000000c3340e60 2 1 RW-r-- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat{7a16adb1-0c2c-11e5-acf6-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000000c334bf20 15 0 R--rwd \Device\HarddiskVolume3????????dmin\OneDrive\Backup\Samsung S4\backup\com.google.android.apps.authenticator2 0x00000000c3520670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000000c3811070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c38cccf0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\a59c4e7f071a331c0ac3af59c2da18f1x000.xml 0x00000000c4054f20 4 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareAPI.dll 0x00000000c40ef4c0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\62f500106dc060909d030fa92cee7433x000.xml 0x00000000c46b31f0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\78b62e4c13378f737603136975a07e1ax000.dat 0x00000000c488edd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c4e0a990 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_en.wikipedia.org_0.localstorage 0x00000000c503c070 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000000c51f7430 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000000c537ddd0 2 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\68da15f6ce1d1621be451fae3bebbe09x000.dat 0x00000000c544af20 14 0 R--rwd \Device\HarddiskVolume3????????\Fonts\AGaramondPro-Regular.otf 0x00000000c56c4de0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c57a8d10 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x00000000c5ae6f20 1 1 ------ \Device\Afd\Endpoint 0x00000000c5cec1f0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage 0x00000000c5f15f20 13 0 R--rwd \Device\HarddiskVolume3? 0x00000000c5f60680 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\seitenuebersichtv12\widget.png 0x00000000c611e290 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 0x00000000c61f2790 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem104.PNF 0x00000000c6575070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.84.137259616 0x00000000c662cf20 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WER\ERC 0x00000000c6d5b2b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c6de4f20 16 0 R--rwd \Device\HarddiskVolume3? 0x00000000c6f37f20 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\BKANT.TTF 0x00000000c749ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000000c74b5070 13 0 R--r-- \Device\HarddiskVolume3 0x00000000c7552970 13 0 R--rwd \Device\HarddiskVolume3????????\Fonts\cordiai.ttf 0x00000000c7c41f20 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WER\ERC 0x00000000c80de070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c811f070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000000c81b7070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000c8660070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem60.PNF 0x00000000c8b2af20 1 1 ------ \Device\Afd????????\ 0x00000000c8baba80 5 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000000c8e6db80 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\4b8c8ae8f46ea8567c7dbf5efaee0030x000.dat 0x00000000c8fc9970 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationBL.dll 0x00000000c9011070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000c92f2f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll 0x00000000c960dbf0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\VAIOCareToolkit\v4.0_8.4.2.12030__6b746f706d1a5a7d\VAIOCareToolkit.dll 0x00000000c9f6a7b0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem16.PNF 0x00000000c9f8ca10 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\73c2f2d1c45d3438b992188bcbec0bf3x000.dat 0x00000000cabfdf20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraTreeList.v14.2.dll 0x00000000cb070f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\pala.ttf 0x00000000cb385d50 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\InlineEditing\zpie-sprite.png 0x00000000cbaf1d70 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk 0x00000000cbbc0dd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000000cbdcc430 7 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\rasctrs.dll 0x00000000cbfa0c50 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Links 0x00000000cc1a8f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000000cc614070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000cc63a070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk 0x00000000cc852f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000000ccc46070 11 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\log4net.dll 0x00000000ccdbaf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000cd261170 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\radarrs.dll 0x00000000cd66bc90 16 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\BALTH___.TTF 0x00000000cd730d60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000cd769c50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000cdb0a730 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000000cdc1bce0 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D858BB81-7F27-40DD-B3F0-09CD54D1141F}.tmp 0x00000000ce04a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000000ce10fba0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\rssimport\dynamic.php 0x00000000ce12b580 4 0 R--rw- \Device\HarddiskVolume3????????\Fonts\DejaVuSansCondensed-Bold.ttf 0x00000000cf4111d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000000cf6cdf20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem54.PNF 0x00000001000ba3e0 1 1 ------ \Device\Afd???????? 0x000000010022a8c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdanab.ttf 0x000000010022cf20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem142.PNF 0x000000010036e280 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000100459a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000100462f20 15 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF48EB7F5955EA9F651376F7F40DA1AD_4AD96472AF2E72CC9C741BD59F4AA39B 0x0000000100657f20 16 0 -W-r-- \Device\HarddiskVolume3????? 0x0000000100a613e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000100a93070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem44.PNF 0x0000000100b3f070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rdpcorets.dll 0x0000000101004650 18 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\radarrs.dll.mui 0x0000000101186070 9 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\BigMansStuff.LocusEffects.dll 0x00000001012f0070 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OcOffice.dll 0x0000000101402640 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x0000000101569410 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000101aef070 1 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs 0x000000010223ef20 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage 0x0000000102b40f20 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CommonPlugin\CommonPluginBL.dll 0x0000000102c23f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x0000000102da1ad0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x0000000103140250 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x0000000103634070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000010392ef20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000103cbc480 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000103ce0070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\gulim.ttc 0x0000000103d3faf0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000103d8a3b0 24 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Iolo\ioloToolsTypeLib.dll 0x0000000103f097b0 22 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\office\15.0.0.0__71e9bce111e9429c\OFFICE.DLL 0x0000000104082a00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14558886245215795361 0x00000001048daa10 2 1 ------ \Device\Afd\Endpoint 0x00000001048f4790 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Lato-Bold.ttf 0x0000000104aa3070 2 1 ------ \Device\NamedPipe\96f14d3d-0f82-4573-9d6f-772bd8a228cc 0x0000000104ad25f0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12475579679998394784 0x0000000104ad2f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.CommonInterfaces.dll 0x0000000105462070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x000000010571e430 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000105980210 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dtsh.dll 0x0000000105a90270 1 1 ------ \Device\Afd\Endpoint 0x0000000105b82a40 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll 0x0000000105d3d280 13 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\~info@mpauli.de(3).ost.tmp 0x0000000105e6ff20 11 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Tools.dll 0x00000001064ee070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001066aaf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001066e9760 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationBL.dll 0x0000000106ff66a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001072ce5f0 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x00000001073c1070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000107625580 31 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 0x0000000107adee60 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll 0x0000000107e56500 16 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\3b81c07b0dfc4ec4a7ab4a843d51f9dcx000.xml 0x0000000107e56bd0 4 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\seguisb.ttf 0x00000001080d7f20 12 0 R--rwd \Device\HarddiskVolume3????????\Fonts\shrutib.ttf 0x0000000108367430 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem163.PNF 0x00000001086e0dd0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bankjob.de_0.localstorage 0x0000000108712580 16 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a48bd2a02ed1ae2fbb79ef8797f0c5f6\System.Management.ni.dll 0x0000000108759a10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000108a1bf20 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RstrtMgr.dll 0x0000000108ab6c20 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 0x0000000108bfb070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\trebuc.ttf 0x0000000108d972c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x0000000109378070 4 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerExtendedControlsLibrary.dll 0x0000000109535f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem73.PNF 0x00000001099b8f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x0000000109af4ea0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000109dbd990 24 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\setup_chrispc_free_videotube_downloader_7_55.exe 0x0000000109dbdf20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\33d8f513814c7c603081a48bd4840af1x000.dat 0x0000000109fd31e0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x0000000109fe1cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000010a0652d0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Documents 0x000000010a5439d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010aa743d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x000000010abf7710 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010acb0560 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fundisc.dll 0x000000010b19c990 24 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\setup_chrispc_free_videotube_downloader_7_55.exe 0x000000010b19cf20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\33d8f513814c7c603081a48bd4840af1x000.dat 0x000000010b230a60 26 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll 0x000000010b230f20 2 1 ------ \Device\Afd\Endpoint 0x000000010b54f640 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsecurity.techtarget.com_0.localstorage-journal 0x000000010b8fb1e0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x000000010ba0bcb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000010bcba280 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010bf0f750 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010c2d5e20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shfolder.dll 0x000000010c67fdc0 7 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll 0x000000010c6d02d0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Documents 0x000000010ce76da0 3 1 ------ \Device\NamedPipe\stereosvrpipe 0x000000010d22e070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010d7642f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\trebucbd.ttf 0x000000010e1e6070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010e75c070 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000010e75cdd0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000010e7bbb30 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\efb9d00f347b4692451c4b0c4901874a\System.Web.ni.dll 0x000000010ee55f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O2eb0cc9a#\e6a96b6a160e02c9a8861c1c324506c3\Microsoft.Office.Tools.v4.0.Framework.ni.dll 0x000000010f45b070 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000010f63cf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000010fa1bf20 2 1 ------ \Device\Afd\Endpoint 0x000000010fc32f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x000000011010ef20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem0.PNF 0x00000001101d26b0 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage 0x00000001103409c0 15 0 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x0000000110486650 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.46.109646434 0x0000000110cf8f20 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.BackendRuntime.dll 0x0000000110ebd140 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\JOKERMAN.TTF 0x000000011107b9d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001111f1270 16 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\catalogue\cf.sdds.local.xml.tmp 0x00000001115bf9b0 19 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\de-DE\VCAdmin.resources.dll 0x00000001115f0d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x0000000111bf5d70 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk 0x0000000111ee2260 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\UmOutlookStrings.dll 0x00000001121249b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001123ecf20 16 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll 0x000000011244dda0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x0000000112526680 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\seitenuebersichtv12\widget.png 0x000000011289bf20 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\PERIPH_M.VSS 0x0000000113038600 1 1 ------ \Device\Afd\Endpoint 0x000000011310cf20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem142.PNF 0x0000000113d62d00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001145159d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000114a221f0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage 0x0000000114bc4a30 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001158043d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x0000000115868710 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000115dda070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x0000000116504750 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000116d6f4b0 16 0 R--r-- \Device\HarddiskVolume3????????? 0x0000000116eb4070 3 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\b4399d67856eba2bcec6104e356aba77\System.Data.ni.dll 0x00000001173a4d60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001178ea070 2 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Documents\Google Drive NEW 0x0000000117917560 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fundisc.dll 0x0000000118377520 1 1 ------ \Device\Afd\Endpoint 0x00000001183ff860 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consolab.ttf 0x00000001185c3440 4 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\MesquiteStd.otf 0x00000001189e5ae0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs 0x0000000118b1ea10 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem132.PNF 0x0000000118bb7640 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\DownloadManager\DownloadManagerBL.dll 0x0000000118e88c80 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\downloads2.txt 0x0000000118f87070 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\DownloadManager\DownloadManagerBL.dll 0x0000000118feef20 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\54c1edae9df790450a73f5cf42cbeeecx000.dat 0x000000011908f660 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001190f23c0 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\a2ef2d3f15221d69c4ab332b1f344edax000.dat 0x00000001190f2510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001190f2f20 2 0 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\data\warehouse\baa8ab032bba0b3399cb8838394b5c5ax000.dat 0x00000001196554d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000011a13e580 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000011b904230 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\unimdmat.dll 0x000000011b904d00 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 0x000000011c156a60 26 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll 0x000000011c156f20 2 1 ------ \Device\Afd\Endpoint 0x000000011c4ab560 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\MinionPro-Medium.otf 0x000000011ce38070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x000000011cf8b700 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.firmenwissen.de_0.localstorage 0x000000011cf8b960 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013 0x000000011cfa8780 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x000000011d04ff20 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000011d235070 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_github.com_0.localstorage-journal 0x000000011d344070 2 1 RW-r-- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat{7a16adb1-0c2c-11e5-acf6-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x000000011d51af20 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x000000011d58bf20 1 1 ------ \Device\NamedPipe\lsass 0x000000011d66fa10 1 1 ------ \Device\Afd\Endpoint 0x000000011d95d990 24 0 R--r-d \Device\HarddiskVolume3\Users\Admin\Downloads\setup_chrispc_free_videotube_downloader_7_55.exe 0x000000011d95df20 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\33d8f513814c7c603081a48bd4840af1x000.dat 0x000000011e57e780 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x000000011e7d9a10 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\_deprecated\web-artikeluebersicht\widget.png 0x000000011f0d2f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000011f1616d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000011f413e20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x000000011f69bbc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x000000011f69bf20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem129.PNF 0x000000011fd93640 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsecurity.techtarget.com_0.localstorage-journal 0x00000001203c9a20 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001203c9cc0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001205c7f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\rasmm.dll.mui 0x00000001208743d0 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000012196c7f0 26 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000121d67070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001221e0070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000122360070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x000000012258bcb0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\184a0066a1b62009b7069566ed01c78bx000.xml 0x00000001227565d0 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini 0x0000000122a61f20 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\icm32.dll 0x0000000122bfd690 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\RCKSVR_M.VSS 0x0000000123418950 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001236941e0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x00000001236a38c0 6 0 ------ \Device\HarddiskVolume3\Windows\System32\C_20127.NLS 0x0000000123924f20 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\ANNOT_M.VSS 0x0000000123cc37f0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\rasmm.dll.mui 0x0000000123e71580 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000123f12f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem43.PNF 0x0000000124124870 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x000000012487dd10 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WMVCORE.DLL 0x000000012487df20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000124c3f500 5 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\MinionPro-BoldCn.otf 0x0000000124ef2cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001253f27f0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\rasmm.dll.mui 0x00000001255b6170 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem78.PNF 0x0000000125652f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msmpeg2vdec.dll 0x0000000126587270 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem64.PNF 0x00000001265e9790 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001268c2780 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjtes40.dll 0x0000000126fac1d0 2 1 ------ \Device\Afd\Endpoint 0x00000001273ff8d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x0000000127a31f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\rasmm.dll.mui 0x0000000127bce070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000127bce3a0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.linkedin.com_0.localstorage-journal 0x0000000127ccb280 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000012805af20 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL 0x0000000128482070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 0x0000000128a8dd20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000128b15b10 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem149.PNF 0x0000000128c69420 9 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\OCRAStd.otf 0x000000012924d580 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\UcAddinRes.dll 0x0000000129f665e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x000000012a1e6dc0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareBL.dll 0x000000012a5f0e40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000012a70f490 5 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\mf.dll 0x000000012a7e37b0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000012ad91dd0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk 0x000000012ae88dc0 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_7C24FFEA7AF6D24199574660E3C15612.dat 0x000000012af37070 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem121.PNF 0x000000012aff6e20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shfolder.dll 0x000000012bade6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\msgothic.ttc 0x000000012be548a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x000000012c022500 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x000000012c13e3a0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dsrole.dll 0x000000012c13e4f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x000000012c61b070 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem126.PNF 0x000000012ce4bf20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.Upgrading.ClientLibrary.dll 0x000000012d0593a0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dsrole.dll 0x000000012d0594f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x000000012d300480 10 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Newtonsoft.Json.dll 0x000000012d853f20 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.airbuscybersecurity.com_0.localstorage-journal 0x000000012deacf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000012e040d10 7 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdanab.ttf 0x000000012e062500 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x000000012e0842c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\UploadManager\UploadManagerBL.dll 0x000000012e91f220 5 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Directory 0x000000012e964dc0 7 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll 0x000000012eb5f2d0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\Documents 0x000000012ec7e970 13 0 R--rwd \Device\HarddiskVolume3????????\Fonts\cordiai.ttf 0x000000012ed07bf0 1 1 ------ \Device\Afd\Endpoint 0x000000012f002070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x000000012fa2cf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000012fb7d070 4 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\Lync\Tracing\SCT_Offline_Storage_OCAddin_0.dat 0x00000001300b7f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001303c6f20 1 1 ------ \Device\NamedPipe\srvsvc 0x00000001304982d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001305893c0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsecurity.techtarget.com_0.localstorage 0x0000000130c51800 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x00000001311442e0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013114d250 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001318a32c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001318e8470 9 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Regular.otf 0x00000001318e88c0 2 1 ------ \Device\Afd\Endpoint 0x0000000131aea070 5 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeSongStd-Light.otf 0x000000013285bf20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ComponentModel.Composition.resources.dll 0x0000000132af65c0 4 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_35653BAA8023DB4C8793EB23CB6A630E.dat 0x0000000133211db0 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_4E7403779ADD5A4D8870A47D1C972DEC.dat 0x0000000133211f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001332bc070 2 1 ------ \Device\Afd\Endpoint 0x00000001332bcf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013404b640 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013436a4d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001346344f0 14 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll 0x000000013510b640 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000135227da0 3 1 ------ \Device\NamedPipe\stereosvrpipe 0x000000013575ff20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeApp.dll 0x0000000135772070 2 1 ------ \Device\Afd\Endpoint 0x0000000135b99f20 3 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\ADDINS\ColleagueImport.dll 0x0000000135f15f20 8 0 R--rwd \Device\HarddiskVolume3\Program Files\WinRAR\RarExt.dll 0x00000001361df9d0 1 1 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x0000000136dd6db0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 0x00000001373ff870 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000137902670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x0000000137902ab0 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\SFSS_APO.dll 0x0000000137981800 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000138650620 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaAsync.dll 0x0000000138d45070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000138dd5380 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\BrushScriptStd.otf 0x0000000138df2380 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x0000000139360f20 3 1 ------ \Device\Afd\Endpoint 0x0000000139c67dd0 17 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdate\VAIOCareUpdateBL.dll 0x000000013a6eee20 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\TrajanPro-Bold.otf 0x000000013a8ea160 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.47.33189520 0x000000013a8ea2b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000013b063070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013b178260 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000013bcb6070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013c05bb60 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013c20ff20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem142.PNF 0x000000013c9cb700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x000000013ccacf20 5 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O854200f9#\9c4b0ade1e87305997eb907fb3c2470e\Microsoft.Office.Tools.Common.ni.dll 0x000000013d1aaf20 16 0 R--r-- \Device\HarddiskVolume3\Windows\System32\DriverStore\infstrng.dat 0x000000013d8acdd0 3 1 R--rwd \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000013dbaf2e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013dc57070 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\MANIFEST-000001 0x000000013de0af20 16 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe 0x000000013dfe6f20 32 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2015-7-8.1937.61028.30.odl 0x000000013e01f070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013e4591d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x000000013e51bd90 5 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_github.com_0.localstorage 0x000000013f088c90 16 0 R--rw- \Device\HarddiskVolume3????dows\Fonts\BALTH___.TTF 0x000000013f62add0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000013f963070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk 0x000000013fc6ff20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000014058ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000140f62470 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000140f62840 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bankjob.de_0.localstorage-journal 0x00000001415c1a20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000141c4ab30 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\efb9d00f347b4692451c4b0c4901874a\System.Web.ni.dll 0x0000000141d8f300 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x0000000141f2a2f0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014208af20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem29.PNF 0x00000001421f2f20 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\IoloBL.dll 0x00000001427a7c50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001427a7f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x0000000142896380 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001429fe070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000142ba7860 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000142c64bc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x0000000142cc8070 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x0000000142cc8dd0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000142f73250 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x0000000143630070 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000143bd6380 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\BrushScriptStd.otf 0x0000000143d4f070 2 1 ------ \Device\Afd\Endpoint 0x0000000143d4fc20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000143f5ca70 2 1 ------ \Device\NamedPipe\chrome.6908.441.50995097 0x000000014431f3d0 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000014452d070 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem84.PNF 0x00000001448b28e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AGaramondPro-Italic.otf 0x0000000144a772b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014530d610 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x000000014562f070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014644ff20 8 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem123.PNF 0x00000001469f1a20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000146a2c1d0 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\GiddyupStd.otf 0x0000000147586070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58 0x0000000147914560 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001479ccdc0 2 1 ------ \Device\Afd\Endpoint 0x0000000147a88610 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x0000000147cf68e0 7 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\SelfHeal.dll 0x0000000147cf6dc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001480c66d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014895f070 1 1 ------ \Device\NamedPipe\ 0x0000000148cd5960 32 0 -W-rwd \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\xvdl66.vdb 0x000000014904bd10 14 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll 0x0000000149179070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem91.PNF 0x000000014935a380 2 1 ------ \Device\NamedPipe\7f647067-10fd-41b3-a479-4af7a26e1264 0x000000014a202070 33 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\2015-07-06_193810_ee64-58d4.log 0x000000014a202b00 2 1 ------ \Device\Afd\Endpoint 0x000000014a2a4f20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x000000014a539070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x000000014a7ad9d0 1 1 -W-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\logs\oaScannerWatchdog.txt 0x000000014addb070 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OcOffice.dll 0x000000014b093f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000014b150070 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000014b1c8f20 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\MSOUTLS.DLL 0x000000014b8b9a60 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x000000014c661280 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014cd37070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x000000014cdf3070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014da67070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.db.com_0.localstorage 0x000000014dfcca10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000014e432f20 3 1 ------ \Device\Afd\Endpoint 0x000000014e71b690 14 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$LogFile 0x000000014e822f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014ea65f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000014ee07710 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014ee53350 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x000000014eebd070 14 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\PSTPRX32.DLL 0x000000014f24f510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014f24ff20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem138.PNF 0x000000014f80ff20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000014f852b30 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\efb9d00f347b4692451c4b0c4901874a\System.Web.ni.dll 0x000000014fd20780 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeFangsongStd-Regular.otf 0x000000014fd811c0 1 1 ------ \Device\Afd\Endpoint 0x00000001501ca3f0 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraTreeList.v14.2.resources.dll 0x00000001505a1780 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjtes40.dll 0x000000015070cdc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x0000000151203650 1 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Autocomplete_0_868AE62CADA5284B92FC8A125C3ACFD0.dat 0x0000000151647580 10 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll 0x0000000151647920 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx 0x0000000151712c50 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x00000001528f9070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000152a61f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.Upgrading.ClientLibrary.dll 0x0000000152fbef20 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Desktop 0x000000015343df20 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.firmenwissen.de_0.localstorage-journal 0x00000001534e8260 6 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x00000001535f3f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x000000015368b070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000153dadf20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WindowsCodecsExt.dll 0x0000000153ec8190 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001542d48c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x000000015436f3b0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\gliding 0x000000015446ea50 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\msgothic.ttc 0x0000000154792720 1 1 R----- \Device\SAVOnAccess\Read 0x0000000154a38420 2 1 ------ \Device\Afd\Endpoint 0x0000000154bb8070 19 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000154c09070 7 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\APLZOD6432.dll 0x0000000155102f20 1 1 ------ \Device\Afd\Endpoint 0x0000000155792f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001559c5810 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_technet.microsoft.com_0.localstorage 0x00000001559ee070 3 1 R----- \Device\SAVOnAccess\Read 0x0000000155aa5070 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\7bd5175d\00ef6b63_70cece01\SophosOutlookAddIn.resources.DLL 0x0000000156fc16b0 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage 0x000000015708ef20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem0.PNF 0x00000001574566b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x0000000157a9e6c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x0000000157eee3e0 1 1 ------ \Device\Afd???????? 0x0000000157fdddd0 4 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\2e55e4a02830670bf75dfba5c32fc2a9\System.EnterpriseServices.Wrapper.dll 0x0000000158042dc0 13 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe 0x0000000158136240 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x0000000158227070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000158227380 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000158869760 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\DejaVuSerif.ttf 0x0000000158b1a070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem151.PNF 0x0000000158c54070 6 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll 0x00000001592869c0 15 0 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x000000015939e650 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.46.109646434 0x00000001593bf6c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000015947b790 15 0 R--rwd \Device\HarddiskVolume3\Users\desktop.ini 0x0000000159c2e070 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000159da7a60 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Users\Administrator\ntuser.dat{7a16adb1-0c2c-11e5-acf6-f0bf97d84308}.TM 0x0000000159db0e40 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\Documents\Outlook Files\~Outlook.pst.tmp 0x000000015a20c6c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000015a4a0f20 1 1 ------ \Device\Afd\Endpoint 0x000000015abbf070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000015ad2b070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer12Skin.dll 0x000000015ad2b340 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem97.PNF 0x000000015addeee0 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 0x000000015aeafde0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000015b5bc070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x000000015b675c40 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000015b70dd00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7453745664434246952 0x000000015bc1ff20 2 1 ------ \Device\Afd\Endpoint 0x000000015bd636e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 0x000000015bef9360 7 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.co.uk_0.localstorage 0x000000015c2a03a0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dsrole.dll 0x000000015c2a04f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x000000015c3553c0 15 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll 0x000000015c53f070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x000000015c66b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000015c9ff070 23 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll 0x000000015d22f730 1 1 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui 0x000000015d90c480 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\VISIO.EXE 0x000000015da1b9a0 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.CommonInterfaces.dll 0x000000015dc5ea10 3 1 R----- \Device\SAVOnAccess\Read 0x000000015dee0070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk 0x000000015ea73800 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x000000015ef45b50 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Users\Administrator\ntuser.dat{7a16adb1-0c2c-11e5-acf6-f0bf97d84308}.TM 0x000000015f31bf20 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.BackendRuntime.dll 0x000000015f84a610 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\trebuc.ttf 0x000000015f8a0070 2 1 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\MSOUTL.OLB 0x000000015f965f20 3 1 ------ \Device\Afd\Endpoint 0x000000015fc99f20 1 1 ------ \Device\Afd\Endpoint 0x0000000160326f20 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.61.48848596 0x00000001604b32f0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.direct.aviva.co.uk_0.localstorage-journal 0x000000016079e3a0 5 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\dbghelp.dll 0x0000000160aa2c80 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000160e36070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x0000000161559240 29 7 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\info@mpauli.de(3).ost 0x00000001621d2f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal 0x0000000162300140 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\JOKERMAN.TTF 0x00000001626399d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000162e36f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\BigMansStuff.LocusEffects.dll 0x0000000163262f20 16 0 R--rwd \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll 0x00000001638f13d0 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryBL.dll 0x0000000163cf31c0 1 1 ------ \Device\Afd\Endpoint 0x0000000163e613e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000164050270 16 0 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\data\warehouse\catalogue\cf.sdds.local.xml.tmp 0x0000000164541270 3 1 R----- \Device\SAVOnAccess\Read 0x0000000164b51770 2 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x0000000164b518c0 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\UCAddin.dll 0x0000000164d20a70 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000165238dd0 1 1 ------ \Device\NamedPipe\f8876be6-912f-4c2e-bdff-9f5b84a354a6 0x000000016531d070 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fast.wistia.com_0.localstorage 0x0000000165a51480 10 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Newtonsoft.Json.dll 0x0000000165a77e60 1 1 ------ \Device\Afd\Endpoint 0x0000000165bfa150 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem41.PNF 0x0000000165f9b770 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000016609a070 30 1 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log 0x0000000166142750 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001668f3d70 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned 0x0000000166f6c070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000016775a670 12 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V1955d7fd#\62425d051ddf11bfd27798696642832e\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll 0x0000000167b8a9b0 19 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\de-DE\VCAdmin.resources.dll 0x0000000167cb3d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x0000000167d88360 4 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSync.Resources.dll 0x0000000167dda580 6 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\TektonPro-Bold.otf 0x0000000167f59760 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\DejaVuSerif.ttf 0x0000000167fc7bc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x000000016850b750 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x000000016850bca0 18 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\dfshim.dll.mui 0x000000016852b070 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forensicfocus.com_0.localstorage 0x0000000168539920 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000168bd0310 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000168c56070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001692205a0 2 1 ------ \Device\Afd\Endpoint 0x000000016962f070 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_github.com_0.localstorage-journal 0x0000000169a73a10 1 1 ------ \Device\Afd\Endpoint 0x0000000169f19f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000016a2b4f20 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\NlsLexicons0007.dll 0x000000016ad67d00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000016ad8a2d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Update\1.3.27.5 0x000000016af7ae20 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\TrajanPro-Bold.otf 0x000000016bbad550 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem57.PNF 0x000000016bbe6d20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000016bc8d690 5 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCAgent.exe 0x000000016c981d70 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk 0x000000016ca16260 6 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x000000016d1f4160 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.47.33189520 0x000000016d1f42b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000016d9c3b30 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\efb9d00f347b4692451c4b0c4901874a\System.Web.ni.dll 0x000000016de31e30 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000016e87ef20 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x000000016e8d8070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000016ea35f20 3 1 R----- \Device\SAVOnAccess\Read 0x000000016eb5f070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x000000016f1d6070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000016fb32260 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\UmOutlookStrings.dll 0x00000001711d4070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000171644f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\System32\DriverStore\infstrng.dat 0x00000001717d49b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001724e5070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001726fab60 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001736fdf20 5 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O854200f9#\9c4b0ade1e87305997eb907fb3c2470e\Microsoft.Office.Tools.Common.ni.dll 0x0000000173dfd2d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Update\1.3.27.5 0x0000000173fe48e0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000971.ldb 0x00000001741a1390 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2 0x000000017425b070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000174420260 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemdisp.tlb 0x0000000174aa2580 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000174b0ada0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x00000001750c3f20 11 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx 0x0000000175159700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x000000017543da00 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll 0x000000017621ff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000176a51400 24 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll 0x0000000176ad83e0 1 1 ------ \Device\Afd???????? 0x0000000176d7f070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001771bd680 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Packaging\Widgets\seitenuebersichtv12\widget.png 0x0000000177358700 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000177a43630 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000177d02700 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.firmenwissen.de_0.localstorage 0x0000000177d02960 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013 0x00000001786ca260 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x0000000178704070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000017882b4b0 16 0 R--r-- \Device\HarddiskVolume3????????? 0x00000001789a39d0 1 1 -W-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\logs\oaScannerWatchdog.txt 0x0000000179e72dc0 15 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O5263ae01#\210ce22582494be60072230a37ef4f20\Microsoft.Office.Tools.Outlook.Implementation.ni.dll 0x000000017a573f20 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\PERIPH_M.VSS 0x000000017a828d70 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 0x000000017a8d6070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\HttpServer.dll 0x000000017ac4c070 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.Types.dll 0x000000017b651480 4 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_x64.dll 0x000000017b9f1f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msmpeg2vdec.dll 0x000000017bc5b690 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\Lync\Tracing\SCT_OCAddin_0.log 0x000000017bdda070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x000000017c00dd10 14 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll 0x000000017c05e070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000017c2db3c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000017cd52070 3 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\b4399d67856eba2bcec6104e356aba77\System.Data.ni.dll 0x000000017e76cdd0 3 1 R--rwd \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My 0x000000017e86c1c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x000000017e86c420 1 1 ------ \Device\Afd\Endpoint 0x000000017efe7070 2 1 ------ \Device\NamedPipe\srvsvc 0x000000017f043dd0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000017f058990 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000017f849310 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000017f9ae070 2 1 ------ \Device\NamedPipe\AthIhvWpaP2p_0 0x0000000180128070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000180640070 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\ACaslonPro-Bold.otf 0x000000018064d4c0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Logging.dll 0x0000000180ea4780 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x0000000181d41f20 2 1 R--rwd \Device\HarddiskVolume3\$Extend\$ObjId 0x000000018238ef20 1 1 ------ \Device\Afd\Endpoint 0x0000000182f0ce30 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001835e9070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001836caf20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem139.PNF 0x0000000183994a70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000183ee3f20 1 1 ------ \Device\NamedPipe\wkssvc 0x0000000183fe4070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001842d9070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.105.77642461 0x0000000184780f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000184c2f880 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000184ef2470 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WMALFXGFXDSP.dll 0x000000018561df20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001857fbf20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal 0x00000001858d7610 2 1 ------ \Device\NamedPipe\7cf7ec4c-ea47-4398-b8a5-aa0f695de50c 0x00000001859009d0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts 0x0000000185c4bf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000185cf1dc0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000186080ec0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001865d05e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000186ac0490 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x0000000186e69cb0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018707a070 1 1 ------ \Device\Afd\Endpoint 0x00000001870836d0 2 1 RW-r-- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat{7a16adb1-0c2c-11e5-acf6-f0bf97d84308}.TM.blf 0x000000018729ee60 14 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\TektonPro-BoldExt.otf 0x00000001872fc950 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001874a9070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000187d9d070 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TableViewPreviewPrefs_2_2D4E771C205EE846AEAD86578B9506FA.dat 0x00000001880e76f0 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Care\KnowledgeStore 0x0000000188369360 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem100.PNF 0x0000000188435240 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001887bc2e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x0000000188f069d0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001893c8f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000189d7d8d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000189f435d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000018a232500 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x000000018a273c80 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018a273f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018a547070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.splunk.com_0.localstorage 0x000000018a7aaf20 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WER\ReportArchive 0x000000018a84d530 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu 0x000000018aba8790 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018ac89070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 0x000000018b3889d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000018b687b70 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\UCAddin.dll 0x000000018b887870 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x000000018b8ed310 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018ba04070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018bdc0070 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\ACaslonPro-Bold.otf 0x000000018c444070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem90.PNF 0x000000018ca22780 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjtes40.dll 0x000000018cb27f20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000018d040f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000018de94d10 7 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdanab.ttf 0x000000018e29a2e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x000000018e8d42c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\UploadManager\UploadManagerBL.dll 0x000000018eaa2260 6 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x000000018f047070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x000000018f26f270 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x000000019017e160 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.47.33189520 0x000000019017e2b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x0000000190d599d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000191dd55c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000192150f20 2 1 ------ \Device\Afd\Endpoint 0x00000001922d7f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001924f4f20 1 1 ------ \Device\Afd\Endpoint 0x0000000192648f20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forensicfocus.com_0.localstorage-journal 0x0000000192a26cd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x0000000192d7a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x0000000192d7a240 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\UploadManager\UploadManagerBL.dll 0x0000000192d988d0 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000193171320 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x0000000193171f20 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Logging.dll 0x000000019323c820 9 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\OratorStd-Slanted.otf 0x0000000193247af0 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\System\MSMAPI\1031\MSMAPI32.DLL 0x000000019347f170 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem78.PNF 0x0000000193713590 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000193c92520 24 1 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 0x0000000193d4acb0 16 0 R--rw- \Device\HarddiskVolume3????gramData\Sophos\AutoUpdate\data\warehouse\184a0066a1b62009b7069566ed01c78bx000.xml 0x0000000193e72f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.Upgrading.ClientLibrary.dll 0x00000001941e26a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000194397a50 13 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage-journal 0x0000000194431070 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini 0x00000001945a41f0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage 0x00000001946327d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x000000019494da30 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019514c390 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPerfInst.dll 0x00000001959ee7b0 6 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\msfad.dll 0x0000000195a43290 13 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\19e39fd21583dacdbf083aef2e0ae4a3\System.Data.Linq.ni.dll 0x0000000195ada720 2 1 ------ \Device\Afd\Endpoint 0x0000000195ada8a0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7818312415777740678 0x0000000195b4ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001962aed70 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk 0x0000000196d43660 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_427C2DFA548BF24BA5156C4C00E48D99.dat 0x0000000196dcc920 16 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{97149F8F-E8C2-4E58-A133-4210218E2DAB}.FSD 0x0000000196f22320 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001972abf20 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Desktop 0x00000001973b5a20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x0000000197a6bf20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem142.PNF 0x0000000197aeddd0 2 1 ------ \Device\NamedPipe\C:\Users\Admin\AppData\Local\Google\Drive\GoogleDriveIpcPipe 0x0000000197ffab10 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage 0x0000000198c1e130 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem140.PNF 0x0000000198f90cb0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019915fd00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7453745664434246952 0x000000019a06ba60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019a1fa1a0 15 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\trebuc.ttf 0x000000019a6cd550 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem57.PNF 0x000000019a831070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019c30add0 2 1 ------ \Device\NamedPipe\C:\Users\Admin\AppData\Local\Google\Drive\GoogleDriveIpcPipe 0x000000019ca76f20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem142.PNF 0x000000019cb3a5d0 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini 0x000000019cb92070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\urlmon.dll.mui 0x000000019d0ed440 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x000000019d17ba30 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E032A2D9-3A7D-44F3-B376-5C28299A3672}.tmp 0x000000019d4b1600 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019d5d7900 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem117.PNF 0x000000019d69e070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019d69e440 13 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt 0x000000019d69ea90 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x000000019db22230 3 1 R----- \Device\SAVOnAccess\Read 0x000000019e023560 27 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.resources\v4.0_10.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.resources.dll 0x000000019e8fc4a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019e8fc740 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryBL.dll 0x000000019f1ce7d0 15 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll 0x000000019f366070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019f4852b0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x000000019f485d40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x000000019f5fb8b0 10 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL 0x000000019fc7e210 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\pala.ttf 0x000000019fe00810 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x000000019ff61070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x000000019ffcbc20 16 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\tmpod.dll 0x00000001a01a4070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001a0326070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a0dd9b10 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imagesrv.adition.com_0.localstorage 0x00000001a124bca0 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x00000001a128df20 32 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2015-7-8.1937.61028.30.odl 0x00000001a15b59b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001a1b7b070 2 1 R--rwd \Device\CdRom1\ 0x00000001a220ef20 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_s7.addthis.com_0.localstorage 0x00000001a3cf1d00 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7453745664434246952 0x00000001a3e03070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001a3ed8d70 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk 0x00000001a41f2f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001a46d8070 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\libcrypto9.dll 0x00000001a481cdb0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a4c6b1d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a5165070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58 0x00000001a5415b10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001a59d4240 5 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001a59d4410 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a59d4800 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a5c72d10 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001a5d2e400 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeuil.ttf 0x00000001a61f7a10 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem66.PNF 0x00000001a6609580 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_web.whatsapp.com_0.localstorage-journal 0x00000001a660c220 5 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Directory 0x00000001a669b070 3 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\mshtml.tlb 0x00000001a6826dd0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.7696450697790296062 0x00000001a6956dc0 7 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll 0x00000001a6990230 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12475579679998394784 0x00000001a6b368e0 3 1 R----- \Device\SAVOnAccess\Read 0x00000001a6cecf20 2 1 ------ \Device\Afd\Endpoint 0x00000001a6dc0170 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\WinSATAPI.dll.mui 0x00000001a75be070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin 0x00000001a7e54f20 11 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\Macromed\Flash\Flash10t.ocx 0x00000001a81ce070 4 1 R--rwd \Device\HarddiskVolume3????mp5666_full_de-de_b35 0x00000001a86a58a0 2 1 ------ \Device\NamedPipe\lsass 0x00000001a8d76070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a91af460 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 0x00000001a92368f0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\BirchStd.otf 0x00000001a93dedd0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001a95de280 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a9764f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001a9894b30 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\efb9d00f347b4692451c4b0c4901874a\System.Web.ni.dll 0x00000001a9b176a0 4 1 R--rwd \Device\HarddiskVolume3????dows\System32\wwapi. 0x00000001a9c76e60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aa10ba20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aa1f9070 19 1 R--rwd \Device\HarddiskVolume3????dows\System32\mprmsg. 0x00000001aa95b700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ab2018f0 4 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\usb_ext.pyd 0x00000001ab201e20 12 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\3bac638146237f481a75350dc6ab0a5b\System.Xml.Linq.ni.dll 0x00000001ab204430 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab206250 3 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_ssl.pyd 0x00000001ab2064c0 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._core_.pyd 0x00000001ab2082c0 1 1 ------ \Device\HarddiskVolume3\Windows\winsxs\Catalogs 0x00000001ab2093a0 14 0 ------ \Device\HarddiskVolume3\Windows\System32\normnfkc.nls 0x00000001ab20a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab20a3c0 3 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32pdh.pyd 0x00000001ab20e8f0 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_ctypes.pyd 0x00000001ab20ed10 16 0 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_log.log 0x00000001ab2136d0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_log.log 0x00000001ab213a40 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab214420 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\FXSSVC.exe 0x00000001ab2159f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab21c070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ARIALUNI.TTF 0x00000001ab21c6b0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wermgr.exe 0x00000001ab21fbd0 11 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage 0x00000001ab21fd20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab220ce0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab2218e0 7 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._gdi_.pyd 0x00000001ab221a60 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\UIAnimation.dll 0x00000001ab222220 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab225a70 15 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32crypt.pyd 0x00000001ab225cf0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ab227450 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem113.PNF 0x00000001ab228780 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\content\content.ldb 0x00000001ab22a8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab22b780 9 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareAPI.dll 0x00000001ab22c600 1 1 ------ \Device\Afd\Endpoint 0x00000001ab22cb90 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab22ee20 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ab22fb80 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveBL.dll 0x00000001ab238070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74~2\resources\fonts\OpenSans-Light.ttf 0x00000001ab239f20 1 1 -W-rwd \Device\HarddiskVolume3\pgData93\pg_log\postgresql-2015-07-08_000000.log 0x00000001ab2432c0 10 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\Sony\VAIOCA~1\Iolo\vosges.dll 0x00000001ab249070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab249810 14 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\FirewallAPI.dll.mui 0x00000001ab24d950 8 0 R--rwd \Device\HarddiskVolume3\Windows\System32\DHCPQEC.DLL 0x00000001ab24e5b0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryBL.dll 0x00000001ab2548f0 1 1 ------ \Device\Afd\Endpoint 0x00000001ab25bc50 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\MANIFEST-000217 0x00000001ab2626a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab270650 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.de_0.localstorage-journal 0x00000001ab273070 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001ab277510 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Java\Java Update 0x00000001ab278b10 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage 0x00000001ab279300 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab27ef20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem59.PNF 0x00000001ab27fb60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e 0x00000001ab2805d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-ExtraLight.otf 0x00000001ab281070 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WFSR.dll 0x00000001ab281810 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\aclui.dll 0x00000001ab285ba0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem15.PNF 0x00000001ab28c580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001ab291e20 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem128.PNF 0x00000001ab2a9bc0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.de_0.localstorage-journal 0x00000001ab2ad370 7 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL 0x00000001ab2bbb90 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\StructuredQuery.dll 0x00000001ab2be310 15 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.18766_none_675144b3de10d6f7\DrUpdate.dll 0x00000001ab2beb00 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000893 0x00000001ab2bf6e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ab2c1ea0 2 1 ------ \Device\Afd\Endpoint 0x00000001ab2c6f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001ab2c75a0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001ab2c8280 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\LOG 0x00000001ab2c85e0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal 0x00000001ab2c8cb0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x00000001ab2ca700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ab2cd280 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\000300.log 0x00000001ab2cd7b0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001ab2d0bc0 25 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\cloud_graph\dict_2.db-wal 0x00000001ab2d2220 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal 0x00000001ab2d2370 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001ab2d26d0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.de_0.localstorage-journal 0x00000001ab2d2830 16 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-shm 0x00000001ab2d4070 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab2d4790 3 0 R--r-d \Device\HarddiskVolume3\Windows\servicing\CbsApi.dll 0x00000001ab2d5f20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab2d8770 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\000295.ldb 0x00000001ab2dc240 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mfc42.dll 0x00000001ab2dc5a0 2 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x00000001ab2dd6d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab2e6700 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.de_0.localstorage 0x00000001ab2e6f20 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CollectPOTData\CollectPOTDataBL.dll 0x00000001ab2e7910 15 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\lyncDesktopResources.dll 0x00000001ab2e7dd0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\IntelMonitor\IntelMonitorBL.dll 0x00000001ab2e7f20 3 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\000300.log 0x00000001ab2ecc40 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.Scheduler\Solution.SchedulerBL.dll 0x00000001ab2ed860 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts 0x00000001ab2ef6c0 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Internet Explorer\ieproxy.dll 0x00000001ab2f4f20 9 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\5753291f84239b6f41ae2082d1514818\UIAutomationClient.ni.dll 0x00000001ab3012f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ab30c570 12 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage 0x00000001ab3109b0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Alba.CsCss.dll 0x00000001ab318bf0 2 1 ------ \Device\NamedPipe\ProtectedPrefix\LocalService\FTHPIPE 0x00000001ab326300 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL 0x00000001ab327360 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001ab3285c0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem2.PNF 0x00000001ab32ef20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab33a9a0 1 1 ------ \Device\WUDFLpcDevice\ProcessManagement 0x00000001ab34b360 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab351c50 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx 0x00000001ab3538e0 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Update\VUAgent.exe 0x00000001ab356070 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\GenericVAIOCareReminders\GenericVAIOCareRemindersBL.dll 0x00000001ab357070 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportAPI.dll 0x00000001ab35fa50 10 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x00000001ab360840 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\VISLIB.DLL 0x00000001ab363070 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\EhStorAPI.dll 0x00000001ab365c70 30 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Transitions.dll 0x00000001ab366f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001ab36ddd0 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx 0x00000001ab376b60 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab379f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ab39b830 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-ExtraLight.otf 0x00000001ab3a2cd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ab3a9360 20 20 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\en-US-6-1.bdic 0x00000001ab3ac300 8 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\HttpUpdate\HttpUpdateBL.dll 0x00000001ab3aef20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryBL.dll 0x00000001ab3d6be0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VCRescueMetrics\VCRescueMetricsBL.dll 0x00000001ab403570 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fdWNet.dll 0x00000001ab407450 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Update\VUVC64.dll 0x00000001ab40b570 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dfscli.dll 0x00000001ab40ce40 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\sysmain.dll 0x00000001ab40ebd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab4192b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab41cbc0 18 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\msjint40.dll.mui 0x00000001ab41d910 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\fms.dll 0x00000001ab424430 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab4258e0 16 0 R--rwd \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\Drawing1.vsd 0x00000001ab42e1c0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001ab432f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaAsync.dll 0x00000001ab4347b0 13 0 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000973.ldb 0x00000001ab43de40 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\synceng.dll 0x00000001ab440350 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\imgutil.dll 0x00000001ab442c60 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001ab448520 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab448c80 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal 0x00000001ab448dd0 2 0 -W-r-- \Device\HarddiskVolume3????????????? 0x00000001ab449d10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab44bc20 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCSystemTray.exe 0x00000001ab44d9b0 13 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.18766_none_675144b3de10d6f7\CbsCore.dll 0x00000001ab453400 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\mshta.exe 0x00000001ab454260 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x00000001ab4547f0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll 0x00000001ab455420 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\ip_lockfile 0x00000001ab45a2f0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index 0x00000001ab45be20 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Update\VUSSU64.dll 0x00000001ab45f700 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17436262817859654911 0x00000001ab463310 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\EhStorShell.dll 0x00000001ab4704e0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3 0x00000001ab472070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab472760 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ksproxy.ax 0x00000001ab474d10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab475320 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x00000001ab476590 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab47a7c0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2 0x00000001ab47e560 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab47ef20 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem21.PNF 0x00000001ab4812c0 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wdc.dll 0x00000001ab482920 2 1 ------ \Device\Afd\Endpoint 0x00000001ab485700 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001ab494710 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab494860 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001ab49ad10 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001ab4a36d0 6 0 R--rwd \Device\HarddiskVolume3\Windows\System32\termsrv.dll 0x00000001ab4a3b70 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74~2\resources\fonts\Roboto-Bold.ttf 0x00000001ab4a6c10 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab4a7f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab4a83b0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab4a9070 4 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxmsw294u_html_vc90.dll 0x00000001ab4af4e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ab4b0f20 11 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\producer-core.exe 0x00000001ab4b3a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab4c31b0 29 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab4c8570 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001ab4cf4f0 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem119.PNF 0x00000001ab4d2170 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab4d35c0 2 1 ------ \Device\Afd\Endpoint 0x00000001ab4d6a60 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32pipe.pyd 0x00000001ab4d6cd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab4d7cf0 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\hashobjs_ext.pyd 0x00000001ab4d8370 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab4d89a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x00000001ab4d9520 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab4db070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Java\Java Update 0x00000001ab4e1f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistBL.dll 0x00000001ab4e6680 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mf.dll 0x00000001ab4f1070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab4f1dc0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000001ab4f88e0 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\pyexpat.pyd 0x00000001ab4f9cf0 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportAPI.dll 0x00000001ab4fb070 3 1 ------ \Device\NamedPipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E008548156421thsnYaVieBoda 0x00000001ab507430 10 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\MICROS~2\Office15\1031\GrooveIntlResource.dll 0x00000001ab509070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ab50a070 18 0 -W-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\wctB2B6.tmp 0x00000001ab50c2c0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\NaturalLanguage6.dll 0x00000001ab50c510 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab50cc50 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab50d070 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab510ea0 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem134.PNF 0x00000001ab519390 8 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_multiprocessing.pyd 0x00000001ab51f3a0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.MetricsPowerShell\Solution.MetricsPowerShellBL.dll 0x00000001ab51ff20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistBL.dll 0x00000001ab521070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5219d0 1 1 ------ \Device\NamedPipe\W32TIME_ALT 0x00000001ab522d10 12 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor 0x00000001ab523aa0 24 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_en.wikipedia.org_0.localstorage-journal 0x00000001ab524580 6 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxmsw294u_adv_vc90.dll 0x00000001ab5288f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab528e70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ab529300 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\PortableDeviceApi.dll 0x00000001ab52a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ab52ae40 2 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SWIManagement.dll 0x00000001ab534cf0 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.84.137259616 0x00000001ab53bd10 1 1 -W-rw- \Device\HarddiskVolume3\Windows\Temp\FXSAPIDebugLogFile.txt 0x00000001ab547780 2 1 ------ \Device\Afd\Endpoint 0x00000001ab5488e0 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\Display.dll 0x00000001ab549dd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Drive 0x00000001ab54e780 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\ActionCenterCPL.dll 0x00000001ab550200 8 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SelfHeal\SelfHealBL.dll 0x00000001ab550630 6 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveAPI.dll 0x00000001ab550840 25 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics.resources\v4.0_4.0.0.0_de_b77a5c561934e089\SMDiagnostics.resources.dll 0x00000001ab554070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk 0x00000001ab555ad0 2 1 ------ \Device\Afd\Endpoint 0x00000001ab5595f0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17469146421412154049 0x00000001ab559f20 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem19.PNF 0x00000001ab55e4f0 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem127.PNF 0x00000001ab55f070 2 0 -W-r-- \Device\HarddiskVolume3 0x00000001ab5625d0 10 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\PERIPH_M.VSS 0x00000001ab565e10 8 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxmsw294u_core_vc90.dll 0x00000001ab566210 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab567780 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\hnetcfg.dll 0x00000001ab5682f0 15 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_psutil_windows.pyd 0x00000001ab5696b0 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\History\HistoryAPI.dll 0x00000001ab56bf20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab56c900 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab56dbe0 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.12.138020292 0x00000001ab570250 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ab5736c0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 0x00000001ab575490 5 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\select.pyd 0x00000001ab577750 15 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\pysqlite2._sqlite.pyd 0x00000001ab577c90 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\000297.ldb 0x00000001ab5842e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ab584f20 2 1 ------ \Device\Afd\Endpoint 0x00000001ab5871d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab595070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ab595d60 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001ab596280 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index 0x00000001ab597b20 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\components 0x00000001ab598950 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\desk.cpl 0x00000001ab5993d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab59baf0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wcncsvc.dll 0x00000001ab5a1570 16 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32inet.pyd 0x00000001ab5a1790 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab5a18e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab5a2980 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5a2ad0 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5a3580 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab5a4c00 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ab5a7b70 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab5a8280 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem154.PNF 0x00000001ab5a8b00 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\meiryo.ttc 0x00000001ab5af530 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001ab5b0b70 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5b5df0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 0x00000001ab5b74c0 15 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\MoreLinq.dll 0x00000001ab5b9d90 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DFC551E7FD8FA3DE13.TMP 0x00000001ab5ba2c0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.airbuscybersecurity.com_0.localstorage 0x00000001ab5bba30 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001ab5bc130 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll 0x00000001ab5c0740 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5c7900 16 1 RW-rwd \Device\HarddiskVolume3\Windows\winsxs\ManifestCache\702349c5b78f9a04_blobs.bin 0x00000001ab5c9d00 4 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 0x00000001ab5cccc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab5cff20 9 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal 0x00000001ab5d0e20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5d2790 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001ab5d5bc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x00000001ab5d5dd0 31 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 0x00000001ab5d67a0 1 1 ------ \Device\Afd\Endpoint 0x00000001ab5d8230 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74~2\resources\fonts\Roboto-Thin.ttf 0x00000001ab5d88e0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\gulim.ttc 0x00000001ab5da300 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32file.pyd 0x00000001ab5da450 16 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32security.pyd 0x00000001ab5db2f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab5e08e0 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab5e1070 5 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_socket.pyd 0x00000001ab5e1370 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._wizard.pyd 0x00000001ab5e2dc0 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5e4740 1 1 ------ \Device\NamedPipe\W32TIME_ALT 0x00000001ab5e5820 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001ab5e62f0 4 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxbase294u_vc90.dll 0x00000001ab5e86b0 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\apss.dll 0x00000001ab5e8b60 4 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxbase294u_net_vc90.dll 0x00000001ab5e8f20 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32profile.pyd 0x00000001ab5e9320 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\sysclass.dll 0x00000001ab5ea570 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._animate.pyd 0x00000001ab5eac50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab5eb5c0 9 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\python27.dll 0x00000001ab5ebf20 15 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32api.pyd 0x00000001ab5ef710 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5f0f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab5f7070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ab5f73a0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync.exe 0x00000001ab5f88e0 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\PyWinTypes27.dll 0x00000001ab5f9530 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistBL.dll 0x00000001ab5fbbf0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab5fbe60 7 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\unicodedata.pyd 0x00000001ab5fc670 16 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\PerfCenterCpl.ico 0x00000001ab5fe8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab60a800 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.12.138020292 0x00000001ab60c130 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab610990 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\wctB542.tmp 0x00000001ab612b60 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab61ab50 2 1 ------ \Device\NamedPipe\chrome.6908.330.36575206 0x00000001ab61f990 1 1 R--rw- \Device\HarddiskVolume3????????dmin\AppData\Local\Microsoft\Windows\Explorer\thumbc 0x00000001ab620e20 1 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netprofm.dll 0x00000001ab625d10 14 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\atl100.dll 0x00000001ab62a070 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-Medium.otf 0x00000001ab62e3c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\pala.ttf 0x00000001ab635730 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\security.dll 0x00000001ab638070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOCare.Utilities.dll 0x00000001ab638240 1 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab63b1b0 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem162.PNF 0x00000001ab63cd10 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\en-US\mlang.dll.mui 0x00000001ab63df20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6426d0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem76.PNF 0x00000001ab643070 11 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\arialbi.ttf 0x00000001ab649070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab64a7d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab64df20 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6575b0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem152.PNF 0x00000001ab65c1d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Sony\VAIO Care 0x00000001ab65cdb0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\main.cpl 0x00000001ab664cd0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\ZetaProducerExtendedControlsLibrary.resources.dll 0x00000001ab665700 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage-journal 0x00000001ab66abd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab66c830 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001ab670de0 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x00000001ab6739f0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraTreeList.v14.2.resources.dll 0x00000001ab673f20 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\modemui.dll 0x00000001ab675270 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6758e0 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\sud.dll 0x00000001ab67b2f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab67f140 29 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx 0x00000001ab67f460 34 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\EcmaScript.NET.dll 0x00000001ab67f790 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ab67fd10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.it_0.localstorage 0x00000001ab684820 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab685bd0 25 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_de_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll 0x00000001ab685f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ab687070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ab689a10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab691790 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab697430 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem20.PNF 0x00000001ab69b8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6a7cb0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mfplat.dll 0x00000001ab6b3790 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk 0x00000001ab6b8460 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem93.PNF 0x00000001ab6cf500 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem89.PNF 0x00000001ab6d1bc0 11 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\cloud_graph\dict_2.db-shm 0x00000001ab6d5c80 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6d7f20 1 1 ------ \Device\Afd\Endpoint 0x00000001ab6d9f20 11 0 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index 0x00000001ab6da4f0 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6ebaa0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ab6ef4c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ab6ef8e0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\sccls.dll 0x00000001ab6f0580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ab6f07e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6f2360 13 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll 0x00000001ab6f3450 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab6f7a60 1 1 ------ \Device\NamedPipe\5aee5c64-bd90-41df-999f-e0432dcfaefc 0x00000001ab6f8a90 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WFS.exe 0x00000001ab6fcd10 16 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\cloud_graph\dict_2.db 0x00000001ab6fcf20 1 1 ------ \Device\Afd\Endpoint 0x00000001ab702710 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRYBF8N8\7[1].htm 0x00000001ab706f20 8 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab707cb0 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_yappi.pyd 0x00000001ab708070 18 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2 0x00000001ab709070 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 0x00000001ab709910 7 0 R--rwd \Device\HarddiskVolume3\Windows\System32\apds.dll 0x00000001ab70bcd0 16 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL 0x00000001ab710520 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\gulim.ttc 0x00000001ab71ba30 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab71bf20 8 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32com.shell.shell.pyd 0x00000001ab723580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001ab7244b0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu 0x00000001ab7255a0 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini 0x00000001ab728d10 1 1 ------ \Device\Afd\Endpoint 0x00000001ab72a630 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk 0x00000001ab72b580 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ab736ba0 1 1 R--rwd \Device\HarddiskVolume3\Windows\winsxs 0x00000001ab741450 3 1 ------ \Device\NamedPipe\user_esrv_svc 0x00000001ab7422f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7465b0 7 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.PowerShell\Solution.PowerShellBL.dll 0x00000001ab749f20 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaColorTools.dll 0x00000001ab74d070 13 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\common.time34.pyd 0x00000001ab751900 1 1 ------ \Device\NamedPipe\ 0x00000001ab751f20 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Update\1.3.27.5\goopdate.dll 0x00000001ab753070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001ab755780 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage 0x00000001ab76a9c0 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\tzres.dll 0x00000001ab76cdd0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab7756e0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab776e40 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem88.PNF 0x00000001ab7796a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab77a580 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab782c50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab784f20 16 0 R--r-d \Device\HarddiskVolume3 0x00000001ab785950 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ab788180 1 1 RW---- \Device\HarddiskVolume3\System Volume Information\{3a9b17b2-1d85-11e5-bc60-814b082f8f9a}{3808876b-c176-4e48-b7ae-04046e6cc752} 0x00000001ab78d720 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001ab78ddb0 2 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\microsoft shared\OFFICE15\Cultures\OFFICE.ODF 0x00000001ab790770 6 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraTreeList.v14.2.dll 0x00000001ab79a070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Downloads 0x00000001ab79f4c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab7a36c0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducerPublishing.dll 0x00000001ab7a9f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001ab7b3220 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7bc330 1 1 ------ \Device\Afd\Endpoint 0x00000001ab7be570 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Desktop 0x00000001ab7ca070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7cb790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ab7ce070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001ab7d01d0 6 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\LaunchBrowser\LaunchBrowserBL.dll 0x00000001ab7d16d0 7 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\de-DE\VCSystemTray.resources.dll 0x00000001ab7d5f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7d6070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7da620 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\HttpServer.dll 0x00000001ab7dc480 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7e5280 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 0x00000001ab7eca30 7 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\windows._lib_cacheinvalidation.pyd 0x00000001ab7eccb0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab7f0480 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx 0x00000001ab7f1e60 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Sony\VAIO Care 0x00000001ab7f3790 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab7fb650 3 1 ------ \Device\Afd\AsyncSelectHlp 0x00000001ab8011c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab806300 3 1 ------ \Device\Afd\Endpoint 0x00000001ab807780 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab809c60 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab80d330 16 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx 0x00000001ab80dbd0 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\tnd 0x00000001ab80f580 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab815290 6 0 R--rwd \Device\HarddiskVolume3\Windows\System32\hlink.dll 0x00000001ab816f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ab817da0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ab818a10 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx 0x00000001ab81c320 3 1 ------ \Device\Afd\Endpoint 0x00000001ab81f6d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab825b10 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ab828f20 1 1 ------ \Device\Afd\Endpoint 0x00000001ab82c070 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdtcprx.dll 0x00000001ab831b60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ab832c20 2 1 ------ \Device\Afd\Endpoint 0x00000001ab834420 1 1 -W-rw- \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x00000001ab834570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab836430 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 0x00000001ab836b60 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png 0x00000001ab83ba50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ab842f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ab845e20 29 1 -W-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Greenshot\Greenshot.log 0x00000001ab847a70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab849f20 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe 0x00000001ab84e870 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ab850ad0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab853070 16 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\MediaStream\asdl\.cs\ChunkStoreDatabase 0x00000001ab8546d0 1 1 -W-rw- \Device\HarddiskVolume3\ProgramData\NVIDIA\Updatus\journalBS.jour.dat 0x00000001ab8548e0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.localstorage 0x00000001ab855150 16 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vf9a08577#\f792ea0835cb0f092eec06d96f1faeeb\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll 0x00000001ab859f20 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\NuevaStd-BoldCond.otf 0x00000001ab85b460 4 0 R--r-d \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll 0x00000001ab85c5d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ab85da40 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab85ea10 3 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\de\mscorrc.dll 0x00000001ab85f790 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab860cc0 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\WinSATAPI.dll.mui 0x00000001ab8616d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\3ba130d4048e89bc1aab787dc7673afc\System.DirectoryServices.ni.dll 0x00000001ab862b50 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem58.PNF 0x00000001ab8638e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\79c864775f62460c4082aebed85c9624\System.Data.SqlXml.ni.dll 0x00000001ab8686d0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab86acb0 11 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\pythoncom27.dll 0x00000001ab8724a0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46081-07b0-11e5-be3f-f0bf97d84308}.TxR.blf 0x00000001ab873670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ab875070 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.imdb.com_0.localstorage 0x00000001ab879070 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab87d070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab87e070 7 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Common.dll 0x00000001ab87ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab8872a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab889c20 27 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp 0x00000001ab88e8e0 2 1 ------ \Device\NamedPipe\chrome.6908.5.165693584 0x00000001ab891f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab892070 2 1 ------ \Device\NamedPipe\chrome.6908.2.63384748 0x00000001ab894300 2 1 ------ \Device\NamedPipe\mojo.6908.2092.15625845582160974835 0x00000001ab8944e0 7 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_padekgcemlokbadohgkifijomclgjgif_0.localstorage-journal 0x00000001ab898f20 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem102.PNF 0x00000001ab899f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab89c8e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab89cc60 1 1 ------ \Device\Afd\Endpoint 0x00000001ab8a3b10 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal 0x00000001ab8a7440 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8ac8f0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage 0x00000001ab8ad760 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab8b16a0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.1009567565611224698 0x00000001ab8b3cd0 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\0a7378a70272bfdfa3f4870928994eaf\Accessibility.ni.dll 0x00000001ab8b7170 2 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mshtml.tlb 0x00000001ab8b86d0 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8b9bc0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraBars.v14.2.dll 0x00000001ab8bbdd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8bcbb0 2 1 ------ \Device\NamedPipe\chrome.6908.12.9928770 0x00000001ab8bf6d0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ab8c0d10 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001ab8c4780 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8c5070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab8c58e0 17 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Drives_Meter_V2.2.gadget\images\back_2.png 0x00000001ab8c9160 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK 0x00000001ab8cb4b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab8cd430 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\padekgcemlokbadohgkifijomclgjgif\LOCK 0x00000001ab8d46d0 2 1 ------ \Device\NamedPipe\chrome.6908.10.43455058 0x00000001ab8d4d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab8d5790 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001ab8d6f20 9 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\46c30112e9307865.dat 0x00000001ab8da900 30 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp 0x00000001ab8dc5d0 12 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll 0x00000001ab8e0150 4 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WUDFPlatform.dll 0x00000001ab8e1f20 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaLongPaths.dll 0x00000001ab8e7f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001ab8ea5b0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\urlmon.dll.mui 0x00000001ab8f1e20 3 1 RW-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Device Control\logs\DeviceControl.txt 0x00000001ab8f28e0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.8767265611715999517 0x00000001ab8f2bc0 14 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\downloads2.txt 0x00000001ab8f4490 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8f4cb0 2 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage-journal 0x00000001ab8f51c0 11 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32ts.pyd 0x00000001ab8f5f20 2 1 ------ \Device\NamedPipe\chrome.6908.6.192948148 0x00000001ab8f7190 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WmiPerfInst.dll 0x00000001ab8f7bd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab8f8430 2 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal 0x00000001ab8fb070 1 1 ------ \Device\Afd\Endpoint 0x00000001ab8fb500 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ab8fdc40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab8ff8f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ab902410 1 1 ------ \Device\Afd\Endpoint 0x00000001ab90b070 6 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage-journal 0x00000001ab90bdc0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab90d690 2 1 ------ \Device\NamedPipe\acb80ad4-01d1-4c57-a977-13490996463a 0x00000001ab90f4d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab90f980 1 1 ------ \Device\Afd\Endpoint 0x00000001ab90fad0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ab911070 6 0 R--rwd \Device\HarddiskVolume3\Windows\System32\CertEnroll.dll 0x00000001ab91c070 2 1 ------ \Device\NamedPipe\chrome.6908.3.197373826 0x00000001ab91cbe0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.8767265611715999517 0x00000001ab91d240 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab91d8e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wuapi.dll 0x00000001ab91dcd0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab91f700 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab922a10 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab923cb0 2 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\000298.log 0x00000001ab92c070 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab92c5d0 24 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\GreenshotImgurPlugin.gsp 0x00000001ab92cf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ab92ebd0 15 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.localstorage-journal 0x00000001ab9314e0 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\l3codeca.acm 0x00000001ab93b6d0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\msgothic.ttc 0x00000001ab9409b0 16 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll 0x00000001ab943d10 2 1 ------ \Device\NamedPipe\mojo.6908.2092.15625845582160974835 0x00000001ab946580 2 1 ------ \Device\NamedPipe\mojo.6908.2092.16913962708915805593 0x00000001ab947250 14 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\000297.ldb 0x00000001ab9481e0 2 1 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x00000001ab94aa50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ab94b900 4 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\padekgcemlokbadohgkifijomclgjgif\000005.ldb 0x00000001ab950d10 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab9516d0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab953210 2 1 ------ \Device\NamedPipe\mojo.6908.2092.1009567565611224698 0x00000001ab9538e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab956110 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ab9586b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ab95d7b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-Light.otf 0x00000001ab95e580 2 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\consolab.ttf 0x00000001ab95ed10 6 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8092ad8ffb37d779da3984d6e11e7516\System.Xml.Linq.ni.dll 0x00000001ab960b90 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL 0x00000001ab961800 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001ab964590 6 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeGui.dll 0x00000001ab9676d0 2 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\Pictures\Photo Stream\Uploads 0x00000001ab96c220 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12033031860885209707 0x00000001ab9706d0 12 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\000299.ldb 0x00000001ab971bc0 3 1 RW-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt 0x00000001ab971d10 1 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ab977070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab97c800 13 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000527.log 0x00000001ab97fc70 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem14.PNF 0x00000001ab981f20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_padekgcemlokbadohgkifijomclgjgif_0.localstorage-journal 0x00000001ab982bc0 2 1 ------ \Device\Afd\Endpoint 0x00000001ab987f20 2 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001ab989240 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\dotNetRDF.dll 0x00000001ab98b070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\c3e1958a\00c23a62_70cece01\SophosOutlookAddIn.DLL 0x00000001ab98c070 2 1 ------ \Device\NamedPipe\mojo.6908.2092.3649858571370538783 0x00000001ab98c200 2 1 ------ \Device\NamedPipe\mojo.6908.2092.3649858571370538783 0x00000001ab98d140 12 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE 0x00000001ab997f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem95.PNF 0x00000001ab99ad10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab9a2dd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\ntdll.dll.mui 0x00000001ab9a6070 1 1 ------ \Device\Afd\Endpoint 0x00000001ab9a65c0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ab9a9b60 1 1 ------ \Device\HarddiskVolume3\Windows\winsxs\Manifests 0x00000001ab9ac6d0 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab9af860 5 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\e623c53778c1092f2158fca5535f9289\SMDiagnostics.ni.dll 0x00000001ab9b1320 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\log4net.dll 0x00000001ab9b1570 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ab9bba10 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\NETLOC_M.VSS 0x00000001ab9bf8f0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\MANIFEST-000251 0x00000001ab9c02e0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ab9c09c0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab9c45e0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3 0x00000001ab9c92a0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WinSATAPI.dll 0x00000001ab9cc3c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e 0x00000001ab9ce790 10 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE 0x00000001ab9cf070 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll 0x00000001ab9d0f20 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\odbcad32.exe 0x00000001ab9d8d50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ab9d8f20 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000399 0x00000001ab9dc8a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab9dcf20 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem46.PNF 0x00000001ab9de070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ab9de970 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\MSYH.TTC 0x00000001ab9e1af0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000585 0x00000001ab9e33e0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.WinForms.dll 0x00000001ab9e5c80 2 1 ------ \Device\NamedPipe\Sophos@BOPSv3 0x00000001ab9e6f20 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem35.PNF 0x00000001ab9ea970 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ab9eac80 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ab9eadd0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\lockfile 0x00000001ab9eb070 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeuil.ttf 0x00000001ab9efb60 29 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.ToolsConverterRuntime.dll 0x00000001ab9f4070 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ab9f9270 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem24.PNF 0x00000001ab9fc6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ab9fc910 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies 0x00000001ab9fcea0 16 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000529.ldb 0x00000001ab9fd8e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ab9fe6d0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK 0x00000001aba02d60 29 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba04570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001aba05580 13 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll 0x00000001aba06ba0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal 0x00000001aba07cd0 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 0x00000001aba0a480 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001aba0ae90 18 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\SgmlReaderDll.dll 0x00000001aba0b670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aba0c950 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001aba17900 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreVideo.dll 0x00000001aba17bd0 2 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe 0x00000001aba18140 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba18920 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba1b070 28 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx 0x00000001aba1b300 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aba1b6d0 19 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Evernote\Evernote\Logs\enclipper_2015-06-28.txt 0x00000001aba1da40 33 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager 0x00000001aba1f780 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices_main.dll 0x00000001aba25f20 14 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal 0x00000001aba26070 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 0x00000001aba261c0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll 0x00000001aba29be0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbi.ttf 0x00000001aba2d480 5 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._controls_.pyd 0x00000001aba332b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba348e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba388a0 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 0x00000001aba38f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aba40250 1 1 RWD--- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\JET82EC.tmp 0x00000001aba40710 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aba41420 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001aba45620 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba49c50 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\NetworkDiagnostics\NetworkDiagnosticsAPI.dll 0x00000001aba4df20 15 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7\1033\VBE7INTL.DLL 0x00000001aba4f5a0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeBase.dll 0x00000001aba4f8f0 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba54570 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\fontext.dll 0x00000001aba54d10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK 0x00000001aba55340 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_8B7F3822B3402142873777616E9CC010.dat 0x00000001aba55f20 13 0 R--r-d \Device\HarddiskVolume3\Program Files\Andy\AndyPriorityMgr.exe 0x00000001aba5e070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem32.PNF 0x00000001aba5fbb0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba662f0 1 1 ------ \Device\Afd\Endpoint 0x00000001aba696a0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\SessEnv.dll 0x00000001aba6abb0 9 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\cdca00d5c58d31de2503310a31ca096f\System.Runtime.Serialization.ni.dll 0x00000001aba6ae20 31 1 RWDrw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\etilqs_CE2Z49pMUJeAlAg 0x00000001aba6ca80 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk 0x00000001aba70780 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon_main.dll 0x00000001aba71310 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aba71f20 2 1 ------ \Device\Afd\Endpoint 0x00000001aba84d30 6 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\MSPST32.DLL 0x00000001aba853e0 14 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db 0x00000001aba896d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aba8cdd0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\Qt5Gui.dll 0x00000001aba8cf20 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\Common\gc.dll 0x00000001aba8d580 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001aba925b0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\dxtmsft.dll 0x00000001aba94d10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aba9a440 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage-journal 0x00000001aba9ae30 6 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjetoledb40.dll 0x00000001aba9c310 11 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\msdtc.exe.mui 0x00000001aba9d070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aba9f420 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001abaa09a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abaaa390 17 0 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png 0x00000001abaacf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abaad9f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abaafc30 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abab3070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 0x00000001abab6580 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\Database 0x00000001abab6ce0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreAudioToolbox.dll 0x00000001abab7580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abab95d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ababbaa0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ababbc30 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ababef20 10 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_padekgcemlokbadohgkifijomclgjgif_0.localstorage 0x00000001ababf130 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{d885a3ea-18b5-11e5-97ed-f0bf97d84308}.TM.blf 0x00000001abac0610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abac2150 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abac2a10 1 1 ------ \Device\Afd\Endpoint 0x00000001abac3f20 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abac4070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\dotNetRDF.dll 0x00000001abac4430 9 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._misc_.pyd 0x00000001abac4c50 22 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 0x00000001abac8c10 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\perfdisk.dll 0x00000001abacb8a0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abaccf20 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk 0x00000001abacda10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\simsun.ttc 0x00000001abace2a0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb 0x00000001abad0070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abad2f20 2 1 ------ \Device\NamedPipe\8263bff7-247c-4f92-a74d-696a56d13e8c 0x00000001abad3f20 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\MSPTLS.DLL 0x00000001abad4070 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.46.109646434 0x00000001abad6070 16 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._windows_.pyd 0x00000001abada4f0 1 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001abada7e0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk 0x00000001abadb5b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abadea40 1 1 R--rwd \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files 0x00000001abae0580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001abae1f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\aspnet_counters.dll 0x00000001abae4070 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{d885a3ea-18b5-11e5-97ed-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001abae5540 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dpx.dll 0x00000001abae7740 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSUI.DLL 0x00000001abaead40 11 1 RWDrw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\etilqs_WD256IkSxdpTcgY 0x00000001abaeb380 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abaeb4d0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\imageformats\qjpeg.dll 0x00000001abaeb7c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001abaec730 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abaec9d0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001abaed150 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\TrueImageHome\tdrpapi.dll 0x00000001abaf2570 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abaf4810 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001abaf4960 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abaf5600 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001abafe810 16 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll 0x00000001abb02da0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll 0x00000001abb04530 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL 0x00000001abb06f20 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 0x00000001abb0af20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001abb0c8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb0cc80 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjter40.dll 0x00000001abb10070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abb11830 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem49.PNF 0x00000001abb11f20 4 0 R--r-d \Device\HarddiskVolume3\Program Files\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.dll 0x00000001abb14970 2 1 ------ \Device\NamedPipe\c66f2147-af0d-47d7-ba65-3e247af86e2f 0x00000001abb16760 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\tquery.dll 0x00000001abb19220 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ComponentModel.Composition.resources.dll 0x00000001abb19430 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mmsys.cpl 0x00000001abb1a890 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\SystemState 0x00000001abb1bd10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abb1c530 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\QuartzCore.dll 0x00000001abb1fbd0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\blackbox.dll 0x00000001abb20260 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\opengl32.dll 0x00000001abb22f20 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\imageformats\qico.dll 0x00000001abb24680 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb2df20 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\de.lproj\iCloudServicesLocalized.dll 0x00000001abb2fa30 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\CooperBlackStd-Italic.otf 0x00000001abb30590 3 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLOOK.EXE 0x00000001abb36a40 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb3ae90 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal 0x00000001abb3c3b0 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\NETLOC_M.VSS 0x00000001abb3e580 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\Command 0x00000001abb41a40 9 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\fdebf7eee3058c7156aef7d7fedf5ac4\System.Xml.ni.dll 0x00000001abb427a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001abb4a070 9 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_hashlib.pyd 0x00000001abb4daa0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001abb4ead0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\networkexplorer.dll 0x00000001abb4ed40 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb57630 12 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs 0x00000001abb57780 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemdisp.tlb 0x00000001abb593b0 10 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal 0x00000001abb5f8e0 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\libtidy.dll 0x00000001abb67a40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abb67cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abb68bc0 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\comsvcs.dll 0x00000001abb68d10 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mtxclu.dll 0x00000001abb68f20 5 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll 0x00000001abb6f070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb6f930 13 1 RWDrw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\etilqs_Mw60jnDwIjsdyiZ 0x00000001abb6fa80 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abb74580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abb75890 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abb7df20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abb87710 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abb8e320 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x00000001abb8f580 11 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\97a77e20513a0e20b1810fb5c3387a50\System.Core.ni.dll 0x00000001abb90e40 31 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abb946e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abb95500 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001abb96b60 1 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 0x00000001abb96cb0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\icu38.dll 0x00000001abb974b0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSTIFF.DLL 0x00000001abba12a0 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\jscript.dll 0x00000001abbae070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abbafc00 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001abbb5290 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\IoloToolOpt.dll 0x00000001abbb53e0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 0x00000001abbbd900 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index 0x00000001abbc0630 7 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll 0x00000001abbc1190 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\Qt5WinExtras.dll 0x00000001abbc13e0 7 0 R--r-d \Device\HarddiskVolume3\Program Files\iPod\bin\iPodService.exe 0x00000001abbc5070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abbc70f0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abbc7cb0 16 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\MediaStream\ul\.cs\ChunkStoreDatabase 0x00000001abbc86e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abbc93b0 17 0 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png 0x00000001abbcc580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abbcd530 9 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.18766_none_675144b3de10d6f7\wcp.dll 0x00000001abbcd8e0 14 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2 0x00000001abbcfa90 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001abbd0e00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001abbe2070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abbe8cd0 13 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll 0x00000001abbef1f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abbef830 14 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\trebucbd.ttf 0x00000001abbf2cb0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\icaapi.dll 0x00000001abc14a10 2 1 ------ \Device\Afd\Endpoint 0x00000001abc14f20 8 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\0234d48484f0b562d902d436faf92181\Microsoft.CSharp.ni.dll 0x00000001abc15360 1 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Videos 0x00000001abc154e0 13 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll 0x00000001abc1c8f0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx 0x00000001abc24b00 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001abc2b6e0 1 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\LCFEM 0x00000001abc2bf20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abc2e340 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001abc30c10 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001abc30d60 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\SPMDrv.dll 0x00000001abc326c0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Internet Explorer\ieproxy.dll 0x00000001abc39600 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abc3ad50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abc3c570 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abc3ea90 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\vidcap.ax 0x00000001abc40230 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abc421d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abc44070 15 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ContactAndSupport\ContactAndSupportBL.dll 0x00000001abc492a0 1 1 ------ \Device\NamedPipe\browser 0x00000001abc52380 15 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll 0x00000001abc54cd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png 0x00000001abc57cb0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\DesktopMessaging.dll 0x00000001abc596d0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\Qt5Widgets.dll 0x00000001abc59a40 2 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavNeutralRes.dll 0x00000001abc5b6d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\eed726355312b6b1ac14601db6b70e9c\System.Security.ni.dll 0x00000001abc5bf20 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.localstorage-journal 0x00000001abc5dd40 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll 0x00000001abc64070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001abc69910 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17857447868594635395 0x00000001abc69a60 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17857447868594635395 0x00000001abc6e8e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdtcVSp1res.dll 0x00000001abc73240 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\McxDriv.dll 0x00000001abc79830 4 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\perfdisk.dll 0x00000001abc7a560 15 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\FunDisc.dll.mui 0x00000001abc7af20 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SelfHeal\SelfHealAPI.dll 0x00000001abc842e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001abc86a80 15 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001abc86cc0 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem144.PNF 0x00000001abc878e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abc88a40 2 1 ------ \Device\Afd\Endpoint 0x00000001abc8a590 2 1 ------ \Device\NamedPipe\chrome.6908.1.40400601 0x00000001abc8d4e0 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abc8ea60 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG 0x00000001abc90a20 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\SQLite3.dll 0x00000001abc91070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abc94070 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 0x00000001abc94d20 2 1 ------ \Device\NamedPipe\mojo.6908.2092.9551308876952557631 0x00000001abc968e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abc96f20 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001abc97680 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mtxoci.dll 0x00000001abc97bc0 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\VideoStreamingPlugin.dll 0x00000001abc99070 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\IconCodecService.dll 0x00000001abc9aca0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWpaP2p.dll 0x00000001abc9bc10 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationAPI.dll 0x00000001abc9c500 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abc9d570 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abca0cc0 10 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx 0x00000001abca3750 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data 0x00000001abca4290 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abca43e0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abca6bc0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem107.PNF 0x00000001abca8f20 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG 0x00000001abcaa260 2 1 ------ \Device\NamedPipe\mojo.6908.2092.16913962708915805593 0x00000001abcab200 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abcabf20 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ncobjapi.dll 0x00000001abcac4e0 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\Foundation.dll 0x00000001abcac980 5 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-Medium.otf 0x00000001abcad8f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abcb11d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abcb41b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abcb6070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abcb61f0 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\imgutil.dll 0x00000001abcb8f20 15 0 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreFoundation.resources\CFCharacterSetBitmaps.bitmap 0x00000001abcbbcb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abcbbf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abcc0070 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\nvoglv32.dll 0x00000001abcc0d10 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\LOG 0x00000001abcc0f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abcc4330 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consolab.ttf 0x00000001abcc7630 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000286.ldb 0x00000001abcc9b10 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\libxml2.dll 0x00000001abcc9f20 2 1 ------ \Device\NamedPipe\chrome.6908.1.40400601 0x00000001abcca290 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\PhilatelistWrapper.dll 0x00000001abccc8e0 33 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abccedb0 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\duser.dll 0x00000001abcd1e20 13 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_de_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll 0x00000001abcd4600 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 0x00000001abcd88e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abcda570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001abcdabb0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams_main.dll 0x00000001abcdb580 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\KBDUS.DLL 0x00000001abce08e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abce0b30 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abce1450 2 1 ------ \Device\NamedPipe\C:\Users\Admin\AppData\Local\Google\Drive\GoogleDriveIpcPipe 0x00000001abce2f20 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\SPMService.exe 0x00000001abce5560 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abce6d10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abceaea0 1 1 R--rw- \Device\HarddiskVolume3???? Col 0x00000001abcecbb0 31 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe 0x00000001abcee560 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abceea40 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\dxtrans.dll 0x00000001abcef070 15 1 R--r-d \Device\HarddiskVolume3\Windows\System32\mshtml.tlb 0x00000001abcf2c50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abcf4350 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abcf59b0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 0x00000001abcf7330 3 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal 0x00000001abcf7480 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.0.4760119 0x00000001abcfd6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001abcff180 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abd01300 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msshooks.dll 0x00000001abd03070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abd05560 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd065b0 4 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\8c12c456a7263e3aec75a46c953811fc\PresentationCore.ni.dll 0x00000001abd068e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd0ad10 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavResDeu.dll 0x00000001abd0c070 16 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-ExtraLight.otf 0x00000001abd0c1e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abd0c540 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\mmcs.dll 0x00000001abd0c690 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abd13d10 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.resources\de.lproj\ShellStreamsLocalized.dll 0x00000001abd15d10 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\MediaToolbox.dll 0x00000001abd17480 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abd18750 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abd1bbc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abd1c2f0 2 1 ------ \Device\Afd\Endpoint 0x00000001abd1d570 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abd1e560 2 1 ------ \Device\NamedPipe\mojo.6908.6912.13015703476469646639 0x00000001abd1ed60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abd1f260 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001abd1fb90 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001abd26cb0 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd26f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abd282f0 16 0 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index 0x00000001abd2b8e0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd2bc00 15 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001abd2d410 19 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000351.log 0x00000001abd2ecb0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.dll 0x00000001abd34a40 27 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Plugins\GreenshotDropBoxPlugin\GreenshotDropboxPlugin.gsp 0x00000001abd36f20 2 1 ------ \Device\NamedPipe\Adobe Active File Monitor 9.0 0x00000001abd3ace0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abd3b1e0 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_player.ooyala.com_0.localstorage 0x00000001abd3b580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abd3c570 9 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal 0x00000001abd3cb90 14 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$LogFile 0x00000001abd3d8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abd3dc70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abd3f310 13 0 R--r-- \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\sortdefault.nlp 0x00000001abd3fd60 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001abd41450 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd41d00 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPerfClass.dll 0x00000001abd462f0 2 1 ------ \Device\Afd\Endpoint 0x00000001abd48f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abd4a8f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abd4cdc0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd4d310 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abd4e3d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abd51210 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd528e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abd56bc0 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\xpsrchvw.exe 0x00000001abd56e90 21 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.laccdb 0x00000001abd59580 11 1 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat 0x00000001abd596d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd59f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001abd5df20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001abd64570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abd65c00 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abd671d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd6cb50 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abd6d350 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat 0x00000001abd6dcc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abd6f6c0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\LOCK 0x00000001abd704e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abd746d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd768e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd77a70 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abd77bc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd77f20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd79bc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abd7a370 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abd7b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abd7ca40 23 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dxtmsft.dll 0x00000001abd7df20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abd7fc50 14 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data 0x00000001abd80ce0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SystemSupport\SystemSupportBL.dll 0x00000001abd81e00 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd82f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abd83070 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000475.ldb 0x00000001abd85390 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abd87cc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abd88790 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abd888e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abd8bcb0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001abd91070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abd92f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001abd938e0 15 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT 0x00000001abd96490 7 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\stdole\0d4dd4e0c3788c2f2bb8f8a566d0fb9b\stdole.ni.dll 0x00000001abd96dc0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\AOSKit.dll 0x00000001abd974a0 29 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx 0x00000001abd9a070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abd9f8e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abda1070 22 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll 0x00000001abda2070 3 1 ------ \Device\Afd\Endpoint 0x00000001abda4070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abda5830 13 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3 0x00000001abda5cb0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\iTunes\iTunesHelper.dll 0x00000001abda8700 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000339.ldb 0x00000001abda9230 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index 0x00000001abda9380 31 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons 0x00000001abdaa700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abdac390 2 1 ------ \Device\Afd\Endpoint 0x00000001abdad4e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 0x00000001abdaecb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abdaff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abdb0070 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abdb2070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001abdb28f0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\MFC71.dll 0x00000001abdb2a40 23 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 0x00000001abdb56b0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\RegBack\DEFAULT 0x00000001abdb75b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abdb8070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem63.PNF 0x00000001abdb8d60 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Andy\HandyAndy.exe 0x00000001abdb92b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001abdbc070 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 0x00000001abdc71e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_padekgcemlokbadohgkifijomclgjgif_0.localstorage-journal 0x00000001abdc8f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abdcb4a0 14 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\MICROS~2\Office15\OLMAPI32.DLL 0x00000001abdcd350 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001abdcdf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abdcf310 8 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001abdd24d0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Apple Computer\Cache.db 0x00000001abdd3aa0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abdd9490 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abdd98e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abdde7b0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\Intl\EvernoteClipper.de-DE.dll 0x00000001abde07d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001abde0f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate 0x00000001abde2560 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_innpjfdalfhpcoinfnehdnbkglpmogdi_0.localstorage 0x00000001abde64e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001abde87e0 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat{d885a3e6-18b5-11e5-97ed-f0bf97d84308}.TM.blf 0x00000001abde9f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abded070 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\sdcpl.dll 0x00000001abdf0350 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\WinSATAPI.dll.mui 0x00000001abdf2a70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abdf3d10 1 1 ------ \Device\Afd\Endpoint 0x00000001abdf4950 14 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\000298.log 0x00000001abdf8070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abdfa070 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\clb.dll 0x00000001abdfd910 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001abdfda60 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\de\almonres.dll 0x00000001abdff2c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abe016d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netshell.dll 0x00000001abe02ba0 9 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001abe03070 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{d885a3ea-18b5-11e5-97ed-f0bf97d84308}.TM 0x00000001abe04560 17 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x00000001abe07b20 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fdProxy.dll 0x00000001abe0a1f0 2 1 ------ \Device\NamedPipe\f3d49ab4-5a96-4125-bfe6-2866b9ec0bb2 0x00000001abe0a6e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abe0cbd0 1 1 ------ \Device\Afd\Endpoint 0x00000001abe0cd20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abe0d470 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abe13350 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abe15f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\pdh.dll 0x00000001abe193e0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx 0x00000001abe1ae60 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46081-07b0-11e5-be3f-f0bf97d84308}.TxR.1.regtrans-ms 0x00000001abe1c5b0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wevtapi.dll 0x00000001abe217b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\MMDevAPI.dll 0x00000001abe29bd0 7 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui 0x00000001abe2af20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abe2e3e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abe324e0 19 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb 0x00000001abe35350 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WmiPerfClass.dll 0x00000001abe3a6d0 1 1 ------ \Device\Mup\;W:0000000000037f3e\10.10.0.88\Backups 0x00000001abe3ab00 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\atl100.dll 0x00000001abe3f440 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abe3fe40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abe49bf0 10 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\1031\ACEWSTR.DLL 0x00000001abe4a3a0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d10_1core.dll 0x00000001abe4b8e0 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abe4c1f0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\radardt.dll 0x00000001abe58f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001abe60cb0 15 0 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreFoundation.resources\CFUniCharPropertyDatabase.data 0x00000001abe6a8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001abe6ccb0 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abe6d6e0 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe 0x00000001abe6e690 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spp.dll 0x00000001abe6e900 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tdh.dll 0x00000001abe73390 2 1 ------ \Device\NamedPipe\mojo.6908.6912.5294823730943145954 0x00000001abe76070 2 1 ------ \Device\NamedPipe\mojo.6908.6912.5298242837958697321 0x00000001abe761d0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.5298242837958697321 0x00000001abe768e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d10warp.dll 0x00000001abe76cb0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmdrmdev.dll 0x00000001abe79bc0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll 0x00000001abe7acd0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abe7d8e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pnpts.dll 0x00000001abe7dbe0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\Apphlpdm.dll 0x00000001abe7fe20 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll 0x00000001abe842f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abe88070 7 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abe89bf0 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WindowsCodecs.dll 0x00000001abe8f260 1 1 RW---- \Device\HarddiskVolume3\System Volume Information\Syscache.hve 0x00000001abe8f590 1 1 ------ \Device\Afd\Endpoint 0x00000001abe96ea0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\newdev.dll 0x00000001abe9a070 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem110.PNF 0x00000001abea6f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abea7500 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abea7bb0 5 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsBL.dll 0x00000001abea8520 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-152c-0 0x00000001abea9ea0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.Common.dll 0x00000001abeb0070 3 1 ------ \Device\NamedPipe\Sophos@SwcMsg_VAIO_Admin@1 0x00000001abeb1f20 26 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links 0x00000001abeb6bc0 1 1 ------ \Device\Afd\Endpoint 0x00000001abeb8f20 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mshtml.dll 0x00000001abeb9a70 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\printui.dll 0x00000001abebbba0 2 1 R--rwd \Device\CdRom1\ 0x00000001abebcd20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abebda60 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abebdbb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abebf790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001abec0340 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abec0dd0 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000300.ldb 0x00000001abec0f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abec3300 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 0x00000001abec4070 10 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal 0x00000001abec48e0 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abec4dd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001abec6230 19 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 0x00000001abec8c50 2 1 ------ \Device\NamedPipe\chrome.6908.0.32004521 0x00000001abecaf20 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\urlmon.dll.mui 0x00000001abece580 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abed1070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abed1730 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abed19d0 24 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_web.whatsapp.com_0.localstorage 0x00000001abed86d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IPSECSVC.DLL 0x00000001abed8870 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abed98f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abedb070 1 1 R--rw- \Device\HarddiskVolume3????????Data\Sophos\AutoUpdate\Cache\decoded\savxp\xvdl14.vd 0x00000001abedb340 2 1 ------ \Device\Afd\Endpoint 0x00000001abedff20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abee07a0 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msdart.dll 0x00000001abee1930 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abee2070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abee22f0 2 1 ------ \Device\Afd\Endpoint 0x00000001abee2700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abee2f20 29 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx 0x00000001abee4820 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ksuser.dll 0x00000001abee5aa0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Magnification.dll 0x00000001abee8970 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abee93d0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abeea700 2 1 ------ \Device\NamedPipe\mojo.6908.2092.9323163002369291975 0x00000001abeeb6d0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dllhost.exe 0x00000001abeed9c0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abef1700 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001abef4790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895 0x00000001abef5f20 1 1 ------ \Device\Mup\;Q:0000000000037dd2\10.10.0.88\mpauli 0x00000001abef6d10 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msvfw32.dll 0x00000001abef8f20 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wdmaud.drv 0x00000001abef9f20 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FwRemoteSvr.dll 0x00000001abefb440 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abefba80 1 1 ------ \Device\Afd\Endpoint 0x00000001abefcd40 11 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\EXSEC32.DLL 0x00000001abf03b20 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001abf06310 1 1 R--rw- \Device\HarddiskVolume3\ProgramData\Sony Corporation\Sony Packaging Manager\PackagingTemp\{1DF75360-D933-4CCB-8B64-F0BB81894B58} 0x00000001abf076a0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll 0x00000001abf08ac0 19 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46082-07b0-11e5-be3f-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001abf08f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf0b550 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abf0bb40 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abf0bdd0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mscoree.dll 0x00000001abf0c350 1 1 ------ \Device\Afd\Endpoint 0x00000001abf0c710 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\d3d11.dll 0x00000001abf0c860 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\puiapi.dll 0x00000001abf0d900 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dfscli.dll 0x00000001abf0df20 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\UIAutomationCore.dll 0x00000001abf0f780 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0x00000001abf116b0 1 1 RW-r-d \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-294828654-1168716976-3009358734-1000.dat 0x00000001abf11800 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001abf11950 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\EN-US\SPMgr.exe.mui 0x00000001abf136e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abf16a40 15 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL 0x00000001abf1d070 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\powertracker.dll 0x00000001abf1da80 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf1dc80 17 0 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png 0x00000001abf1e070 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\d3d10warp.dll 0x00000001abf1f860 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\newdev.dll 0x00000001abf1fcc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001abf207a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abf20b50 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf21f20 1 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Music 0x00000001abf24d20 2 1 ------ \Device\Afd\Endpoint 0x00000001abf26430 2 1 ------ \Device\Afd\Endpoint 0x00000001abf286d0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001abf2d610 13 0 R--r-d \Device\HarddiskVolume3\Windows\explorer.exe 0x00000001abf2f590 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf2fdd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abf30f20 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\avrt.dll 0x00000001abf32360 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\actxprxy.dll 0x00000001abf324b0 2 1 ------ \Device\Afd\Endpoint 0x00000001abf32730 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dxgi.dll 0x00000001abf32860 1 1 RW---- \Device\HarddiskVolume3\System Volume Information\Syscache.hve.LOG1 0x00000001abf32cb0 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams.resources\de.lproj\ShellStreamsLocalized.dll 0x00000001abf32f20 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx 0x00000001abf33070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abf335d0 1 1 ------ \Device\0000004b\topology 0x00000001abf337d0 2 1 ------ \Device\Afd\Endpoint 0x00000001abf33dd0 1 1 ------ \Device\NamedPipe\browser 0x00000001abf34710 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf35710 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL 0x00000001abf35f20 8 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll 0x00000001abf369b0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\riched20.dll 0x00000001abf37a20 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ieframe.dll 0x00000001abf38830 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msls31.dll 0x00000001abf38c60 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\d2d1.dll 0x00000001abf39310 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmp.dll 0x00000001abf3b070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf3b320 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\d3d8thk.dll 0x00000001abf3b520 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\DBGHELP.DLL 0x00000001abf3b670 13 0 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\{82513CA7-D1F7-47F4-A9C5-4DE1A77DA069}.2.ver0x0000000000000003.db 0x00000001abf3cb60 6 0 R--r-d \Device\HarddiskVolume3\Program Files\Realtek\Audio\HDA\RAVBg64.exe 0x00000001abf3d070 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts 0x00000001abf3fcb0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Elements 9 Organizer\platform.DLL 0x00000001abf431d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001abf49070 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\DWrite.dll 0x00000001abf494a0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001abf49740 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf49890 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Improvement\viaggregator.dll 0x00000001abf49b20 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 0x00000001abf49dd0 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dciman32.dll 0x00000001abf49f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abf4a990 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\shdocvw.dll 0x00000001abf4d3e0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\Logs\asl.120743_28Jun15.log 0x00000001abf509d0 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Heavy.otf 0x00000001abf50c80 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001abf55380 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf56f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\midimap.dll 0x00000001abf5a670 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\printui.dll 0x00000001abf5a8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001abf5cf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abf5d8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf65070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001abf69070 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf6a7c0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\devenum.dll 0x00000001abf6b670 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msdmo.dll 0x00000001abf6c070 2 1 ------ \Device\NamedPipe\mojo.6908.6912.9117176632403837866 0x00000001abf70070 2 1 ------ \Device\NamedPipe\chrome.6908.5.165693584 0x00000001abf70220 2 1 ------ \Device\NamedPipe\mojo.6908.6912.469110642302910550 0x00000001abf70490 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abf705e0 2 1 ------ \Device\NamedPipe\chrome.6908.4.115452734 0x00000001abf72d70 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf79ed0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem75.PNF 0x00000001abf7a430 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\de-DE\wlanext.exe.mui 0x00000001abf7af20 5 0 R--rw- \Device\HarddiskVolume3\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm 0x00000001abf7b840 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abf7e870 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SETTINGSUI.DLL 0x00000001abf82930 9 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\a74dd505\00ab0e48_3db7cb01\Microsoft.Office.Tools.Outlook.v4.0.Utilities.DLL 0x00000001abf84760 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\UniDrvUI.dll 0x00000001abf84af0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem87.PNF 0x00000001abf858e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001abf886b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\AudioSes.dll 0x00000001abf88800 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msacm32.drv 0x00000001abf89940 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf8ca20 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001abf8cde0 3 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL 0x00000001abf8d8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf8f2a0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\de-DE\WinSATAPI.dll.mui 0x00000001abf904f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001abf90f20 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 0x00000001abf92870 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msxml3.dll 0x00000001abf94f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001abf989c0 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf998e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf9caf0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abf9cf20 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dimsjob.dll 0x00000001abf9dc90 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\DXP.dll 0x00000001abfa1330 3 1 R----- \Device\SAVOnAccess\Read 0x00000001abfa38f0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\padekgcemlokbadohgkifijomclgjgif\000045.log 0x00000001abfa6680 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46081-07b0-11e5-be3f-f0bf97d84308}.TxR.2.regtrans-ms 0x00000001abfae940 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001abfb2580 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL 0x00000001abfb2940 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abfb3f20 6 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\OUTLLIBR.DLL 0x00000001abfb45f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001abfb6f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001abfb7640 13 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG 0x00000001abfb78e0 10 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History 0x00000001abfb8560 11 0 --Drwd \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-294828654-1168716976-3009358734-1000.da 0x00000001abfba1a0 15 0 ------ \Device\HarddiskVolume3\Windows\System32\C_28605.NLS 0x00000001abfbbca0 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL 0x00000001abfbd790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001abfbd8e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001abfbe430 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\elslad.dll 0x00000001abfbea60 2 1 ------ \Device\NamedPipe\mojo.6908.6912.3596713330641647289 0x00000001abfc0790 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001abfc0f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001abfc12b0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 0x00000001abfc1400 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK 0x00000001abfc2440 2 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ieframe.dll 0x00000001abfc3650 13 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOG 0x00000001abfc38f0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.469110642302910550 0x00000001abfc47d0 2 1 ------ \Device\NamedPipe\chrome.6908.6.192948148 0x00000001abfc5670 19 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001abfc6e90 20 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 0x00000001abfcb070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001abfcb1e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001abfd3cd0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dwmcore.dll 0x00000001abfd4c20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001abfd6f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hgcpl.dll 0x00000001abfd8720 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsAPI.dll 0x00000001abfd8c40 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\msvcp110.dll 0x00000001abfe1070 18 0 -W-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\wctB542.tmp 0x00000001abfe3070 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\SensorsCpl.dll 0x00000001abffc070 8 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeBase.dll 0x00000001ac0436d0 14 0 RW-rwd \Device\?????????? 0x00000001ac043a40 8 0 RW-rwd \Device\?????????? 0x00000001ac044580 1 1 ------ \Device\???????? 0x00000001ac046170 15 0 R--rwd \Device\???????????????????????????????????????????????????? 0x00000001ac046f20 16 0 R--rwd \Device\ 0x00000001ac047a40 10 0 R--r-d \Device\????????` 0x00000001ac04a780 15 0 R--r-d \Device\0000-0000-0000-000000000000} 0x00000001ac04db20 9 0 R--rwd \Device\???? 0x00000001ac04f2f0 16 0 R--rwd \Device\FA246B-54F1-473E-B116-2899434AE1AD}.FSDFSD-{17FA246B-54F1-473E-B116-2899434AE1AD 0x00000001ac04f6d0 6 0 RW-rwd \Device\?????????? 0x00000001ac052430 6 0 RW-rwd \Device\?????????? 0x00000001ac053aa0 5 0 RW-rwd \Device\?????????? 0x00000001ac053f20 6 0 R--r-d \Device\???????????????????D???N 0x00000001ac0592f0 4 1 R--rwd \Device\? 0x00000001ac059560 14 0 R--r-d \Device\??{00000000-0000-0000-0000-00000000 0x00000001ac05a6e0 11 0 R--r-- \Device\ 0x00000001ac05b6f0 16 0 R--rwd \Device\????????????PP 0x00000001ac05c3b0 20 0 R--r-d \Device\ejet Pro 8600 (Netzwerk)???????? 0x00000001ac05ff20 12 0 R--rwd \Device\????????????????? 0x00000001ac062070 26 0 RW-rwd \Device\?????????? 0x00000001ac1a8430 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac1a8580 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\WebControlMessaging.dll 0x00000001ac1a8c80 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1a8f20 5 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Index 0x00000001ac1ab580 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ac1ab8e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\log4net\3363ad68ece045fed30512bf71f5a268\log4net.ni.dll 0x00000001ac1abdd0 17 1 RW-r-d \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Cache\e1c13e426e7011e18a7e806e6f6e6963.cache 0x00000001ac1abf20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001ac1ad790 15 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll 0x00000001ac1aedc0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001ac1af6d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1b06d0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe 0x00000001ac1b0820 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome.dll 0x00000001ac1b4af0 2 1 ------ \Device\NamedPipe\chrome.6908.12.9928770 0x00000001ac1b62f0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1b6a40 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1bacc0 11 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll 0x00000001ac1baf20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac1bda40 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1bdf20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1c1440 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1c24d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1c3070 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1c3200 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac1e4210 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac1ea5a0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK 0x00000001ac1eeae0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1f2d50 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac1f9a70 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac1fc400 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem115.PNF 0x00000001ac1ff070 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\ONBttnOL.dll 0x00000001ac201070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac204390 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fdPnp.dll 0x00000001ac205820 1 1 ------ \Device\Mup\;N:0000000000037dd2\10.10.0.88\Audiobooks 0x00000001ac2073e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac208700 3 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll 0x00000001ac208b80 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Medium.otf 0x00000001ac210c90 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.volatilityfoundation.org_0.localstorage 0x00000001ac2128a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac212bb0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wsnmp32.dll 0x00000001ac2138e0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2158d0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\dotNetRDF.dll 0x00000001ac2162a0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\usbmon.dll 0x00000001ac2185d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac21a8e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac21b8e0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\MsCtfMonitor.dll 0x00000001ac21ba60 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msutb.dll 0x00000001ac21c580 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2223a0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hpinksts5912LM.dll 0x00000001ac223560 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac225f20 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\ELSCore.dll 0x00000001ac2278e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cscapi.dll 0x00000001ac22cac0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac22ce00 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\NapiNSP.dll 0x00000001ac22e640 1 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001ac22f920 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem31.PNF 0x00000001ac236770 2 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001ac236c20 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\pcwum.dll 0x00000001ac2384c0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll 0x00000001ac23b430 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ac23c100 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ntlanman.dll 0x00000001ac244250 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 0x00000001ac246b60 7 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll 0x00000001ac247070 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\esent.dll 0x00000001ac248f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tcpmon.dll 0x00000001ac24e8e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pnrpnsp.dll 0x00000001ac24eb90 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe 0x00000001ac250a60 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\inetpp.dll 0x00000001ac253f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac256c10 9 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 0x00000001ac257400 21 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Freemake\CaptureLib\CaptureLibServiceLogic.dll 0x00000001ac2593e0 23 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll 0x00000001ac25a1a0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\VAIOCareToolkit\v4.0_8.4.2.12030__6b746f706d1a5a7d\VAIOCareToolkit.dll 0x00000001ac25b820 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem36.PNF 0x00000001ac25d6b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac260070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac263070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac264c50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac2685a0 4 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Diagnosis\events11.rbs 0x00000001ac269450 5 0 R--rwd \Device\HarddiskVolume3\ProgramData\HP\HP Officejet Pro 8600\NetworkDevices\CN315B3J2205KD.ini 0x00000001ac269850 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Windows\System32\config\components{54f46082-07b0-11e5-be3f-f0bf97d84308}.TM 0x00000001ac269cc0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac26fa30 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001ac275a00 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dbghelp.dll 0x00000001ac275d60 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d2d1.dll 0x00000001ac276560 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac278070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hpz3lw71.dll 0x00000001ac278530 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac278a60 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FXSMON.dll 0x00000001ac279a60 2 0 R--r-d \Device\HarddiskVolume3\Windows\System32\HPDiscoPM5912.dll 0x00000001ac27a710 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001ac281070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac283180 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_github.com_0.localstorage-journal 0x00000001ac2858e0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem27.PNF 0x00000001ac285f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcr110.dll 0x00000001ac2861a0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\snmpapi.dll 0x00000001ac289e70 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WSDMon.dll 0x00000001ac28a500 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sfc_os.dll 0x00000001ac28bae0 24 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Freemake\CaptureLib\CaptureLib.dll 0x00000001ac28f070 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcp110.dll 0x00000001ac290920 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\EXPSRV.DLL 0x00000001ac290c90 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\VBAJET32.DLL 0x00000001ac296320 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\srclient.dll 0x00000001ac29a3b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center 0x00000001ac29a710 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac29abe0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac29bf20 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\normnfd.nls 0x00000001ac29d180 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac29e5d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001ac29edf0 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msimg32.dll 0x00000001ac2a0570 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\DWrite.dll 0x00000001ac2aa210 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOCare.Utilities.dll 0x00000001ac2ab070 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center 0x00000001ac2ae560 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msvcr120_clr0400.dll 0x00000001ac2af740 20 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Freemake\CaptureLib\PacketDotNet.dll 0x00000001ac2b02e0 1 1 ------ \Device\Mup\;Z:0000000000037f3e\10.10.1.2\usb_drive_a-1 0x00000001ac2b0690 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mstask.dll 0x00000001ac2b1980 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2b4070 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2b57b0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\uxtheme.dll 0x00000001ac2b6440 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\SQMAPI.dll 0x00000001ac2b68f0 5 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1256.NLS 0x00000001ac2b7280 1 1 RW-rw- \Device\HarddiskVolume3\Windows\WindowsUpdate.log 0x00000001ac2b7580 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2b88e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cscapi.dll 0x00000001ac2bdc10 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\oledlg.dll 0x00000001ac2bde50 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\avicap32.dll 0x00000001ac2c1070 16 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Freemake\CaptureLib\SharpPcap.dll 0x00000001ac2c12a0 10 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\41951e0b3866b3cc2342fccbadcde883\System.IdentityModel.ni.dll 0x00000001ac2c42f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2c78e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WSDApi.dll 0x00000001ac2ce420 1 1 ------ \Device\Mup\;T:0000000000037dd2\10.10.0.88\Books 0x00000001ac2d17e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wer.dll 0x00000001ac2d3070 5 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Diagnosis\events10.rbs 0x00000001ac2d4580 1 1 ------ \Device\Afd\Endpoint 0x00000001ac2d5310 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\srres.dll 0x00000001ac2d81d0 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\VISGRF.DLL 0x00000001ac2d88e0 1 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\de-DE\athbttray.exe.mui 0x00000001ac2dc160 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ac2e2070 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\phonebook.dll 0x00000001ac2e2230 1 1 ------ \Device\000000a6\rtmicintopo 0x00000001ac2e2570 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\apphelp.dll 0x00000001ac2e31e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac2e38e0 1 1 R--rw- \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Update Installer 0x00000001ac2e58e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ac2e5c50 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ac2e6940 1 1 ------ \Device\000000a6\rtmicinwave 0x00000001ac2e8e40 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\drprov.dll 0x00000001ac2ee2e0 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2ee820 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\prtprocs\x64\hpzppw71.dll 0x00000001ac2efce0 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac2f0440 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll 0x00000001ac2f2970 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\prtprocs\x64\winprint.dll 0x00000001ac2f3560 10 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\HP\Common\FusionHarvester.dll 0x00000001ac2f3f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll 0x00000001ac2f6ae0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\win32spl.dll 0x00000001ac2f7560 1 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl 0x00000001ac2f8a80 11 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Diagnosis\events00.rbs 0x00000001ac2f95a0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac2fb4c0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\dispci.dll 0x00000001ac2fcb70 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac2ff8e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\webservices.dll 0x00000001ac300070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac308070 20 0 RW-rw- \Device\HarddiskVolume3\ProgramData\GlassWire\service\glasswire.db 0x00000001ac30a900 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac30b8e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msxml3r.dll 0x00000001ac30bb40 15 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Diagnosis\events01.rbs 0x00000001ac30c230 25 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx 0x00000001ac30c5b0 16 0 R--rwd \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\config.ini 0x00000001ac30d070 7 0 R--r-d \Device\HarddiskVolume3\Windows\servicing\CbsMsg.dll 0x00000001ac30eaa0 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\DPGHnt\DPGHnt.dll 0x00000001ac30ebf0 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal 0x00000001ac315710 2 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui 0x00000001ac316a40 2 1 ------ \Device\Afd\Endpoint 0x00000001ac31a300 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SynTPAPI.dll 0x00000001ac323da0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msoert2.dll 0x00000001ac3278e0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac327e20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mgmtapi.dll 0x00000001ac32b5c0 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\pala.ttf 0x00000001ac32f8e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\gameux.dll 0x00000001ac333d00 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac335dd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac337070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac338530 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac339440 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac33a370 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\httpapi.dll 0x00000001ac33ef20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries 0x00000001ac3411d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac342480 6 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll 0x00000001ac345a70 5 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll 0x00000001ac34f2c0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac350700 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac3555c0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac355e20 13 0 R--r-- \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\sortdefault.nlp 0x00000001ac356070 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac3576f0 25 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Yahoo.Yui.Compressor.dll 0x00000001ac357a10 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac3592a0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\COMPONENTS.LOG2 0x00000001ac359530 19 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46082-07b0-11e5-be3f-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001ac359f20 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac361bc0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IdListen.dll 0x00000001ac361d10 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001ac400200 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll 0x00000001ac401f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac403f20 1 0 RW-rwd \Device\HarddiskVolume3\$PrepareToShrinkFileSize 0x00000001ac407070 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 0x00000001ac408bd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac4098e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 0x00000001ac40b470 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac40f1e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\slc.dll 0x00000001ac41cf20 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\secur32.dll 0x00000001ac41ed10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ac41f8e0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 0x00000001ac421460 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll 0x00000001ac421970 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wsock32.dll 0x00000001ac421b60 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wtsapi32.dll 0x00000001ac423070 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 0x00000001ac423a30 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac425070 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Update\VUAgent.exe 0x00000001ac4252d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL 0x00000001ac425690 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\iscsicpl.exe 0x00000001ac4285c0 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ac428dc0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ieframe.dll 0x00000001ac4294f0 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem62.PNF 0x00000001ac42da50 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac42e440 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\schedcli.dll 0x00000001ac42edd0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac42ef20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac431070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ac432500 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\oledlg.dll 0x00000001ac4327b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001ac436490 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac439070 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\AppleVersions.dll 0x00000001ac43b6b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001ac440f20 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\System\Ole DB\oledb32r.dll 0x00000001ac443ca0 16 0 R--rw- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\cversions.2.db 0x00000001ac444580 29 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac446bc0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 0x00000001ac446f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll 0x00000001ac44b2d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\vsstrace.dll 0x00000001ac44b420 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\uiwbnp.dll 0x00000001ac44d820 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac44e630 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac44e8e0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll 0x00000001ac44ed10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac455560 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\powrprof.dll 0x00000001ac4566b0 1 1 ------ \Device\Mup\;O:0000000000037f3e\10.10.0.88\Data 0x00000001ac458070 1 1 ------ \Device\Mup\;R:0000000000037f3e\10.10.0.88\homes 0x00000001ac458820 19 1 RWD--- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp 0x00000001ac45d730 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac45d900 9 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem135.PNF 0x00000001ac45df20 1 1 ------ \Device\Afd\Endpoint 0x00000001ac45fd10 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Diagnosis\Sideload 0x00000001ac462f20 2 1 ------ \Device\NamedPipe\browser 0x00000001ac463dd0 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\dxgi.dll 0x00000001ac463f20 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WinSATAPI.dll 0x00000001ac4686c0 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe 0x00000001ac46f290 16 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\Sony\VAIOCA~1\Iolo\offreg.dll 0x00000001ac46ff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac472420 2 1 ------ \Device\Afd\Endpoint 0x00000001ac4795c0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\a74dd505\00ab0e48_3db7cb01\Microsoft.Office.Tools.Outlook.v4.0.Utilities.DLL 0x00000001ac47dd60 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winrnr.dll 0x00000001ac47f8f0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\repdrvfs.dll 0x00000001ac4818f0 3 1 ------ \Device\Afd\Endpoint 0x00000001ac482430 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ncobjapi.dll 0x00000001ac482f20 2 1 ------ \Device\Afd\Endpoint 0x00000001ac4838e0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Bonjour\mDNSResponder.exe 0x00000001ac483a40 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\aepic.dll 0x00000001ac487d20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x00000001ac489070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\PrintIsolationProxy.dll 0x00000001ac489a70 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac489e80 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\diagtrack.dll 0x00000001ac48c070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk 0x00000001ac48c5a0 2 1 ------ \Device\NamedPipe\chrome.6908.441.50995097 0x00000001ac48f610 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mdminst.dll 0x00000001ac4916d0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{376f72c8-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001ac494360 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac495070 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mscoree.dll 0x00000001ac496dc0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\npmproxy.dll 0x00000001ac4974e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac497a60 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac49b070 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\COMPS_M.VSS 0x00000001ac49b4a0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\SensApi.dll 0x00000001ac49bf20 2 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ac49c220 11 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\TCPMON.dll.mui 0x00000001ac49d070 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe 0x00000001ac49d5d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pdh.dll 0x00000001ac49d760 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac49e400 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat 0x00000001ac49f070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac4a13e0 2 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac4c5760 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac4c7710 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 0x00000001ac4c8560 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll 0x00000001ac4c8f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\odbcint.dll 0x00000001ac4cba40 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac4d2790 2 1 ------ \Device\Afd\Endpoint 0x00000001ac4d33f0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\AdminService.exe 0x00000001ac4d8150 3 1 ------ \Device\Afd\Endpoint 0x00000001ac4d83f0 1 1 ------ \Device\Afd\Endpoint 0x00000001ac4d8790 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\bthprops.cpl 0x00000001ac4d88e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wlanapi.dll 0x00000001ac4da3d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdResDll.dll 0x00000001ac4dd5a0 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat.LOG1 0x00000001ac4ddce0 18 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_DEA66AEFD0A1534F88AE48409EC40CB3.dat 0x00000001ac4e16c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f 0x00000001ac4e3ad0 7 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80DEU.dll 0x00000001ac4e7560 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bthprops.cpl 0x00000001ac4edcb0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.cybersecurity-airbusds.com_0.localstorage 0x00000001ac4f0070 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll 0x00000001ac4f2bf0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac4f3c30 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3 0x00000001ac4f4bc0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Credentials 0x00000001ac4f5810 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu 0x00000001ac4fbe80 1 1 ------ \Device\Afd\Endpoint 0x00000001ac4fd480 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcp100.dll 0x00000001ac4fdbe0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac4fe6d0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 0x00000001ac4ff590 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Users\Admin\ntuser.dat{376f72c4-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001ac4ff7e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac4ffb80 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msi.dll 0x00000001ac5006d0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac500a60 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac5012d0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx 0x00000001ac502070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac5034d0 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\ntuser.dat{376f72c4-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001ac503890 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\ntuser.dat.LOG1 0x00000001ac507070 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\ntuser.dat 0x00000001ac5074c0 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 0x00000001ac50b070 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac50db70 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\fontsub.dll 0x00000001ac51bdd0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\vssapi.dll 0x00000001ac51ec40 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ac51f300 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{376f72c8-a493-11e4-80fb-f0bf97d84308}.TM.blf 0x00000001ac51faa0 1 1 RW---- \Device\HarddiskVolume3\System Volume Information\Syscache.hve.LOG2 0x00000001ac520890 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem86.PNF 0x00000001ac521780 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\ntuser.dat{376f72c4-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001ac5224a0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Videos 0x00000001ac523dc0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac5241a0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tcpmib.dll 0x00000001ac525f20 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{376f72c8-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001ac527200 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac527e50 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Config 0x00000001ac52bf20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac52cf20 14 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Bold.otf 0x00000001ac533b70 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac539140 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem155.PNF 0x00000001ac546f20 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac5495a0 1 1 ------ \Device\Afd\Endpoint 0x00000001ac54e710 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe 0x00000001ac54fc20 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 0x00000001ac553560 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac553850 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\taskschd.dll 0x00000001ac555070 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac557390 1 1 ------ \Device\Afd\Endpoint 0x00000001ac557dc0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac55ca90 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac55ee50 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac55f3d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msimtf.dll 0x00000001ac560920 9 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\DTLNET_M.VSS 0x00000001ac5616b0 9 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msscntrs.dll 0x00000001ac561dc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac5626d0 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL 0x00000001ac565070 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\SERVER_M.VSS 0x00000001ac5689d0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ac568bc0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mlang.dll 0x00000001ac56d070 32 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\content\content.ldb 0x00000001ac56dc80 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac56e070 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001ac570070 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\quartz.dll 0x00000001ac571cb0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin 0x00000001ac572980 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll 0x00000001ac573c90 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac575590 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\3282b347\00ab0e48_3db7cb01\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL 0x00000001ac5756e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001ac5773e0 15 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\MICROS~2\Office15\1031\GrooveIntlResource.dll 0x00000001ac577a90 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac577f20 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac579070 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll 0x00000001ac579720 12 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\GdiPlus.dll 0x00000001ac579c80 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\SPMDam.dll 0x00000001ac579dd0 2 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\EN-US\VSNClient.exe.mui 0x00000001ac579f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac580a60 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\VSNService.exe 0x00000001ac581520 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\Sync.dll 0x00000001ac589c70 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\athr_debug.dll 0x00000001ac589f20 1 1 ------ \Device\000000a6\rearlineoutwave3 0x00000001ac591870 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001ac596f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac599380 1 1 ------ \Device\NamedPipe\wkssvc 0x00000001ac59a210 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\uDWM.dll 0x00000001ac59a4b0 10 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync64.dll 0x00000001ac59aae0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 0x00000001ac59add0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac5a02f0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac5a0920 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ac5a0b90 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\P2P.dll 0x00000001ac5a66c0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\efscore.dll 0x00000001ac5ac220 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\sti_ci.dll 0x00000001ac5ae2b0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\olepro32.dll 0x00000001ac5b2e40 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\davhlpr.dll 0x00000001ac5b36f0 2 1 ------ \Device\Afd\Endpoint 0x00000001ac5b4330 2 1 ------ \Device\NamedPipe\efsrpc 0x00000001ac5b46c0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\efsutil.dll 0x00000001ac5b5bc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac5b6070 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\webio.dll 0x00000001ac5b61c0 1 1 ------ \Device\NamedPipe\efsrpc 0x00000001ac5ba320 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\nlaapi.dll 0x00000001ac5baa60 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac5bd560 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx 0x00000001ac5c1cc0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac5c1e20 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 0x00000001ac5c67e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\taskhost.exe 0x00000001ac5c8860 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac5c9070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac5cc070 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winrnr.dll 0x00000001ac5cc420 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac5cc7f0 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal 0x00000001ac5ccd10 30 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG 0x00000001ac5cdcc0 3 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibrii.ttf 0x00000001ac5cee90 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msxml3.dll 0x00000001ac5cf1e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac5d30f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac5d3800 1 1 ------ \Device\Afd\Endpoint 0x00000001ac5d7430 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeHeitiStd-Regular.otf 0x00000001ac5db070 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\schannel.dll 0x00000001ac5dcc80 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\drprov.dll 0x00000001ac5de7f0 2 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001ac5debd0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spoolss.dll 0x00000001ac5dff20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\PlaySndSrv.dll 0x00000001ac5e0d70 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries 0x00000001ac5e2a80 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\localspl.dll 0x00000001ac5eec80 10 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem45.inf 0x00000001ac5efc20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001ac5f0200 8 0 R--rwd \Device\HarddiskVolume3\Windows\System32\ifsutil.dll 0x00000001ac5f0350 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\davclnt.dll 0x00000001ac5f3560 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winsta.dll 0x00000001ac5f4e20 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx 0x00000001ac5f9070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\HotStartUserAgent.dll 0x00000001ac5f9b90 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x00000001ac5f9e30 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\SystemState 0x00000001ac5fb070 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx 0x00000001ac5fb920 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\GWCtlSrv.exe 0x00000001ac5fc640 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ntlanman.dll 0x00000001ac60c8e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c9175f8#\f5bca4b99a77fdd9dcae2d7774331f6c\PresentationFramework.Aero.ni.dll 0x00000001ac60cd10 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wsock32.dll 0x00000001ac60d4a0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ktmw32.dll 0x00000001ac613070 6 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Sophos\SafeGuard PrivateCrypto\pcshell0407.dll 0x00000001ac613a20 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\cscdll.dll 0x00000001ac613cb0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d10_1.dll 0x00000001ac617f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac618740 14 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\wbem\wmiutils.dll 0x00000001ac61a1c0 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\pnrpnsp.dll 0x00000001ac61a310 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac61e2d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6218e0 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac621f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac622f20 6 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\wbem\repository\INDEX.BTR 0x00000001ac624740 1 1 ------ \Device\NamedPipe\srvsvc 0x00000001ac626470 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac6266d0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac628790 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dsound.dll 0x00000001ac628a40 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac629070 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WmiPrvSE.exe 0x00000001ac629390 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac62ea70 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdateCommon\VAIOCareUpdateCommonBL.dll 0x00000001ac630070 2 1 ------ \Device\Afd\Endpoint 0x00000001ac630960 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem50.PNF 0x00000001ac6313d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac633570 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mprapi.dll 0x00000001ac635ab0 2 1 ------ \Device\Afd\Endpoint 0x00000001ac636760 2 1 ------ \Device\Afd\Endpoint 0x00000001ac63a940 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac63ab70 17 1 RW-r-- \Device\HarddiskVolume3\Windows\Tasks\SCHEDLGU.TXT 0x00000001ac63b230 2 1 R--rw- \Device\HarddiskVolume3\Windows\Tasks 0x00000001ac63c420 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac63cdd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac63db30 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ac640dd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac644a60 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem17.PNF 0x00000001ac6521b0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\taskcomp.dll 0x00000001ac6618e0 1 1 ------ \Device\NamedPipe\atsvc 0x00000001ac661a40 2 1 ------ \Device\Afd\Endpoint 0x00000001ac6636e0 2 1 ------ \Device\nativewifip\{e4114b4a-72e4-4010-89f9-03c4adfc2e6e} 0x00000001ac669810 16 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 0x00000001ac66af20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac66e8e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tbs.dll 0x00000001ac6733e0 2 1 ------ \Device\Afd\Endpoint 0x00000001ac674d60 2 1 R--rwd \Device\HarddiskVolume3\ 0x00000001ac675910 1 1 R--rw- \Device\? 0x00000001ac67b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac67f430 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac685330 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\jscript9.dll.mui 0x00000001ac686700 2 1 ------ \Device\Afd\Endpoint 0x00000001ac688230 4 0 R--rwd \Device\HarddiskVolume3\Windows\System32\QAGENTRT.DLL 0x00000001ac68a070 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-558-0 0x00000001ac68c8e0 2 1 ------ \Device\Afd\Endpoint 0x00000001ac68ce40 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wlanutil.dll 0x00000001ac6908e0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wiarpc.dll 0x00000001ac694f20 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\webcheck.dll 0x00000001ac6a78e0 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\DiagCpl.dll 0x00000001ac6accb0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibrii.ttf 0x00000001ac6ada70 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\netcfgx.dll 0x00000001ac6adbc0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\COMPONENTS.LOG1 0x00000001ac6addd0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6adf20 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-shm 0x00000001ac6ae8e0 7 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ac6b28e0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\SPMgr.exe 0x00000001ac6b5cc0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\rdpcorekmts.dll 0x00000001ac6ba820 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac6bac50 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\libpcre.dll 0x00000001ac6c3b60 29 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\DevExpress.XtraEditors.v14.2.resources.dll 0x00000001ac6c4070 13 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0.localstorage 0x00000001ac6c4cd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac6c6070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\taskeng.exe 0x00000001ac6ca4a0 6 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\10841d98b426379388043cf79e96d929\PresentationFramework.Classic.ni.dll 0x00000001ac6ca710 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6cdd10 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\TSChannel.dll 0x00000001ac6cfa40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6d3c60 17 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000527.log 0x00000001ac6d4420 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\MagicDisc\MagicDisc.exe 0x00000001ac6d4f20 1 1 ------ \Device\Mup\;O:0000000000037dd2\10.10.0.88\Data 0x00000001ac6d57e0 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac6d68e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WmiDcPrv.dll 0x00000001ac6d6a70 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\VAIOCareToolkit\v4.0_8.4.2.12030__6b746f706d1a5a7d\VAIOCareToolkit.dll 0x00000001ac6d82a0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 0x00000001ac6d8520 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6d8dd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6d8f20 14 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_filter.dll 0x00000001ac6d93b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac6db070 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\batt.dll 0x00000001ac6dcf20 15 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\pngfilt.dll 0x00000001ac6e0f20 18 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.SuperSlimScriptingEngine.dll 0x00000001ac6e3a90 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6e3be0 3 2 ------ \Device\NamedPipe\chrome.sync.6908.2092.3027543919 0x00000001ac6e6f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac6ecd40 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac6ed250 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msvcr100.dll 0x00000001ac6efa10 13 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies 0x00000001ac6efbc0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem114.PNF 0x00000001ac6f43c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac6f4bc0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wbem\fastprox.dll 0x00000001ac6f5810 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\browcli.dll 0x00000001ac6f61f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac6faa60 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WinMgmtR.dll 0x00000001ac6fe070 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001ac705310 14 0 R--r-d \Device\ 0x00000001ac705880 16 0 R--rwd \Device\utils.dll 0x00000001ac708f20 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wfapigp.dll 0x00000001ac70a740 3 1 ------ \Device\NamedPipe\abel 0x00000001ac70b820 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeMingStd-Light.otf 0x00000001ac70d070 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SWIManagement.dll 0x00000001ac70d8e0 12 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 0x00000001ac711bb0 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7148e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\fltLib.dll 0x00000001ac723dd0 1 1 ------ \Device\NamedPipe\wkssvc 0x00000001ac725d50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac726f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90DEU.DLL 0x00000001ac728f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7298e0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac72aa60 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 0x00000001ac72bf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac72c1b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac72d5b0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Cain\Abel64.exe 0x00000001ac730f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac733940 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac73b5a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac73ccd0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac74c580 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\hcblack.theme 0x00000001ac74f8e0 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\BASECOM.DLL 0x00000001ac750f20 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msxml3r.dll 0x00000001ac751270 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac752070 13 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\itype.exe 0x00000001ac752dc0 16 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll 0x00000001ac7534e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac753d40 2 1 R--rw- \Device\HarddiskVolume3\Windows\System32\drivers\etc 0x00000001ac753f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac754f20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac758ac0 3 0 R--r-d \Device\HarddiskVolume3\Program Files\iPod\bin\iPodService.Resources\iPodService.dll 0x00000001ac759460 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac759c80 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rundll32.exe 0x00000001ac759dd0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_w32.dll 0x00000001ac759f20 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\WWLIB.DLL 0x00000001ac75f740 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\odbc32.dll 0x00000001ac7606d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac7632f0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\puiapi.dll 0x00000001ac7634d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac765780 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac765f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll 0x00000001ac766590 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\EXPLORERHOOK.DLL 0x00000001ac767710 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac771070 1 1 ------ \Device\Mup\;V:0000000000037f3e\10.10.0.88\Movies 0x00000001ac771220 1 1 ------ \Device\Mup\;U:0000000000037dd2\10.10.0.88\Music 0x00000001ac772300 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac775070 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac777070 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac77a840 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem165.PNF 0x00000001ac77b430 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\Query.dll 0x00000001ac783760 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac784070 16 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 0x00000001ac784e50 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ac785510 1 1 ------ \Device\NamedPipe\efsrpc 0x00000001ac786070 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{692DDB72-5BCF-41F2-9FDC-8882E75FFB97}.tmp 0x00000001ac786790 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac787f20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ac789f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac78a9b0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem164.PNF 0x00000001ac793560 2 1 ------ \Device\NamedPipe\keysvc 0x00000001ac7986c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac7a28e0 4 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU64.dll 0x00000001ac7a3070 1 1 ------ \Device\Afd\Endpoint 0x00000001ac7a6f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ntdsapi.dll 0x00000001ac7a8070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\NCProv.dll 0x00000001ac7af070 2 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ac7af670 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll 0x00000001ac7b1280 5 0 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.resources\CFCharacterSetBitmaps.bitmap 0x00000001ac7b1570 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCService.exe 0x00000001ac7b1f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac7b3570 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7b4240 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac7b5a60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac7b63e0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx 0x00000001ac7b8cc0 6 0 R--rwd \Device\HarddiskVolume3\Windows\System32\syncui.dll 0x00000001ac7b9f20 14 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001ac7bb8b0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll 0x00000001ac7bc8e0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 0x00000001ac7bf9b0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Web\Wallpaper\Architecture\Desktop.ini 0x00000001ac7c0910 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem103.PNF 0x00000001ac7c2ea0 1 1 ------ \Device\Afd\Endpoint 0x00000001ac7c5700 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dllhost.exe 0x00000001ac7d35d0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7d74d0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_disqus.com_0.localstorage 0x00000001ac7d7960 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem112.PNF 0x00000001ac7d9070 1 1 ------ \Device\NamedPipe\keysvc 0x00000001ac7d93e0 1 1 ------ \Device\NamedPipe\keysvc 0x00000001ac7d98e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll 0x00000001ac7daf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7db700 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001ac7dc6a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7dca60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7df070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7df8e0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7e0210 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ac7e26e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdUIResDll.dll 0x00000001ac7e48c0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdnp32.dll 0x00000001ac7e89d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\usbperf.dll 0x00000001ac7eab10 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\PortableDeviceTypes.dll 0x00000001ac7ee7e0 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac7ef290 19 1 -W-rw- \Device\HarddiskVolume3\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Apple Computer\Logs\asl.120419_28Jun15.log 0x00000001ac7f17b0 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\ACEES.DLL 0x00000001ac7f1dd0 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll 0x00000001ac7f57b0 1 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 0x00000001ac7f68e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac7f7e10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac7fb8b0 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll 0x00000001ac7fc8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ac7fd4d0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msvcp100.dll 0x00000001ac7fedc0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wups2.dll 0x00000001ac7ff450 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\basic.theme 0x00000001ac807d20 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\qdvd.dll 0x00000001ac80ef20 7 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db 0x00000001ac817260 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8188f0 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac81b4e0 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ac821d70 23 1 RW-rw- \Device\HarddiskVolume3\ProgramData\Sophos\Web Intelligence\sxl3_cache.dat 0x00000001ac822990 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeBusinessLogic.dll 0x00000001ac827990 7 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\96e87c9a835ae5d9494552b8424615bf\Microsoft.JScript.ni.dll 0x00000001ac828580 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac829750 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac82d8e0 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\davclnt.dll 0x00000001ac82dcb0 21 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll 0x00000001ac831cb0 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\wbem\MOF 0x00000001ac83ddd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac83eb70 2 1 ------ \Device\Afd\Endpoint 0x00000001ac8408e0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8415e0 3 1 ------ \Device\Afd\Endpoint 0x00000001ac843280 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pstorsvc.dll 0x00000001ac846b10 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem167.PNF 0x00000001ac8471d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac849c70 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\resutils.dll 0x00000001ac84a6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac84b860 13 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll 0x00000001ac84c3e0 17 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\wbem\repository\OBJECTS.DATA 0x00000001ac851300 15 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL 0x00000001ac854b50 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL 0x00000001ac8598e0 2 1 ------ \Device\NamedPipe\trkwks 0x00000001ac85bc00 3 1 ------ \Device\NamedPipe\pgsignal_4424 0x00000001ac85ea60 3 1 ------ \Device\NamedPipe\pgsignal_4400 0x00000001ac862070 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mycomput.dll 0x00000001ac8636d0 13 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dajedkncpodkggklbegccjpmnglmnflm\LOG 0x00000001ac864070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x00000001ac864300 1 1 ------ \Device\Afd\Endpoint 0x00000001ac86bd10 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\d3d9.dll 0x00000001ac86ef20 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx 0x00000001ac870070 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPr6N-Bold.otf 0x00000001ac871c50 1 1 ------ \Device\Afd\Endpoint 0x00000001ac879320 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-340-0 0x00000001ac87a300 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac87aa40 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ddraw.dll 0x00000001ac87eda0 5 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\MAPIR.DLL 0x00000001ac87f070 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\MdSched.exe 0x00000001ac880a70 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dhcpcsvc6.dll 0x00000001ac883070 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SophtainerAdapter.dll 0x00000001ac8848e0 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini 0x00000001ac885100 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\logoncli.dll 0x00000001ac887d10 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wbem\cimwin32.dll 0x00000001ac8935d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files\WebDrive\wdService.exe 0x00000001ac894580 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\schedcli.dll 0x00000001ac894e60 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wshbth.dll 0x00000001ac89d480 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac89e3f0 13 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Directory 0x00000001ac8aa070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ac8aad10 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\jscript.dll 0x00000001ac8ab6f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac8adf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8b3bc0 5 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\usbperf.dll 0x00000001ac8b3d60 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dhcpcsvc.dll 0x00000001ac8b5130 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac8b6d20 2 1 ------ \Device\NamedPipe\c02cd15f-5a08-4ced-b576-2b14f38a9edd 0x00000001ac8b7070 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\bitsprx4.dll 0x00000001ac8b8070 2 1 ------ \Device\NamedPipe\16a2923b-dc70-4feb-bfd7-3c1dad0d22d1 0x00000001ac8b8210 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ac8bc770 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavRes.dll 0x00000001ac8be070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac8cacb0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ac8cb700 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8ccb30 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dnsapi.dll 0x00000001ac8cd590 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ac8d01d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ac8d4900 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8d5570 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pnidui.dll 0x00000001ac8d9700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac8d9ba0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nci.dll 0x00000001ac8def20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\eappprxy.dll 0x00000001ac8e0780 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8e36a0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8e4940 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ICAdapter.dll 0x00000001ac8e7740 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibrib.ttf 0x00000001ac8ebc10 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8ec990 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mmcbase.dll 0x00000001ac8eec20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001ac8ef8e0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\conan.dll 0x00000001ac8f0250 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8f0a10 4 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\desktop.ini 0x00000001ac8f28e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\eappcfg.dll 0x00000001ac8f4f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cryptdll.dll 0x00000001ac8f6e10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ac8f8610 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mlang.dll 0x00000001ac8facb0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8fb070 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nrpsrv.dll 0x00000001ac8fba10 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlgpclnt.dll 0x00000001ac8fc700 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msi.dll 0x00000001ac8fcc00 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac8fe420 5 0 R--rw- \Device\HarddiskVolume3\Windows\System32\drivers\etc\services 0x00000001ac900640 3 0 RW-rw- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C 0x00000001ac907900 11 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_elf.dll 0x00000001ac90abd0 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac90ad20 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac90bf20 1 1 ------ \Device\Afd\Endpoint 0x00000001ac90c710 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac90e300 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 0x00000001ac90f340 25 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx 0x00000001ac911070 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmi.dll 0x00000001ac913dd0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 0x00000001ac917440 5 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 0x00000001ac923cf0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\c3e1958a\00c23a62_70cece01\SophosOutlookAddIn.DLL 0x00000001ac924a00 1 1 R--r-- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ac926870 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac927d60 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WinSCard.dll 0x00000001ac928dd0 4 0 R--rwd \Device\-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601 0x00000001ac929890 2 1 ------ \Device\0 0x00000001ac92b1c0 16 0 R--rw- \Device\???????? 0x00000001ac92d8e0 12 0 R--rw- \Device\?? 0x00000001ac9383e0 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\prncache.dll 0x00000001ac93da60 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9405d0 3 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 0x00000001ac947560 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dhcpcore6.dll 0x00000001ac947910 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\propsys.dll 0x00000001ac948070 4 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini 0x00000001ac9481f0 30 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx 0x00000001ac94e7e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll 0x00000001ac94ef20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac94f330 8 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll 0x00000001ac9531c0 2 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sony Shared\SOHLib\GER\SHSResource.dll 0x00000001ac95c8e0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac95e6d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll 0x00000001ac95f4c0 4 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx 0x00000001ac960580 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\tapi32.dll 0x00000001ac961700 12 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\719e2124aa45f221d8ffdad89e66a605\System.ComponentModel.DataAnnotations.ni.dll 0x00000001ac9636c0 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dnssd.dll 0x00000001ac969070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ac96b8d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac96bb40 11 0 R--r-d \Device\HarddiskVolume3\Windows\ehome\ehSSO.dll 0x00000001ac9711c0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac973070 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msxml6r.dll 0x00000001ac9788e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dnsrslvr.dll 0x00000001ac979870 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dnsext.dll 0x00000001ac97c8e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FWPUCLNT.DLL 0x00000001ac97ecc0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\eapphost.dll 0x00000001ac9817d0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\iTunes\iTunesHelper.exe 0x00000001ac981f20 2 1 ------ \Device\Afd\Endpoint 0x00000001ac986070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac987110 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac987700 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac98f760 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\raschap.dll 0x00000001ac99b290 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlanmsm.dll 0x00000001ac9a5310 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9a7dd0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\iscsied.dll 0x00000001ac9aca60 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlansec.dll 0x00000001ac9ae8e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\umb.dll 0x00000001ac9b3810 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlanutil.dll 0x00000001ac9b58e0 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac9b5bd0 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\userinit.exe 0x00000001ac9b6970 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\onex.dll 0x00000001ac9b6cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ac9b8320 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\lsmproxy.dll 0x00000001ac9b8f20 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\filemgmt.dll 0x00000001ac9b99a0 23 0 RW-rwd \Device\?????????? 0x00000001ac9bb070 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll 0x00000001ac9beb00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ac9bfaa0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemcore.dll 0x00000001ac9c0590 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac9c1070 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9c2070 2 1 ------ \Device\NamedPipe\srvsvc 0x00000001ac9c2500 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e 0x00000001ac9c2800 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ac9c3370 1 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 0x00000001ac9c3f20 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mssvp.dll 0x00000001ac9c4f20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll 0x00000001ac9c5f20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\iscsiexe.dll 0x00000001ac9c8dc0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem85.PNF 0x00000001ac9c95b0 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\dot3api.dll 0x00000001ac9d18e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlanext.exe 0x00000001ac9d28e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\iscsium.dll 0x00000001ac9d2bb0 15 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll 0x00000001ac9d3560 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\conhost.exe 0x00000001ac9d5910 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\urlmon.dll.mui 0x00000001ac9d5f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9d6240 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\de-DE\audiodg.exe.mui 0x00000001ac9d7070 30 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx 0x00000001ac9d8580 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wmiutils.dll 0x00000001ac9d88c0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9db2a0 5 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ac9e0280 1 1 RW-r-d \Device\HarddiskVolume3\Windows\System32\wfp\wfpdiag.etl 0x00000001ac9e1070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac9e14e0 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe 0x00000001ac9e5f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ac9e89f0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fveapi.dll 0x00000001ac9e9b20 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx 0x00000001ac9ea4e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ncrypt.dll 0x00000001ac9eaf20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fvecerts.dll 0x00000001ac9eb070 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlanapi.dll 0x00000001ac9eb820 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netcfgx.dll 0x00000001ac9ebb30 5 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll 0x00000001ac9ecf20 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9ed970 16 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll 0x00000001ac9efdd0 1 1 ------ \Device\NamedPipe\atsvc 0x00000001ac9eff20 2 1 ------ \Device\NamedPipe\atsvc 0x00000001ac9f1560 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ac9f3760 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\UIAutomationCore.dll.mui 0x00000001ac9f41e0 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9f8510 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ac9f9f20 1 1 ------ \Device\NamedPipe\ 0x00000001ac9faf20 2 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\urlmon.dll.mui 0x00000001ac9fd070 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac9fd1c0 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac9fd4f0 2 1 ------ \Device\NamedPipe\wdServicePipe 0x00000001ac9ffdd0 1 0 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat 0x00000001aca00380 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 0x00000001aca03220 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca055a0 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\framedynos.dll 0x00000001aca07f20 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat{376f72bf-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001aca0a070 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca0a210 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca0bf20 2 1 ------ \Device\Afd\Endpoint 0x00000001aca104b0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rpcss.dll 0x00000001aca174e0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat{376f72bf-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001aca186d0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat{376f72bf-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001aca197b0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF 0x00000001aca1aba0 30 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\OAlerts.evtx 0x00000001aca1ad50 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Key Management Service.evtx 0x00000001aca1aea0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx 0x00000001aca1e640 1 1 ------ \Device\NamedPipe\eventlog 0x00000001aca1e8e0 1 1 -W---- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat 0x00000001aca21640 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\authui.dll 0x00000001aca24470 2 1 ------ \Device\Afd\Endpoint 0x00000001aca24650 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\l2gpstore.dll 0x00000001aca2c070 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca302e0 1 1 ------ \Device\NamedPipe\eventlog 0x00000001aca30430 2 1 ------ \Device\NamedPipe\eventlog 0x00000001aca307b0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptui.dll 0x00000001aca30b00 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-4d0-0 0x00000001aca31480 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Media Center.evtx 0x00000001aca32f20 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Windows PowerShell.evtx 0x00000001aca343e0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\TuneUp.evtx 0x00000001aca348e0 26 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\System.evtx 0x00000001aca35070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shacct.dll 0x00000001aca361f0 33 1 -W-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\AdobeARM.log 0x00000001aca36370 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\iolo Applications.evtx 0x00000001aca366b0 1 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001aca36840 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 0x00000001aca36990 12 0 R--r-d \Device\HarddiskVolume3\Windows\WindowsShell.Manifest 0x00000001aca37240 2 1 ------ \Device\Afd\Endpoint 0x00000001aca377d0 2 1 ------ \Device\Afd\Endpoint 0x00000001aca3ae20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\samlib.dll 0x00000001aca3c420 27 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Application.evtx 0x00000001aca3c570 1 1 -W---- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 0x00000001aca3ce20 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\PRTG Network Monitor.evtx 0x00000001aca3d450 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ntmarta.dll 0x00000001aca40ba0 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\CaptureLibLog.evtx 0x00000001aca422e0 1 1 ------ \Device\Afd\Endpoint 0x00000001aca43070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\propsys.dll 0x00000001aca43c40 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca44280 19 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001aca448e0 25 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Security.evtx 0x00000001aca468e0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\MPSSVC.dll 0x00000001aca46e20 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Internet Explorer.evtx 0x00000001aca47350 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\HardwareEvents.evtx 0x00000001aca49b00 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca4cf20 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx 0x00000001aca4f920 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 0x00000001aca51f20 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca54b70 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wiatrace.dll 0x00000001aca588f0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 0x00000001aca61070 1 1 ------ \Device\000000a6\rtmicintopo 0x00000001aca61d30 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\duser.dll 0x00000001aca62860 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca648e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca65d00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca66480 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aca67bc0 1 1 ------ \Device\NamedPipe\srvsvc 0x00000001aca68590 1 1 ------ \Device\NamedPipe\wkssvc 0x00000001aca69d10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aca6bf20 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca6e3c0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dui70.dll 0x00000001aca707c0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll 0x00000001aca716b0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\AthDCAdminLog.evtx 0x00000001aca73ea0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx 0x00000001aca74a80 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca75790 3 1 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\EQUATION 0x00000001aca758e0 3 1 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts 0x00000001aca76e20 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx 0x00000001aca78790 8 1 RW-r-d \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat 0x00000001aca793c0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\avrt.dll 0x00000001aca7a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001aca7cf20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\AudioSes.dll 0x00000001aca7d6b0 3 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts 0x00000001aca7df20 1 1 ------ \Device\000000a6\rtspdifwave 0x00000001aca7edd0 1 1 ------ \Device\000000a6\rtspdiftopo 0x00000001aca80070 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imageres.dll 0x00000001aca82e40 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx 0x00000001aca83970 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\audiodg.exe 0x00000001aca846d0 1 1 ------ \Device\0000004b\topology 0x00000001aca849c0 1 1 ------ \Device\0000009b\topo01 0x00000001aca854e0 1 1 ------ \Device\000000a6\singlelineouttopo 0x00000001aca8aa70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aca8abc0 12 1 -WDr-- \Device\HarddiskVolume3\ProgramData\cm-lock 0x00000001aca8b070 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\NapiNSP.dll 0x00000001aca8d8e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdscore.dll 0x00000001aca8f8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aca8fa90 1 1 ------ \Device\000000a6\singlelineouttopo 0x00000001aca8fc20 1 1 ------ \Device\000000a6\rearlineoutwave3 0x00000001aca8ff20 1 1 ------ \Device\000000a6\rtmicinwave 0x00000001aca90590 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\davhlpr.dll 0x00000001aca91dd0 18 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CommonPlugin\CommonPluginBL.dll 0x00000001aca92640 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dajedkncpodkggklbegccjpmnglmnflm\000003.log 0x00000001aca93390 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aca94cb0 20 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 0x00000001aca96590 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SndVolSSO.dll 0x00000001aca96f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdmaud.drv 0x00000001aca97110 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hid.dll 0x00000001aca996f0 1 1 ------ \Device\000000a6\rtmicintopo 0x00000001aca9b2b0 1 1 ------ \Device\0000004b\topology 0x00000001aca9b680 1 1 ------ \Device\0000004b\wave 0x00000001aca9bf20 1 1 ------ \Device\000000a6\rtspdiftopo 0x00000001aca9f8e0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fdSSDP.dll 0x00000001acaa0bd0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winmm.dll 0x00000001acaa17e0 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acaace60 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ksuser.dll 0x00000001acaadc80 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 0x00000001acaaddd0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dsrole.dll 0x00000001acaaf640 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\gpsvc.dll 0x00000001acaafb70 16 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1251.NLS 0x00000001acab2070 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forensicfocus.com_0.localstorage-journal 0x00000001acab2490 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nlaapi.dll 0x00000001acab5340 1 1 R----- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\WebCacheLock.dat 0x00000001acab68e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\atl.dll 0x00000001acab6f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\xmllite.dll 0x00000001acab75b0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\es.dll 0x00000001acab8a40 2 1 ------ \Device\Afd\Endpoint 0x00000001acabd7e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\slc.dll 0x00000001acac1790 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acac18e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dssenh.dll 0x00000001acac3560 1 1 -W-rw- \Device\HarddiskVolume3\Windows\debug\WIA\wiatrace.log 0x00000001acac46f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acac9de0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe 0x00000001acaca6d0 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx 0x00000001acacb070 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acacbcd0 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acacbe20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\uxsms.dll 0x00000001acacc320 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001acaccb00 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx 0x00000001acacecb0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\AudioEng.dll 0x00000001acad05c0 10 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll 0x00000001acad08e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\samlib.dll 0x00000001acad0c40 3 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\38325aeb18dcbcdab44a2d51106a215b\System.ServiceModel.ni.dll 0x00000001acad2070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\midimap.dll 0x00000001acad3820 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msacm32.drv 0x00000001acad6820 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll 0x00000001acad8360 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msacm32.dll 0x00000001acad8c70 7 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll 0x00000001acadc5d0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winbrand.dll 0x00000001acadd820 11 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll 0x00000001acae1370 15 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\wbem\repository\MAPPING2.MAP 0x00000001acae8b00 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\AUDIOKSE.dll 0x00000001acaea4a0 5 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 0x00000001acaebe20 1 1 RW---- \Device\HarddiskVolume3\Windows\AppCompat\Programs\Amcache.hve 0x00000001acaf12f0 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem9.PNF 0x00000001acaf1900 2 1 ------ \Device\Afd\Endpoint 0x00000001acaf2770 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\VaultCredProvider.dll 0x00000001acaf45d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wsdchngr.dll 0x00000001acaf48e0 4 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\AutoUpdate\Config 0x00000001acaf6300 12 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\nvtray.exe 0x00000001acaf6970 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acaf72f0 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\DTLNET_M.VSS 0x00000001acaf7440 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\icuin53.dll 0x00000001acafc1d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SmartcardCredentialProvider.dll 0x00000001acafc320 2 1 ------ \Device\Afd\Endpoint 0x00000001acafc470 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-350-0 0x00000001acafcf20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\BioCredProv.dll 0x00000001acafdcb0 2 1 ------ \Device\Afd\Endpoint 0x00000001acafe1d0 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal 0x00000001acafef20 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winbio.dll 0x00000001acb00070 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netapi32.dll 0x00000001acb00b60 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\vaultcli.dll 0x00000001acb00cb0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\credui.dll 0x00000001acb02290 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanning.dll 0x00000001acb03c20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\RpcRtRemote.dll 0x00000001acb03f20 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\rsaenh.dll 0x00000001acb043e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001acb04700 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb05640 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll 0x00000001acb05b60 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\certCredProvider.dll 0x00000001acb05cb0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasplap.dll 0x00000001acb06f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acb09490 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\samcli.dll 0x00000001acb098e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netutils.dll 0x00000001acb0a350 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll 0x00000001acb0c280 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb0d070 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb0de90 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcr100.dll 0x00000001acb0f340 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\rsaenh.dll 0x00000001acb112f0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasapi32.dll 0x00000001acb125b0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\BHOManagement.dll 0x00000001acb128e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wkscli.dll 0x00000001acb12d60 2 1 ------ \Device\Afd\Endpoint 0x00000001acb13430 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cryptsp.dll 0x00000001acb13580 3 1 ------ \Device\NamedPipe\pgsignal_1460 0x00000001acb13ba0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\sxs.dll 0x00000001acb158e0 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\AuthorisedLists.dll 0x00000001acb163c0 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF44EE88810559F004.TMP 0x00000001acb1abb0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\HPScanTRDrv_OJ8600.dll 0x00000001acb1af20 6 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.18766_none_675144b3de10d6f7\wrpint.dll 0x00000001acb1c1c0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lde 0x00000001acb1cd10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001acb1d2c0 1 1 ------ \Device\Afd\Endpoint 0x00000001acb1df20 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\advpack.dll 0x00000001acb1ff20 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 0x00000001acb20d00 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavAdapter.dll 0x00000001acb20f20 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\SearchFolder.dll 0x00000001acb22cb0 12 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\nvui.dll 0x00000001acb23050 2 1 ------ \Device\NamedPipe\ 0x00000001acb23cf0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb26360 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\webio.dll 0x00000001acb27790 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem145.PNF 0x00000001acb278e0 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\DataControlManagement.dll 0x00000001acb28570 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasman.dll 0x00000001acb2a170 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Localisation.dll 0x00000001acb2a480 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Configuration.dll 0x00000001acb2b8f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001acb2bb00 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ThreatManagement.dll 0x00000001acb2cf20 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Logging.dll 0x00000001acb2d4f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acb2e700 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acb2ff20 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\atl.dll 0x00000001acb30980 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rtutils.dll 0x00000001acb31070 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\DetectionFeedback.dll 0x00000001acb32580 3 1 ------ \Device\Afd????? 0x00000001acb33d80 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001acb34f20 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\DCManagement.dll 0x00000001acb38db0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb3ed10 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptopp.dll 0x00000001acb3f970 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winhttp.dll 0x00000001acb408e0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\DriveProcessor.dll 0x00000001acb40f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb428e0 2 1 ------ \Device\Afd\Endpoint 0x00000001acb42bf0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SIPSManagement.dll 0x00000001acb43780 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\FilterProcessors.dll 0x00000001acb43b50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb43f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb441c0 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\icm32.dll 0x00000001acb486d0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ICProcessors.dll 0x00000001acb49580 16 0 -W-rwd \Device\HarddiskVolume3\Users\Admin\Videos\desktop.ini 0x00000001acb4bf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb4c070 5 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 0x00000001acb4e4f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001acb51070 2 1 ------ \Device\Afd\Endpoint 0x00000001acb521b0 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter.dll 0x00000001acb56ad0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Persistance.dll 0x00000001acb5aa40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb5ab90 15 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\NVXDBat.dll 0x00000001acb5cb60 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\FSDecomposer.dll 0x00000001acb5cf20 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ICManagement.dll 0x00000001acb5df20 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winspool.drv 0x00000001acb61780 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acb61e20 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ScanManagement.dll 0x00000001acb626c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acb62f20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001acb648e0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\VirusDetection.dll 0x00000001acb64e60 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\netutils.dll 0x00000001acb66710 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acb6cf20 15 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\wbem\repository\MAPPING3.MAP 0x00000001acb6e580 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\IPHLPAPI.DLL 0x00000001acb70f20 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wkscli.dll 0x00000001acb72970 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\srvcli.dll 0x00000001acb73b60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acb74730 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winnsi.dll 0x00000001acb76070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imageres.dll 0x00000001acb76670 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nvsvc64.dll 0x00000001acb768e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mfplat.dll 0x00000001acb78b00 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001acb79a70 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ScanEditFacade.dll 0x00000001acb79d00 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ThreatDetection.dll 0x00000001acb7a180 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mscms.dll 0x00000001acb81870 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acb827d0 2 1 ------ \Device\NamedPipe\chrome.6908.300.190013887 0x00000001acb83f20 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb86070 9 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll 0x00000001acb86910 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msimg32.dll 0x00000001acb8c930 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\oleacc.dll 0x00000001acb8e8e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\oleaccrc.dll 0x00000001acb90120 14 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\iedkcs32.dll 0x00000001acb91790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001acb92190 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Translators.dll 0x00000001acb92f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acb93070 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\R4EED64A.dll 0x00000001acb93a90 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SWIManagement.dll 0x00000001acb93be0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll 0x00000001acb944c0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\R4EEL64A.dll 0x00000001acb95210 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d8thk.dll 0x00000001acb958e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acb96300 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001acb97350 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001acb9a570 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\EAPQEC.DLL 0x00000001acb9b660 1 1 ------ \Device\Afd\Endpoint 0x00000001acb9ccb0 16 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Power Management\DE-DE\SPMgr.exe.mui 0x00000001acba31d0 7 0 R--rwd \Device\HarddiskVolume3\Windows\System32\vbscript.dll 0x00000001acba33c0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d9.dll 0x00000001acba42f0 4 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001acba58e0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SystemInformation.dll 0x00000001acba5e80 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nvapi64.dll 0x00000001acba8bd0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msxml6.dll 0x00000001acbac790 14 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll 0x00000001acbaeb50 17 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\SystemMetadataCollector.dll 0x00000001acbaf640 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msisip.dll 0x00000001acbb2dd0 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001acbb9190 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nvsvcr.dll 0x00000001acbbbf20 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acbbc800 13 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF 0x00000001acbbe8e0 5 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\nvuir.dll 0x00000001acbc0bc0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acbc2360 10 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll 0x00000001acbc3070 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001acbc34d0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acbc38e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ncsi.dll 0x00000001acbc7070 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msxml6r.dll 0x00000001acbc7f20 16 0 R----- \Device\HarddiskVolume3 0x00000001acbcd530 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001acbcf8e0 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SavSecurity.dll 0x00000001acbd7150 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acbd7bb0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001acbd86b0 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\VISLIB.DLL 0x00000001acbdc6d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\samcli.dll 0x00000001acbdde60 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVI.dll 0x00000001acbde4a0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk 0x00000001acbdedd0 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\oleacc.dll 0x00000001acbdef20 11 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll 0x00000001acbe1cb0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wsnmp32.dll 0x00000001acbe3070 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wship6.dll 0x00000001acbe33b0 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WSHTCPIP.DLL 0x00000001acbe38e0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\OSDP.dll 0x00000001acbe3f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mswsock.dll 0x00000001acbe6070 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\LegacyConsumers.dll 0x00000001acbe6ea0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winmm.dll 0x00000001acbea4d0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Veex.dll 0x00000001acbeb4c0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acbeb720 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001acbed6d0 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\SWCAdapter.dll 0x00000001acbf3070 7 1 R--rwd \Device\HarddiskVolume3???? 0x00000001acbf48e0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mmsys.cpl 0x00000001acbfb070 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sscore.dll 0x00000001acbfd480 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\credssp.dll 0x00000001acc008e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\cga40850.fon 0x00000001acc00e70 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wininit.exe 0x00000001acc03df0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acc048e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\ega40850.fon 0x00000001acc088e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acc0dd10 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus.dll 0x00000001acc0e8e0 13 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\libxml2.dll 0x00000001acc0fbc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001acc0ff20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acc128e0 1 1 ------ \Device\NamedPipe\wkssvc 0x00000001acc198e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001acc1abd0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pstorec.dll 0x00000001acc1cdc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000001acc1e5c0 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wbem\wbemprox.dll 0x00000001acc20db0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acc23b10 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll 0x00000001acc24b40 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sxs.dll 0x00000001acc24f20 10 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\Sophos\SOPHOS~2\SOPHOS~2.DLL 0x00000001acc26580 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wbemcomn.dll 0x00000001acc266d0 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acc27070 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\certcli.dll 0x00000001acc286c0 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wscapi.dll 0x00000001acc288e0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll 0x00000001acc2e300 1 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acc30070 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll 0x00000001acc318e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\timedate.cpl 0x00000001acc45180 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imm32.dll 0x00000001acc49bd0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt49.dll 0x00000001acc528e0 11 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\msjh.ttf 0x00000001acc53be0 10 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x00000001acc53db0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk 0x00000001acc67dd0 5 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\SgmlReaderDll.dll 0x00000001acc714d0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 0x00000001acc71700 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\apphelp.dll 0x00000001acc72c20 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\scext.dll 0x00000001acc73070 1 1 ------ \Device\NamedPipe\InitShutdown 0x00000001acc74e90 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acc776b0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll 0x00000001acc78070 16 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\malgun.ttf 0x00000001acc7a4f0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wevtsvc.dll 0x00000001acc7af20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\GWX\GWX.exe 0x00000001acc7b8e0 3 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\gulim.ttc 0x00000001acc7edc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acc81070 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winlogon.exe 0x00000001acc81f20 8 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\meiryo.ttc 0x00000001acc82c00 16 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001acc82f20 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll 0x00000001acc83300 10 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\msyh.ttf 0x00000001acc84b80 15 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001acc84f20 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll 0x00000001acc85d10 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\SmartThreadPool.dll 0x00000001acc86570 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winsta.dll 0x00000001acc89a90 5 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\segoeuib.ttf 0x00000001acc8a070 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 0x00000001acc8b340 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msls31.dll 0x00000001acc8c520 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\000015.log 0x00000001acc8c8e0 13 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\msgothic.ttc 0x00000001acc92710 4 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\simsun.ttc 0x00000001acc93070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001acc95e20 2 1 ------ \Device\NamedPipe\InitShutdown 0x00000001acc96070 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\marlett.ttf 0x00000001acc96790 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SAM.LOG1 0x00000001acc96980 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SAM.LOG2 0x00000001acc96c40 5 0 R--r-- \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x00000001acc9f1a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001acca0f20 10 0 R--r-d \Device\HarddiskVolume3\Program Files\Sandboxie\SbieDll.dll 0x00000001acca2320 13 0 R--r-d \Device\HarddiskVolume3\Windows\AppPatch\AcGenral.dll 0x00000001acca2df0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acca3790 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acca38e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c 0x00000001acca4240 12 0 RW-r-d \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Cache\e1c13e426e7011e18a7e806e6f6e6963.cache 0x00000001acca8130 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acca98e0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem34.PNF 0x00000001accaa070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accac500 1 1 ------ \Device\NamedPipe\InitShutdown 0x00000001accacf20 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accadf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001accaee90 13 0 R--r-- \Device\HarddiskVolume3\Windows\System32\catroot2\edb.log 0x00000001accaf910 3 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x00000001accb46f0 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem111.PNF 0x00000001accb4a60 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\services.exe 0x00000001accb4d10 12 0 R--r-- \Device\HarddiskVolume3\Windows\Globalization\Sorting\SortDefault.nls 0x00000001accb59c0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WlS0WndH.dll 0x00000001accba580 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sspicli.dll 0x00000001accba970 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 0x00000001accbb480 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accbc4d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\lsm.exe 0x00000001accbdb70 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sysntfy.dll 0x00000001accbf430 19 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46082-07b0-11e5-be3f-f0bf97d84308}.TM.blf 0x00000001accc0790 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\lsass.exe 0x00000001accc08e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001accc0c00 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\samsrv.dll 0x00000001accc17a0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sspisrv.dll 0x00000001accc53f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001accc5a70 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\scesrv.dll 0x00000001accc6c40 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wevtapi.dll 0x00000001accc7710 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\secur32.dll 0x00000001accc98e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptdll.dll 0x00000001accca070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\srvcli.dll 0x00000001accca870 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\lsasrv.dll 0x00000001accd0070 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cngaudit.dll 0x00000001accd06c0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\aelupsvc.dll 0x00000001accd0e60 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SECURITY.LOG2 0x00000001accd3880 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\authz.dll 0x00000001accd3e20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmsgapi.dll 0x00000001accd69c0 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msacm32.dll 0x00000001accd81d0 13 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\iconv.dll 0x00000001accd8a60 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\msvcp71.dll 0x00000001accd8e20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001accdb560 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001accdd850 4 0 R--rwd \Device\HarddiskVolume3\Windows\win.ini 0x00000001accde200 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\BFE.DLL 0x00000001accdecb0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\hcwhite.theme 0x00000001accdee20 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\appinfo.dll 0x00000001acce0f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdHelper.dll 0x00000001acce1070 9 0 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000044.db 0x00000001acce1830 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\adsldpc.dll 0x00000001acce1980 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netjoin.dll 0x00000001acce1f20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdCryptoUtils.dll 0x00000001acce2cb0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll 0x00000001acce4f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acce54f0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acce8d50 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\scecli.dll 0x00000001acce9280 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msprivs.dll 0x00000001acce9450 16 0 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db 0x00000001acce9dc0 3 0 R--rwd \Device\HarddiskVolume3\Windows\System32\regsvr32.exe 0x00000001acceba20 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\qmgr.dll 0x00000001accebd00 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mpr.dll 0x00000001accf1b60 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 0x00000001accf28e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mswsock.dll 0x00000001accf3220 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netlogon.dll 0x00000001accf5070 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\sseriff.fon 0x00000001accf64d0 1 1 ------ \Device\NamedPipe\lsass 0x00000001accf79d0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 0x00000001accf7b20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dhcpcore.dll 0x00000001accf7c90 11 0 ------ \Device\HarddiskVolume3\Windows\System32\C_28591.NLS 0x00000001accf7f20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\dmocx.dll 0x00000001accf8070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 0x00000001accf9900 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk 0x00000001accfaaa0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\browser.dll 0x00000001accfac00 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accfbc00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accfbf20 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001accfc070 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\kerberos.dll 0x00000001accfd780 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\comres.dll 0x00000001accfe070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\logoncli.dll 0x00000001accfec80 9 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro.ttf 0x00000001accfedd0 9 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro-Italic.ttf 0x00000001accfef20 6 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro-Bold.ttf 0x00000001accffa40 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msv1_0.dll 0x00000001acd008e0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\classic.theme 0x00000001acd014b0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wship6.dll 0x00000001acd018e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\efslsaext.dll 0x00000001acd02420 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd048e0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd07840 1 1 -W-rw- \Device\HarddiskVolume3\Windows\debug\PASSWD.LOG 0x00000001acd08b00 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 0x00000001acd09820 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cryptsvc.dll 0x00000001acd0ae20 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mstask.dll 0x00000001acd0b370 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acd0bcb0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmpps.dll 0x00000001acd0bf20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd104c0 1 1 ------ \Device\NamedPipe\trkwks 0x00000001acd116c0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe 0x00000001acd12570 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdigest.dll 0x00000001acd15a30 1 1 ------ \Device\NamedPipe\protected_storage 0x00000001acd15b80 2 1 ------ \Device\NamedPipe\protected_storage 0x00000001acd15cd0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FDResPub.dll 0x00000001acd15e20 1 1 ------ \Device\NamedPipe\protected_storage 0x00000001acd183a0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\schannel.dll 0x00000001acd1a070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dps.dll 0x00000001acd1c4d0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 0x00000001acd1db20 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\TSpkg.dll 0x00000001acd1f6b0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fdPHost.dll 0x00000001acd218e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 0x00000001acd23070 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x00000001acd23dd0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\gpapi.dll 0x00000001acd23f20 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hidserv.dll 0x00000001acd248e0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\efssvc.dll 0x00000001acd24cb0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd258e0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\eapsvc.dll 0x00000001acd25b50 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FXSRESM.dll 0x00000001acd26570 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\credssp.dll 0x00000001acd26970 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pku2u.dll 0x00000001acd27b30 16 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll 0x00000001acd29d90 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\sam 0x00000001acd2ab20 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem81.PNF 0x00000001acd2df20 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mmcss.dll 0x00000001acd2fcb0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001acd32a70 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd33800 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acd35350 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\lmhsvc.dll 0x00000001acd354a0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wkssvc.dll 0x00000001acd35b00 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Packet.dll 0x00000001acd35d10 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FntCache.dll 0x00000001acd36cf0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd38b50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd38dc0 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF 0x00000001acd39410 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\netprofm.dll 0x00000001acd39800 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pnrpsvc.dll 0x00000001acd3ae60 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WlanMM.dll 0x00000001acd3b6d0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FirewallAPI.dll 0x00000001acd3bdc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acd3c860 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ListSvc.dll 0x00000001acd3ddc0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\umpo.dll 0x00000001acd3e5a0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\keyiso.dll 0x00000001acd40070 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\powercpl.dll 0x00000001acd408e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nsisvc.dll 0x00000001acd40dc0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\p2psvc.dll 0x00000001acd41410 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd41770 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd42d60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd433d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\provsvc.dll 0x00000001acd43530 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\srvsvc.dll 0x00000001acd43c60 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\iphlpsvc.dll 0x00000001acd44a40 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd453d0 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\sfc_os.dll 0x00000001acd45e60 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe 0x00000001acd4a970 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\VSNClient.exe 0x00000001acd4af20 4 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll 0x00000001acd4ba60 6 6 ------ \Device\Afd\Endpoint 0x00000001acd4d650 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IPBusEnum.dll 0x00000001acd4dd20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IKEEXT.DLL 0x00000001acd4e380 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netman.dll 0x00000001acd4e5f0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sstpsvc.dll 0x00000001acd4ef20 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd4f470 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nlasvc.dll 0x00000001acd4ff20 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DFF9253795AEF2CCE8.TMP 0x00000001acd50840 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pcasvc.dll 0x00000001acd50990 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\miguiresource.dll 0x00000001acd51790 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\umpnpmgr.dll 0x00000001acd518e0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netprofm.dll 0x00000001acd51b60 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\Sens.dll 0x00000001acd51f20 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\schedsvc.dll 0x00000001acd52a40 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd53570 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shsvcs.dll 0x00000001acd55a40 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tapisrv.dll 0x00000001acd56310 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RpcEpMap.dll 0x00000001acd56a40 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\profsvc.dll 0x00000001acd576c0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\psbase.dll 0x00000001acd57a40 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasmans.dll 0x00000001acd58650 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wiaservc.dll 0x00000001acd58a40 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\themeservice.dll 0x00000001acd59f20 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\w32time.dll 0x00000001acd5a070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spoolsv.exe 0x00000001acd5b070 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sysmain.dll 0x00000001acd5b300 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ssdpsrv.dll 0x00000001acd5b940 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001acd5bb20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\upnphost.dll 0x00000001acd5c350 4 0 R--r-d \Device\HarddiskVolume3\Windows\servicing\TrustedInstaller.exe 0x00000001acd5cf20 1 1 ------ \Device\NamedPipe\scerpc 0x00000001acd5d490 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wdi.dll 0x00000001acd5d8e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WMIsvc.dll 0x00000001acd5dcb0 1 1 ------ \Device\NamedPipe\ntsvcs 0x00000001acd5e1f0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dwm.exe 0x00000001acd5f070 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Windows Media Player\wmpnetwk.exe 0x00000001acd5f790 1 1 ------ \Device\NamedPipe\ntsvcs 0x00000001acd5fe60 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wuaueng.dll 0x00000001acd61580 2 1 ------ \Device\NamedPipe\scerpc 0x00000001acd61820 1 1 ------ \Device\NamedPipe\scerpc 0x00000001acd61f20 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\SesMgr.dll 0x00000001acd62750 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd63070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd63480 20 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd64070 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 0x00000001acd64700 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wercplsupport.dll 0x00000001acd64bf0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winhttp.dll 0x00000001acd688e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wscsvc.dll 0x00000001acd6a700 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WUDFSvc.dll 0x00000001acd6a8a0 2 1 ------ \Device\NamedPipe\ntsvcs 0x00000001acd6b540 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ubpm.dll 0x00000001acd6c250 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wpccpl.dll 0x00000001acd6d2c0 1 1 ------ \Device\NamedPipe\plugplay 0x00000001acd6d410 2 1 ------ \Device\NamedPipe\plugplay 0x00000001acd6e5d0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\svchost.exe 0x00000001acd6f8c0 1 1 ------ \Device\NamedPipe\plugplay 0x00000001acd6fa10 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\devrtl.dll 0x00000001acd736c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acd73aa0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SPInf.dll 0x00000001acd75260 4 1 RW-rwd \Device\HarddiskVolume3\pgData93\global\12025 0x00000001acd754b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001acd78820 3 1 ------ \Device\NamedPipe\pgsignal_4408 0x00000001acd796d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\msvcr71.dll 0x00000001acd7bcd0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\IconCodecService.dll 0x00000001acd7ed20 2 1 ------ \Device\Afd\Endpoint 0x00000001acd805e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll 0x00000001acd835c0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acd85910 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\pcwum.dll 0x00000001acd86070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\powrprof.dll 0x00000001acd89560 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acd8a750 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nvvsvc.exe 0x00000001acd8d310 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd8edd0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 0x00000001acd90980 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd90ad0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd931e0 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd95070 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\imm32.dll 0x00000001acd95370 8 0 R--r-d \Device\HarddiskVolume3\PROGRA~2\Sophos\SOPHOS~2\SOPHOS~1.DLL 0x00000001acd99b00 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd9b400 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd9bd10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acd9c560 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001acd9fa10 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\sfc.dll 0x00000001acda0b60 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\config.dll 0x00000001acda0d10 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 0x00000001acda39b0 2 1 ------ \Device\Afd\Endpoint 0x00000001acda5cf0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ntmarta.dll 0x00000001acda5f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acda7630 7 0 R--r-d \Device\HarddiskVolume3\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll 0x00000001acda9890 26 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acdaa6f0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat{376f72bb-a493-11e4-80fb-806e6f6e6963}.TM.blf 0x00000001acdaaf20 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync.exe 0x00000001acdab4d0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat{376f72bb-a493-11e4-80fb-806e6f6e6963}.TM 0x00000001acdab6a0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat{376f72bb-a493-11e4-80fb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 0x00000001acdad8e0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll 0x00000001acdaebc0 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 0x00000001acdaed10 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll 0x00000001acdaee60 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 0x00000001acdaf070 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat 0x00000001acdaf1c0 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acdaf8e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rpcss.dll 0x00000001acdb0cc0 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-46c-0 0x00000001acdb1f20 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat{376f72bb-a493-11e4-80fb-806e6f6e6963}.TM 0x00000001acdb3cf0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\ntuser.dat{376f72bb-a493-11e4-80fb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 0x00000001acdb9a40 2 1 ------ \Device\Afd\Endpoint 0x00000001acdbb4e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wshqos.dll 0x00000001acdbb970 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WSHTCPIP.DLL 0x00000001acdbd070 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem159.PNF 0x00000001acdbe070 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Config 0x00000001acdc03e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\netmsg.dll 0x00000001acdc28e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001acdc2af0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001acdc5790 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acdc6340 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\SPInf.dll 0x00000001acdc8b70 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\devmgmt.msc 0x00000001acdc8f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001acdc9f20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001acdcb570 1 1 ------ \Device\Afd\Endpoint 0x00000001acdcbf20 2 1 ------ \Device\Afd\Endpoint 0x00000001acdcc070 2 1 ------ \Device\Afd\Endpoint 0x00000001acdce8e0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acdcee00 1 1 ------ \Device\Afd\Endpoint 0x00000001acdcf070 13 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442\GdiPlus.dll 0x00000001acdcf5a0 2 1 ------ \Device\Afd\Endpoint 0x00000001acdcf820 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msxml6.dll 0x00000001acdd22e0 1 1 ------ \Device\NamedPipe\epmapper 0x00000001acdd2a50 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 0x00000001acdd48e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\version.dll 0x00000001acdd6350 2 1 ------ \Device\Afd\Endpoint 0x00000001acdd9070 2 1 ------ \Device\NamedPipe\epmapper 0x00000001acdda7a0 1 1 ------ \Device\NamedPipe\epmapper 0x00000001acddb410 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-3dc-0 0x00000001acddbcc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\ARM\1.0 0x00000001acddd5a0 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat 0x00000001acddf8e0 2 1 ------ \Device\Afd\Endpoint 0x00000001acde0590 2 1 ------ \Device\NamedPipe\LSM_API_service 0x00000001acde0830 1 1 ------ \Device\NamedPipe\LSM_API_service 0x00000001acde1740 2 1 ------ \Device\Afd\Endpoint 0x00000001acde1a50 2 1 ------ \Device\Afd\Endpoint 0x00000001acde2f20 1 1 ------ \Device\NamedPipe\LSM_API_service 0x00000001acde4c80 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\LogonUI.exe 0x00000001acde4f20 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\devrtl.dll 0x00000001acde6070 11 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\46d90c113a7b13769cfa8c34aec9338b\System.Configuration.Install.ni.dll 0x00000001acde7070 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat{376f72bf-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001acde7a10 24 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx 0x00000001acde7b60 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\desk.cpl 0x00000001acdeab20 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.LicensingV125.dll 0x00000001acded8e0 1 1 RW---- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 0x00000001acdf0670 1 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro-Italic.ttf 0x00000001acdf74b0 2 1 RW-r-- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\ntuser.dat{376f72bf-a493-11e4-80fb-f0bf97d84308}.TM.blf 0x00000001acdfa370 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem48.PNF 0x00000001acdfa4c0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cabinet.dll 0x00000001acdfb070 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x00000001acdfe710 1 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro.ttf 0x00000001acdfe860 1 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\Fonts\MyriadWebPro-Bold.ttf 0x00000001acdff580 12 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\wbem\repository\MAPPING1.MAP 0x00000001ace31650 1 1 RW-r-d \Device\HarddiskVolume3\Windows\System32\wdi\LogFiles\WdiContextLog.etl.002 0x00000001ace318e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace335b0 1 1 R--r-d \Device\HarddiskVolume3\Windows\ehome\WTVGOTHIC-S.ttc 0x00000001ace35070 1 1 R--r-d \Device\HarddiskVolume3\Windows\ehome\malgunmc.ttf 0x00000001ace35640 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cdd.dll 0x00000001ace454b0 8 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\d9ef873b190c9df202c3f9f8a5d38c48\Accessibility.ni.dll 0x00000001ace486b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ace4a650 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\pngfilt.dll 0x00000001ace4a7b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace4abd0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Users\Admin\ntuser.dat{376f72c4-a493-11e4-80fb-f0bf97d84308}.TM 0x00000001ace4bd10 7 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\rtutils.dll 0x00000001ace4e4d0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fundisc.dll 0x00000001ace4f3b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ace50420 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace52c40 11 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$Mft 0x00000001ace55070 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace554e0 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000477.ldb 0x00000001ace588d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ace598e0 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\devmgr.dll 0x00000001ace59d10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace5ab70 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ace5bf20 2 1 ------ \Device\Afd\Endpoint 0x00000001ace5cf20 15 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\f9a8d45bca0ef3414c8a439de2ceee1c\System.Management.ni.dll 0x00000001ace62ab0 1 1 R--r-d \Device\HarddiskVolume3 0x00000001ace653b0 2 1 ------ \Device\Afd\Endpoint 0x00000001ace65d10 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aapbdbdomjkkjkaonfhkkikfgjllcleb\LOCK 0x00000001ace66070 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\QAGENT.DLL 0x00000001ace66670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ace66930 1 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 0x00000001ace68330 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001ace69670 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace6b070 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\LithosPro-Black.otf 0x00000001ace6bf20 5 0 R--rwd \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe 0x00000001ace706d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ExplorerFrame.dll 0x00000001ace73f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace76590 15 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\68165d10767e5e6b4c4992c03cf78fa0\System.Data.ni.dll 0x00000001ace76e80 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 0x00000001ace77870 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ace78070 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\msvcr110.dll 0x00000001ace79070 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdtclog.dll 0x00000001ace793e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ace7b890 1 1 ------ \Device\NamedPipe\ROUTER 0x00000001ace7c650 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeuib.ttf 0x00000001ace7ead0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 0x00000001ace82120 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001ace82520 3 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mapi32.dll 0x00000001ace832f0 3 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\172188ae7ffc00280c3b791f4bbdd9e0\WindowsBase.ni.dll 0x00000001ace842f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ace857b0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001ace86580 11 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal 0x00000001ace86950 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace86bf0 1 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\ESRV_SVC.evtx 0x00000001ace882d0 32 0 -W-rw- \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x00000001ace88cd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ace896e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ace8b070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ace8bdd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ace8bf20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Drive 0x00000001ace8c070 1 1 ------ \Device\Afd\Endpoint 0x00000001ace8c1e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ace8c8b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ace8cc80 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ace8cf20 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ace8ef20 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace90290 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ace90c00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace91f20 10 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSync.LocalizedResources.dll 0x00000001ace93430 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\encrashrep.dll 0x00000001ace93730 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK 0x00000001ace946b0 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ace95320 4 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\LoggingPlatform.dll 0x00000001ace99320 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem23.PNF 0x00000001ace9a530 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ace9a820 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001ace9bf20 2 1 ------ \Device\NamedPipe\mojo.6908.6912.16225961821779528379 0x00000001ace9cf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ace9eb70 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ace9fb80 6 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\33c653e433c43f31f765b8f91e6c8416\System.ServiceModel.Internals.ni.dll 0x00000001ace9ff20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001acea16c0 13 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$Mft 0x00000001acea3450 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\a74dd505\00ab0e48_3db7cb01\Microsoft.Office.Tools.Outlook.v4.0.Utilities.DLL 0x00000001acea55e0 16 0 R--rwd \Device\HarddiskVolume3????????????? 0x00000001acea5bc0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\jscript9.dll 0x00000001acea6dd0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.7696450697790296062 0x00000001acea6f20 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acea8b70 16 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx 0x00000001acea8dd0 2 1 ------ \Device\NamedPipe\ROUTER 0x00000001acea8f20 1 1 ------ \Device\NamedPipe\ROUTER 0x00000001acea96e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\687652cdc9b32bd8e530be3a7da88810\System.Configuration.ni.dll 0x00000001aceaa4d0 4 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncSessions.dll 0x00000001aceab7b0 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aceaba20 2 1 ------ \Device\NamedPipe\chrome.6908.0.32004521 0x00000001aceac6b0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001acead3e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\stdole2.tlb 0x00000001acead590 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001aceaddd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aceb0d20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aceb1d20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001aceb3d20 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll 0x00000001aceb4a30 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17469146421412154049 0x00000001aceb50f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aceb5460 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aceb59b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aceb5f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001aceb9530 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001aceb98e0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wmploc.DLL 0x00000001acebb3b0 28 0 RW-rw- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\DRM\drmstore.hds 0x00000001acebc200 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acebc350 1 1 ------ \Device\NamedPipe\tapsrv 0x00000001acebff20 5 0 R--r-- \Device\HarddiskVolume3\Windows\System32\DriverStore\infstor.dat 0x00000001acec06d0 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\credui.dll 0x00000001acec34b0 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001acec4b70 1 1 -WDr-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\lockfile 0x00000001acec5530 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mscms.dll 0x00000001acec6190 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aced0070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aced0380 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db-wal 0x00000001aced1520 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001aced2070 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\SEGOEUISL.TTF 0x00000001aced43e0 1 1 R--r-- \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\NETSYM_M.VSS 0x00000001aced4530 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU 0x00000001aced61f0 10 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfafifkblojjoeogacijogdmkjhkgkh\1_0\Cached Theme.pak 0x00000001aced7280 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\snapshot.db-wal 0x00000001aced7530 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aced9590 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.107.121285963 0x00000001aced96e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aced9d10 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\unimdm.tsp 0x00000001acedb6e0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001acedbc90 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001acedcd20 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\icudt53.dll 0x00000001acedd3d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001acedd520 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acedd820 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aceddd20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\HttpUpdate\HttpUpdateBL.dll 0x00000001acedf8e0 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acee0810 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\ulib.dll 0x00000001acee2970 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001acee7ac0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\MSJH.TTC 0x00000001aceef480 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001acef2350 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SOCIALCONNECTOR.DLL 0x00000001acef72c0 1 1 R--r-- \Device\HarddiskVolume3\Windows\csup.txt 0x00000001acef7dd0 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\msvcp110.dll 0x00000001acef8900 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001acefc5a0 2 1 ------ \Device\Afd\Endpoint 0x00000001acf01f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001acf02860 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acf03690 6 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\UCAddin.dll 0x00000001acf07780 2 1 ------ \Device\NamedPipe\chrome.6908.16.110518203 0x00000001acf07f20 19 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aac-b83b-11e3-ace5-806e6f6e6963}.TxR.0.regtrans-ms 0x00000001acf095b0 16 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\2e55e4a02830670bf75dfba5c32fc2a9\System.EnterpriseServices.ni.dll 0x00000001acf09700 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001acf0c3c0 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\RemoteAccess.dll 0x00000001acf0c8f0 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\Telemetry.dll 0x00000001acf15590 19 1 RW-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Tamper Protection\logs\TamperProtection.txt 0x00000001acf17760 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001acf19360 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\Logs\asl.120743_28Jun15.log 0x00000001acf1d8e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_config.db 0x00000001acf1de60 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe 0x00000001acf1e330 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf20070 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\d3d10level9.dll 0x00000001acf216d0 4 0 R--rwd \Device\HarddiskVolume3\Users\Public\Libraries\RecordedTV.library-ms 0x00000001acf21f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf287b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001acf28aa0 28 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\Logs\asl.120743_28Jun15.log 0x00000001acf29070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf29c60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acf2b5b0 12 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll 0x00000001acf2bf20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001acf2c070 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acf2cf20 8 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.Utils.v14.2.dll 0x00000001acf2e800 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal 0x00000001acf30290 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\taskschd.dll 0x00000001acf35a10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acf368e0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 0x00000001acf382c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001acf384c0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf392f0 2 1 ------ \Device\NamedPipe\chrome.6908.7.108890161 0x00000001acf39440 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\nvwgf2um.dll 0x00000001acf395b0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll 0x00000001acf40070 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal 0x00000001acf442f0 9 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.Upgrading.ClientLibrary.dll 0x00000001acf459f0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Burn 0x00000001acf48560 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acf49570 12 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\hidphone.tsp.mui 0x00000001acf49a70 11 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32process.pyd 0x00000001acf4a580 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf4ee90 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001acf54cd0 2 1 ------ \Device\NamedPipe\W32TIME_ALT 0x00000001acf57ca0 1 1 RW-rw- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\DRM\drmstore.hds 0x00000001acf5a810 13 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\NVIDIA\GLCache\a8e94eae86f20c1229e5b433d1085926\47408a7f6905bc01\f76ec40448865734.bin 0x00000001acf5b710 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal 0x00000001acf5db10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001acf5eaa0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll 0x00000001acf63400 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemdisp.dll 0x00000001acf6b070 2 1 ------ \Device\NamedPipe\mojo.6908.2092.7021255824655493149 0x00000001acf6cf20 16 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\jscript9.dll.mui 0x00000001acf6e790 33 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acf6e8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001acf73a40 14 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 0x00000001acf76d30 1 1 RW---- \Device\HarddiskVolume3\Users\Administrator\ntuser.dat.LOG2 0x00000001acf79070 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf7aa80 18 1 -W-rw- \Device\HarddiskVolume3\ProgramData\NVIDIA\Updatus\updtclient.log 0x00000001acf7b580 3 1 ------ \Device\Afd\Endpoint 0x00000001acf7bf20 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\1033\VISINTL.DLL 0x00000001acf7c700 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hcproviders.dll 0x00000001acf7d070 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.ServiceCore.dll 0x00000001acf7d1e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acf7f8e0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\hc1.theme 0x00000001acf81f20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acf87070 1 1 ------ \Device\Afd\Endpoint 0x00000001acf88900 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreText.dll 0x00000001acf8d070 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll 0x00000001acf8e1d0 32 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log 0x00000001acf8e320 2 1 ------ \Device\NamedPipe\mojo.6908.6912.18286597511421326635 0x00000001acf8e590 2 1 ------ \Device\NamedPipe\mojo.6908.6912.18286597511421326635 0x00000001acf8fa40 2 1 ------ \Device\Afd\Endpoint 0x00000001acf92a40 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aac-b83b-11e3-ace5-806e6f6e6963}.TxR.blf 0x00000001acf936d0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msidle.dll 0x00000001acf94f20 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ddrawex.dll 0x00000001acf96580 2 1 ------ \Device\NamedPipe\chrome.6908.7.108890161 0x00000001acf99070 12 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\_elementtree.pyd 0x00000001acf99d00 2 1 ------ \Device\NamedPipe\f8876be6-912f-4c2e-bdff-9f5b84a354a6 0x00000001acfa0070 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem12.PNF 0x00000001acfa0460 7 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wx._html2.pyd 0x00000001acfa1f20 1 1 ------ \Device\NamedPipe\W32TIME_ALT 0x00000001acfa2560 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dajedkncpodkggklbegccjpmnglmnflm\LOCK 0x00000001acfa3da0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WibuCm32.lde 0x00000001acfa5c20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001acfa74c0 10 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\wxmsw294u_webview_vc90.dll 0x00000001acfa7610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001acfa7d10 2 1 RWD--- \Device\clfs\SystemRoot\System32\Config\TxR\{8c266aac-b83b-11e3-ace5-806e6f6e6963}.TxR 0x00000001acfaef20 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt 0x00000001acfb1320 7 0 R--rwd \Device\HarddiskVolume3\Windows\System32\netprofm.dll 0x00000001acfb78f0 16 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000478.log 0x00000001acfb7dd0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001acfbdb20 8 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\5498218f7242a7abfea8149a651b8212\PresentationFramework.ni.dll 0x00000001acfbdcc0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14409754749775168600 0x00000001acfc1560 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001acfc1d10 12 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Adobe\Elements 9 Organizer\Assets\locale\de_DE\zstring.dct 0x00000001acfc3d50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfc7580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001acfc8590 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wwapi.dll 0x00000001acfcaa50 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\PowerISO\PWRISOVM.EXE 0x00000001acfcaba0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasppp.dll 0x00000001acfcb360 3 2 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync.exe 0x00000001acfd7640 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\ntuser.dat.LOG2 0x00000001acfdc2c0 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 0x00000001acfde420 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfde570 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\app850.fon 0x00000001acfe1790 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfe4a70 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\bthci.dll 0x00000001acfe5a60 11 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\usbmon.dll.mui 0x00000001acfe66c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfe92c0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mfc100deu.dll 0x00000001acfea900 16 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\de\aspnet_rc.dll 0x00000001acfeaa50 11 1 R--r-d \Device\HarddiskVolume3\Windows\ehome\WTVGOTHIC-S.ttc 0x00000001acfeb2a0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\AuxiliaryDisplayClassInstaller.dll 0x00000001acfeb8e0 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\certprop.dll 0x00000001acfed6d0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mfc100u.dll 0x00000001acfee8e0 8 1 R--r-d \Device\HarddiskVolume3\Windows\ehome\malgunmc.ttf 0x00000001acfef8e0 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfefb30 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sxssrv.dll 0x00000001acff9070 2 1 ------ \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER 0x00000001acff9f20 3 1 ------ \Device\NamedPipe\pgsignal_4416 0x00000001acffb330 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll 0x00000001acffb4e0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe 0x00000001acffcb00 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 0x00000001acffdd10 9 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\cga80850.fon 0x00000001acffe790 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\vga850.fon 0x00000001acffe8e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\vgasys.fon 0x00000001acfff1c0 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001acfff4e0 4 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\win32k.sys.mui 0x00000001ad03fd50 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 0x00000001ad041070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imm32.dll 0x00000001ad042070 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\setupapi.dll 0x00000001ad044070 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\psapi.dll 0x00000001ad045070 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\usp10.dll 0x00000001ad046070 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 0x00000001ad047070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\urlmon.dll 0x00000001ad048070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 0x00000001ad049070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\gdi32.dll 0x00000001ad0496c0 9 0 ------ \Device\HarddiskVolume3\Windows\System32\locale.nls 0x00000001ad04b070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shell32.dll 0x00000001ad04c2a0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\DEFAULT.LOG1 0x00000001ad04c8e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\basesrv.dll 0x00000001ad04ce60 16 0 R--rwd \Device\HarddiskVolume3\Windows\Web\Wallpaper\Landscapes\Desktop.ini 0x00000001ad04d070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\userenv.dll 0x00000001ad04e780 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winsrv.dll 0x00000001ad04f070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wininet.dll 0x00000001ad04f2a0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\default 0x00000001ad050070 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\devobj.dll 0x00000001ad051070 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 0x00000001ad0514f0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\csrss.exe 0x00000001ad0518e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ad052700 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\shlwapi.dll 0x00000001ad053070 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\crypt32.dll 0x00000001ad0539c0 8 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32event.pyd 0x00000001ad053b60 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad053e60 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 0x00000001ad054070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 0x00000001ad0545b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cryptbase.dll 0x00000001ad056070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 0x00000001ad0568e0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\DEFAULT.LOG2 0x00000001ad057070 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 0x00000001ad057530 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ad057b40 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\sspicli.dll 0x00000001ad058070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 0x00000001ad059070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 0x00000001ad059520 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wininet.dll 0x00000001ad0598e0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msvcrt.dll 0x00000001ad05a070 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wintrust.dll 0x00000001ad05a630 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\difxapi.dll 0x00000001ad05af20 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\nsi.dll 0x00000001ad05b070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 0x00000001ad05b8e0 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 0x00000001ad05c070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msasn1.dll 0x00000001ad05c8e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cfgmgr32.dll 0x00000001ad05d070 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 0x00000001ad05d630 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\rpcrt4.dll 0x00000001ad05d8e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\imm32.dll 0x00000001ad05e070 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\comctl32.dll 0x00000001ad05e640 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\urlmon.dll 0x00000001ad05e790 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\oleaut32.dll 0x00000001ad05f070 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\userenv.dll 0x00000001ad05f400 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\sechost.dll 0x00000001ad05f780 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\profapi.dll 0x00000001ad05fbb0 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\devobj.dll 0x00000001ad060070 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msasn1.dll 0x00000001ad060a40 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\comctl32.dll 0x00000001ad0618e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\imagehlp.dll 0x00000001ad062070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\profapi.dll 0x00000001ad062b50 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\user32.dll 0x00000001ad063510 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\msctf.dll 0x00000001ad063680 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 0x00000001ad064070 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 0x00000001ad064400 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\iertutil.dll 0x00000001ad0648e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\normaliz.dll 0x00000001ad064b00 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad064c50 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\shell32.dll 0x00000001ad066070 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\crypt32.dll 0x00000001ad066610 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\lpk.dll 0x00000001ad066b00 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad066e60 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ole32.dll 0x00000001ad067070 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wintrust.dll 0x00000001ad0672e0 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\psapi.dll 0x00000001ad067b50 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ws2_32.dll 0x00000001ad068070 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\gdi32.dll 0x00000001ad0688e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\setupapi.dll 0x00000001ad068f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 0x00000001ad069670 15 0 ------ \Device\HarddiskVolume3\Windows\System32\C_437.NLS 0x00000001ad06a070 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{376f72c8-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001ad06b2d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001ad06be50 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\WmiPrvSD.dll 0x00000001ad06d1a0 2 1 ------ \Device\NamedPipe\ 0x00000001ad06d820 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll 0x00000001ad077070 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\advapi32.dll 0x00000001ad077760 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 0x00000001ad077f20 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad07a050 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad07a7d0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 0x00000001ad07dcb0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 0x00000001ad07e4d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nsi.dll 0x00000001ad07ff20 3 1 RW--w- \Device\HarddiskVolume3\pagefile.sys 0x00000001ad080070 30 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad082610 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad083180 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\KernelBase.dll 0x00000001ad083560 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\EEConsumer.dll 0x00000001ad089cb0 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\usp10.dll 0x00000001ad08dc10 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\comdlg32.dll 0x00000001ad205340 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001ad2068c0 9 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$Directory 0x00000001ad208310 12 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\WnsClientApi.dll 0x00000001ad2098a0 12 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites 0x00000001ad20add0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.8545457003035273574 0x00000001ad20af20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ad23c590 1 1 ------ \Device\Afd\Endpoint 0x00000001ad23fc80 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad240440 11 0 R--rwd \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ad240900 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\icudt46.dll 0x00000001ad246380 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FXSAPI.dll 0x00000001ad246f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ad24b930 1 1 R----- \Device\HarddiskVolume3\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 0x00000001ad24cf20 29 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad24ebd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ad251d80 24 0 RW-rwd \Device\HarddiskVolume2\$Mft 0x00000001ad253710 2 1 ------ \Device\Afd\Endpoint 0x00000001ad253f20 3 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\57a0233323e1e6a18f5fcc2c51422ec3\Microsoft.VisualBasic.ni.dll 0x00000001ad255f20 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\pthreadVC2.dll 0x00000001ad257cc0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad25b460 16 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\LetterGothicStd-Bold.otf 0x00000001ad25da40 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad25e670 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ad260430 2 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 0x00000001ad260cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ad2635a0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000314 0x00000001ad265b70 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mpr.dll 0x00000001ad269880 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ad26a2e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001ad281700 33 0 RW-rwd \Device\HarddiskVolume1\$Mft 0x00000001ad29e500 1 1 ------ \Device\HarddiskVolume3\Windows\bootstat.dat 0x00000001ad2a17e0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2ab500 33 0 RW-rwd \Device\HarddiskVolume1\$Directory 0x00000001ad2acd60 26 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2b7070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem13.PNF 0x00000001ad2b92b0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2bf2e0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\3282b347\00ab0e48_3db7cb01\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL 0x00000001ad2c31c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2c3a10 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\netprofm.dll 0x00000001ad2c7f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001ad2cea10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001ad2d1c20 18 0 RW-rwd \Device\HarddiskVolume1\$BitMap 0x00000001ad2d3830 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Alba.CsCss.dll 0x00000001ad2d6ab0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SOFTWARE.LOG2 0x00000001ad2d7660 13 0 RW-rwd \Device\HarddiskVolume1\$LogFile 0x00000001ad2d7b00 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 0x00000001ad2d82a0 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad2d8590 4 0 RW-rwd \Device\HarddiskVolume1\$MftMirr 0x00000001ad2d9a10 18 0 RW-rwd \Device\HarddiskVolume1\$Directory 0x00000001ad2d9f20 18 0 RW-rwd \Device\HarddiskVolume1\$Mft 0x00000001ad2dc070 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2df280 13 0 RW-rwd \Device\HarddiskVolume2\$LogFile 0x00000001ad2dfe20 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 0x00000001ad2e0810 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 0x00000001ad2e0b10 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\kernel32.dll 0x00000001ad2e1b40 4 0 RW-rwd \Device\HarddiskVolume2\$MftMirr 0x00000001ad2e3a10 2 0 RW-rwd \Device\?????????? 0x00000001ad2e8ac0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal 0x00000001ad2ed8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad2f09c0 2 1 RW-r-- \Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 0x00000001ad2f0f20 4 0 RW-rwd \Device\HarddiskVolume2\$Directory 0x00000001ad2f1480 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad2f1730 2 1 RW-r-- \Device\clfsTxfLog 0x00000001ad2f3890 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\UXInit.dll 0x00000001ad2f4430 2 1 RW-rw- \Device\clfsKtmLog 0x00000001ad2f6050 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad2f6640 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume1\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad2f7b00 33 0 RW-rwd \Device\HarddiskVolume2\$Directory 0x00000001ad2f8050 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 0x00000001ad2f81a0 2 1 RW-r-- \Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 0x00000001ad2f87c0 4 0 RW-rwd \Device\HarddiskVolume2\$BitMap 0x00000001ad2faf20 1 0 RW-rwd \Device\HarddiskVolume1\$Directory 0x00000001ad2fbb60 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wow64win.dll 0x00000001ad3015c0 18 0 RW-rwd \Device\????? 0x00000001ad3047e0 18 0 RW-rwd \Device\HarddiskVolume2\$Mft 0x00000001ad305070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\user32.dll 0x00000001ad305850 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad308d10 1 1 RW-r-d \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-RMS-MSIPC%4Debug.etl 0x00000001ad309690 1 0 RW-rwd \Device\HarddiskVolume2\$Directory 0x00000001ad30bd50 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\bcryptprimitives.dll 0x00000001ad30c1f0 2 1 RW-r-- \Device\clfsTxfLog 0x00000001ad30d430 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aad-b83b-11e3-ace5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 0x00000001ad30eb50 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\kernel32.dll 0x00000001ad30f2c0 2 1 RW-rw- \Device\clfsKtmLog 0x00000001ad30f970 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad310070 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 0x00000001ad311110 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SYSTEM.LOG1 0x00000001ad312bd0 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad3145c0 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume2\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ad314f20 4 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll 0x00000001ad316a40 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msctf.dll 0x00000001ad317f20 1 1 RW-r-d \Device\HarddiskVolume3\Windows\System32\winevt\Logs\DebugChannel.etl 0x00000001ad3182c0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad31b4f0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\LogSession.dll 0x00000001ad31f070 12 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll 0x00000001ad320990 1 1 RW-rwd \Device\clfs\SystemRoot\System32\Config\TxR\{8c266aad-b83b-11e3-ace5-806e6f6e6963}.TM 0x00000001ad320f20 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad3218e0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad3248f0 33 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 0x00000001ad324d10 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem137.PNF 0x00000001ad325740 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ad327bd0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\system 0x00000001ad327d00 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\software 0x00000001ad328d20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\Wldap32.dll 0x00000001ad32a450 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\csrsrv.dll 0x00000001ad32b420 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad4075b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System\edc284c2fc5f774b65992c5e0b6a1899\System.ni.dll 0x00000001ad40c0f0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ole32.dll 0x00000001ad410070 14 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad529070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad532710 18 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\inetres.dll.mui 0x00000001ad5334e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\netapi32.dll 0x00000001ad5daa30 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 0x00000001ad5e7450 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 0x00000001ad5e7770 27 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG 0x00000001ad5e9a10 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem148.PNF 0x00000001ad5ea280 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad5ea3d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad61c070 1 1 ------ \Device\Afd\Endpoint 0x00000001ad62d3c0 16 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\mshtmler.dll 0x00000001ad62db20 2 1 ------ \Device\Afd\Endpoint 0x00000001ad6e3070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad701680 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001ad748a10 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wow64.dll 0x00000001ad75ccd0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\clbcatq.dll 0x00000001ad773050 1 1 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\ForensicToolKit_5.6.1_64_bit.iso 0x00000001ad79a070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts 0x00000001ad79fb10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ad7a62a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146 0x00000001ad7b0310 29 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad7b3400 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad7b48e0 16 0 R--r-- \Device\HarddiskVolume3\Users\Admin\Downloads\ForensicToolKit_5.6.1_64_bit.iso 0x00000001ad7b7360 21 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad7be070 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\winnsi.dll 0x00000001ad7be2c0 1 0 RW-rwd \Device\HarddiskVolume3\$PrepareToShrinkFileSize 0x00000001ad7be420 1 0 RW-rwd \Device\HarddiskVolume3\$PrepareToShrinkFileSize 0x00000001ad7c2700 10 0 RW-rwd \Device\HarddiskVolume3\$MapAttributeValue 0x00000001ad7f0f20 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\netmsg.dll 0x00000001ad7fd610 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aad-b83b-11e3-ace5-806e6f6e6963}.TM.blf 0x00000001ad817f20 16 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\SHAREPOINTPROVIDER.DLL 0x00000001ad831070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ad843070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad8446d0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad878a10 15 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.O4a946565#\1e7d594fbabbeac1abd56ccb1704645d\Microsoft.Office.Tools.Common.Implementation.ni.dll 0x00000001ad879200 2 1 ------ \Device\NamedPipe\chrome.6908.339.90014565 0x00000001ad880f20 1 1 ------ \Device\Afd\Endpoint 0x00000001ad894b40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad895410 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12338408381304676582 0x00000001ad899530 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad8a0dd0 1 1 ------ \Device\Afd\Endpoint 0x00000001ad8a0f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad8ad610 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem122.PNF 0x00000001ad8e0f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001ad8e7210 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ad8e9070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad924070 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\dxva2.dll 0x00000001ad924480 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem153.PNF 0x00000001ad932070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem3.PNF 0x00000001ad932c40 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdanab.ttf 0x00000001ad9404c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ad955070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ad95dc10 2 1 ------ \Device\Afd\Endpoint 0x00000001ad96a770 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad96ff20 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ad97d170 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ad97d9d0 15 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\ZWAdobeF.TTF 0x00000001ad9806a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad989070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ad9a2070 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\46c30112e9307865.dat 0x00000001ad9c9b50 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad9d0950 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ad9de580 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ad9dedc0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000001ad9e1070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001adb335f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001adb3e070 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\d3d10.dll 0x00000001adb438e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll 0x00000001adb46ab0 2 1 ------ \Device\Afd\Endpoint 0x00000001adb61580 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll 0x00000001adb61a20 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\SECURITY.LOG1 0x00000001adb61b50 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\security 0x00000001adb62dc0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\negoexts.dll 0x00000001adb62f20 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 0x00000001adb63560 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\ntuser.dat{376f72c4-a493-11e4-80fb-f0bf97d84308}.TM.blf 0x00000001adb64070 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync.exe 0x00000001adb64780 31 0 RW---- \Device\HarddiskVolume3\Windows\Logs\CBS\CBS.log 0x00000001adb64dc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001adb85780 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001adb8a8c0 1 1 R--r-- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001adbd5070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x00000001adbfe260 1 1 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\update.xml 0x00000001adc14860 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Sandboxie\SbieSvc.exe 0x00000001adc17580 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001adc1a8e0 14 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\postgres.exe 0x00000001adc612f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001adc62d40 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001adc64350 5 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\pg_ctl.exe 0x00000001adc67800 10 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\libintl-8.dll 0x00000001adc87070 3 1 ------ \Device\NamedPipe\pgsignal_4392 0x00000001adc88070 7 0 R--rwd \Device\HarddiskVolume3\Windows\System32\vss_ps.dll 0x00000001adc8cf20 23 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx 0x00000001adc8ef20 1 1 ------ \Device\NamedPipe\trkwks 0x00000001adc93a10 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem108.PNF 0x00000001adc98f20 11 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$Mft 0x00000001adca9330 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001adcaadd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001adcab6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001adcac380 28 1 -W-rw- \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsAgent.log 0x00000001adcad770 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001adcb0e60 2 1 ------ \Device\Afd\Endpoint 0x00000001add06f20 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001add08f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001add29640 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xing.kununu.com_0.localstorage 0x00000001add2f640 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Links 0x00000001add31070 2 1 ------ \Device\NamedPipe\07a2b536-c1d2-4344-9b27-585a6f7da441 0x00000001add32dd0 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\PremiumTools\PremiumToolsBL.dll 0x00000001add34930 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001add4b1e0 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\d3d10core.dll 0x00000001add55070 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\NlsData0007.dll 0x00000001add58200 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\perftrack.dll 0x00000001add58350 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001add59f20 11 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-Bold.otf 0x00000001add5b790 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe 0x00000001add5d9f0 1 1 RW---- \Device\HarddiskVolume3\System Volume Information\{3a9b0dbe-1d85-11e5-bc60-f0bf97d84308}{3808876b-c176-4e48-b7ae-04046e6cc752} 0x00000001ade99e40 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ade9c820 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx 0x00000001ade9ca60 1 1 ------ \Device\Afd\Endpoint 0x00000001ade9e8e0 27 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx 0x00000001adea4070 1 1 R----- \Device\SAVOnAccess\Read 0x00000001adea5350 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001adebcf20 1 1 ------ \Device\Afd\Endpoint 0x00000001adebdf20 17 1 RW---- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Anti-Virus\Config\interchk.chk 0x00000001adecead0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aded1f20 1 1 ------ \Device\Mailslot\ProtectedPrefix\NetWorkService 0x00000001aded2f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 0x00000001aded8cb0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\smss.exe 0x00000001adee2b30 1 1 ------ \Device\NamedPipe\ProtectedPrefix\NetWorkService 0x00000001adee2c80 1 1 ------ \Device\Mailslot\ProtectedPrefix\LocalService 0x00000001adee2dd0 1 1 ------ \Device\NamedPipe\ProtectedPrefix\LocalService 0x00000001adee2f20 1 1 ------ \Device\Mailslot\ProtectedPrefix\Administrators 0x00000001adee88f0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll 0x00000001adee8d20 1 1 ------ \Device\Afd\Endpoint 0x00000001adeea7e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ssdpapi.dll 0x00000001adeed8e0 5 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wpd_ci.dll 0x00000001adeee070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001adeee7b0 9 0 R--r-d \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Update Installer\EP0000320839.exe 0x00000001adef0070 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\HelpPaneProxy.dll 0x00000001adef0570 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\mapi32.dll 0x00000001adef3590 1 1 R--rw- \Device\HarddiskVolume3\pgData93 0x00000001adef93e0 1 1 ------ \Device\Afd\Endpoint 0x00000001adeffbd0 2 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000585 0x00000001adf12f20 12 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wbem\wbemsvc.dll 0x00000001adf15860 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 0x00000001adf15cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001adf15e60 2 1 ------ \Device\Afd\Endpoint 0x00000001adf19230 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001adf1c240 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wow64cpu.dll 0x00000001adf1c670 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu 0x00000001adf34f20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wsecedit.dll 0x00000001adf39160 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\verdanab.ttf 0x00000001adf397e0 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem118.PNF 0x00000001adf3d7f0 1 1 ------ \Device\Afd\Endpoint 0x00000001adf3e070 1 1 ------ \Device\Afd\Endpoint 0x00000001adf43dd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001adf44e90 10 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\libeay32.dll 0x00000001adf45480 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001adf47210 2 1 ------ \Device\NamedPipe\wkssvc 0x00000001ae005330 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.PowerShell\Solution.PowerShellBL.dll 0x00000001ae006070 1 1 ------ \Device\Afd\Endpoint 0x00000001ae006bb0 1 1 ------ \Device\Afd\Endpoint 0x00000001ae0083d0 1 1 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui 0x00000001ae0106f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae01f5c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.MetricsEngine\Solution.MetricsEngineBL.dll 0x00000001ae022f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0279d0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae02bbe0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\HttpUpdate\HttpUpdateBL.dll 0x00000001ae033f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CollectPOTData\CollectPOTDataBL.dll 0x00000001ae034320 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\UploadManager\UploadManagerBL.dll 0x00000001ae0349b0 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001ae035070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareMetrics\VAIOCareMetricsBL.dll 0x00000001ae035240 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSWZRD.DLL 0x00000001ae035850 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae039d20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae03ad10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001ae03c330 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae03ca30 2 1 ------ \Device\Afd\Endpoint 0x00000001ae03edd0 2 1 ------ \Device\NamedPipe\30479e8d-634b-46c4-a8d1-4110ecb72ac0 0x00000001ae03ef20 18 1 R--r-- \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\SendToOneNote.BUD 0x00000001ae0407a0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem55.PNF 0x00000001ae0445b0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsBL.dll 0x00000001ae044700 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\LaunchBrowser\LaunchBrowserBL.dll 0x00000001ae047850 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ManageUSBDevice\ManageUSBDeviceBL.dll 0x00000001ae0493a0 3 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\MinionPro-Semibold.otf 0x00000001ae049860 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ProcessBridge\ProcessBridgeBL.dll 0x00000001ae04a5a0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\FXSRES.DLL 0x00000001ae04d8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae053610 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem161.PNF 0x00000001ae056700 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae057070 5 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae05f070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae05f2b0 14 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\SmartThreadPool.dll 0x00000001ae0643a0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\prevhost.exe 0x00000001ae069070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae06b3a0 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Care\KnowledgeStore 0x00000001ae06cd10 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdateCommon\VAIOCareUpdateCommonBL.dll 0x00000001ae06d4d0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\OneClickCare\OneClickCareAPI.dll 0x00000001ae06e930 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Message\MessageBL.dll 0x00000001ae06f9d0 19 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\LOG 0x00000001ae070240 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk 0x00000001ae074970 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveAPI.dll 0x00000001ae075f20 5 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio49d6fefe#\49f90c8ee7c5b12cf5d49e803f85459d\PresentationFramework-SystemXml.ni.dll 0x00000001ae076070 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae078ad0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae078f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0793b0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll 0x00000001ae07bf20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae081ce0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_github.com_0.localstorage-journal 0x00000001ae095300 3 1 R--rwd \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ae095470 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae097380 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\PremiumTools\PremiumToolsBL.dll 0x00000001ae097a60 13 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SelfHeal\SelfHealBL.dll 0x00000001ae099a10 17 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\IntelMonitor\IntelMonitorBL.dll 0x00000001ae09aa40 13 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOIntegrations.dll 0x00000001ae09d280 1 1 ------ \Device\Afd\Endpoint 0x00000001ae0a6070 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fthsvc.dll 0x00000001ae0b1b00 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ae0b39a0 2 1 RW-r-- \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003 0x00000001ae0b6f20 3 1 RW-r-- \Device\clfsTxfLog 0x00000001ae0b79c0 2 1 RW-r-- \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf 0x00000001ae0b98f0 30 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0b9a70 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0bc5a0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0be480 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0bed00 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveBL.dll 0x00000001ae0bf940 15 1 RW-r-d \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat 0x00000001ae0c0c80 33 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 0x00000001ae0c1d60 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0c4940 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ae0c4bc0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_info.prelert.com_0.localstorage 0x00000001ae0c50f0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0c5250 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0c6230 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0ce640 16 0 R--r-- \Device\HarddiskVolume3\Windows\System32\ntdll.dll 0x00000001ae0ce770 16 0 R--r-- \Device\HarddiskVolume3\Windows\SysWOW64\ntdll.dll 0x00000001ae0d35b0 31 0 RW-rwd \Device\HarddiskVolume2\$Directory 0x00000001ae0d38e0 33 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 0x00000001ae0d3c60 15 0 R----- \Device\CdRom1:$VMCB$ 0x00000001ae0d4070 19 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{376f72c8-a493-11e4-80fb-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001ae0d4480 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0d4f20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0d6290 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0d7500 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aad-b83b-11e3-ace5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 0x00000001ae0d9480 2 1 RW-rw- \Device\clfs\SystemRoot\System32\Config\TxR\{8c266aad-b83b-11e3-ace5-806e6f6e6963}.TM 0x00000001ae0dbd50 19 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0dc4e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\advapi32.dll 0x00000001ae0df690 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae0df8e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 0x00000001ae0dff20 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\lpk.dll 0x00000001ae0e05d0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\normaliz.dll 0x00000001ae0e1790 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Credentials 0x00000001ae0e1ca0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae0e2b80 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\iertutil.dll 0x00000001ae0e3490 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sechost.dll 0x00000001ae0e68e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae0e6cb0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\difxapi.dll 0x00000001ae0e7480 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 0x00000001ae0e8e20 33 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 0x00000001ae0fea60 3 1 ------ \Device\Afd\Endpoint 0x00000001ae1001b0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001ae100490 2 1 ------ \Device\Afd\Endpoint 0x00000001ae100900 1 1 ------ \Device\NamedPipe\ 0x00000001ae100da0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sfc.dll 0x00000001ae1128e0 2 1 RW---- \Device\HarddiskVolume3\hiberfil.sys 0x00000001ae1164d0 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae116a70 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae134c20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ae1356e0 21 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae138070 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae138790 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ae13b8e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\urlmon.dll.mui 0x00000001ae15a070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae15a420 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae15af20 1 1 ------ \Device\Afd\Endpoint 0x00000001ae162070 4 0 R--rwd \Device\HarddiskVolume3\Windows\System32\twext.dll 0x00000001ae169b50 30 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3 0x00000001ae18af20 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 0x00000001ae190070 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ae193460 1 1 ------ \Device\Afd\Endpoint 0x00000001ae196f20 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.61.48848596 0x00000001ae2069a0 13 0 R--rwd \Device\HarddiskVolume3\Users\Public\desktop.ini 0x00000001ae20d070 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 0x00000001ae211890 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae214b00 12 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\SelfHeal.dll 0x00000001ae218170 5 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeGothicStd-Bold.otf 0x00000001ae21e070 13 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaColorTools.dll 0x00000001ae21f670 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001ae21f7c0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ae225580 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibri.ttf 0x00000001ae228f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae2391b0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TT5N08MX\optaining-a-memory-dump[1].htm 0x00000001ae2400f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae243070 2 1 ------ \Device\Afd\Endpoint 0x00000001ae2492c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Iolo\ioloToolsTypeLib.dll 0x00000001ae24aca0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae24b440 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\PhotoMetadataHandler.dll 0x00000001ae257f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae25b920 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001ae25c6f0 7 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 0x00000001ae263c50 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\evr.dll 0x00000001ae263f20 1 1 ------ \Device\Afd\Endpoint 0x00000001ae265dd0 2 1 ------ \Device\Afd\Endpoint 0x00000001ae26ac80 8 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\DejaVuSerif.ttf 0x00000001ae26f620 2 1 ------ \Device\NamedPipe\mojo.6908.6912.10295734220425020493 0x00000001ae281a50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae2853e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\odbcint.dll 0x00000001ae287f20 1 1 ------ \Device\Afd\Endpoint 0x00000001ae28c980 2 1 ------ \Device\Afd\Endpoint 0x00000001ae295be0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001ae295e40 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ae29e070 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\SSD_Detect.dll 0x00000001ae29ea00 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\UploadManager\UploadManagerBL.dll 0x00000001ae29ef20 27 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx 0x00000001ae2a5940 1 1 ------ \Device\NamedPipe\browser 0x00000001ae2ab2c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae2b3210 12 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjint40.dll 0x00000001ae2b73e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae2bbf20 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF8D549DAB266AA67F.TMP 0x00000001ae2c7f20 15 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS64.DLL 0x00000001ae2d3cb0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae2d5070 2 1 ------ \Device\Afd\Endpoint 0x00000001ae2d6cd0 7 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini 0x00000001ae2d6f20 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\en-US\mlang.dll.mui 0x00000001ae2d7720 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeApp.dll 0x00000001ae2db310 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Microsoft.WindowsAPICodePack.dll 0x00000001ae2dd070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\ZetaProducer.RuntimeBusinessLogic.dll 0x00000001ae2e4070 2 1 ------ \Device\NamedPipe\13f0cfc2-58b4-4f76-aaec-7685116613a7 0x00000001ae2e42e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae2e5460 5 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPro-Medium.otf 0x00000001ae2ed700 8 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\HoboStd.otf 0x00000001ae2ff070 9 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7\VBE7.DLL 0x00000001ae30aa60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae30da10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ae312f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae31a6f0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae31cd20 20 1 RWDr-- \Device\HarddiskVolume3\System Volume Information\tracking.log 0x00000001ae322a10 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae32a370 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.109.179158716 0x00000001ae32a760 2 1 ------ \Device\Afd????????? 0x00000001ae32b7b0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\content\content.mdb 0x00000001ae32f740 8 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\de-DE\VCAgent.resources.dll 0x00000001ae332f20 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\verdana.ttf 0x00000001ae333f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solution.Scheduler\Solution.SchedulerBL.dll 0x00000001ae3345c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae33bd10 2 1 ------ \Device\NamedPipe\9e0c555e-92dd-4b7b-9b28-63e66fbc7e59 0x00000001ae341840 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae3559d0 4 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeKaitiStd-Regular.otf 0x00000001ae35d630 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae3636e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae363980 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe 0x00000001ae368070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae36a240 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae373740 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeHebrew-Bold.otf 0x00000001ae37b5c0 4 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.barclaycard.co.uk_0.localstorage 0x00000001ae3893a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ae38d2a0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae38ddd0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_play.google.com_0.localstorage 0x00000001ae38ef20 1 1 ------ \Device\Afd\Endpoint 0x00000001ae390560 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae393bc0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsAPI.dll 0x00000001ae398070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae3a1ce0 2 1 ------ \Device\NamedPipe\chrome.6908.300.190013887 0x00000001ae3a7070 1 1 ------ \Device\Afd\Endpoint 0x00000001ae3b1750 14 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveBL.dll 0x00000001ae3b8a30 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Care\Symptoms 0x00000001ae3b8b80 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\LaunchBrowser\LaunchBrowserBL.dll 0x00000001ae3b9f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AboutVAIOHub\AboutVAIOHubPL.dll 0x00000001ae3bff20 4 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe 0x00000001ae3c8420 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\MetricsPhilatelist\MetricsPhilatelistBL.dll 0x00000001ae3c9bc0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdate\VAIOCareUpdateBL.dll 0x00000001ae3d19b0 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk 0x00000001ae3d2070 8 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\IoloToolOpt.dll 0x00000001ae3d5070 2 1 ------ \Device\Afd\Endpoint 0x00000001ae3d8a30 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae3f0220 3 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\1031\SOCIALCONNECTORRES.DLL 0x00000001ae3fb3d0 1 1 ------ \Device\Afd\Endpoint 0x00000001ae3fd870 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x00000001ae3ff1f0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem150.PNF 0x00000001ae402070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem166.PNF 0x00000001ae4036e0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae4096e0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001ae409f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae40a380 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\xmllite.dll 0x00000001ae40a920 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\loadperf.dll 0x00000001ae40abd0 13 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\Faultrep.dll 0x00000001ae40b280 1 1 ------ \Device\Mup\;N:0000000000037f3e\10.10.0.88\Audiobooks 0x00000001ae40b570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae40da50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae41ca90 2 1 RWDrwd \Device\clfs\Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLog 0x00000001ae427520 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae42a9d0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001ae42f440 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ae433650 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae436670 8 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.paul-sec.com_0.localstorage 0x00000001ae437af0 4 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae43bf20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001ae43ccb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ae43d070 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\tahoma.ttf 0x00000001ae453550 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae454f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae45d7e0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001ae465e60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae467dd0 10 0 R--rwd \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll 0x00000001ae476220 1 1 ------ \Device\Afd\Endpoint 0x00000001ae47cc60 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae47f3d0 25 1 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Current Session 0x00000001ae4803e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001ae482070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae490560 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\ChaparralPro-Bold.otf 0x00000001ae497ab0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll 0x00000001ae4a18d0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 0x00000001ae4a4620 1 1 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui 0x00000001ae4b57f0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll 0x00000001ae4b9430 1 1 ------ \Device\Afd\Endpoint 0x00000001ae4baf20 13 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll 0x00000001ae4bb3c0 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae4bc4d0 4 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll 0x00000001ae4c3070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae4c7710 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\001062.ldb 0x00000001ae4d64e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae4ddc00 2 1 ------ \Device\Afd\Endpoint 0x00000001ae4e8520 2 1 ------ \Device\Afd\Endpoint 0x00000001ae4f7070 16 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll 0x00000001ae4f9ae0 2 1 ------ \Device\Afd\Endpoint 0x00000001ae4fa5e0 1 1 ------ \Device\Afd\Endpoint 0x00000001ae4fff20 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12338408381304676582 0x00000001ae502dd0 9 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae50b6b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae50ff20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001ae51d5d0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\LOCK 0x00000001ae520c40 2 1 ------ \Device\Afd\Endpoint 0x00000001ae522070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ae523570 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll 0x00000001ae52a400 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001ae52aa10 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae536260 5 1 R--r-d \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_af2bfcc66947d224\comctl32.dll.mui 0x00000001ae53cdd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x00000001ae53d5e0 6 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini 0x00000001ae550410 2 1 ------ \Device\NamedPipe\mojo.6908.6912.17436262817859654911 0x00000001ae5531e0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae554680 10 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SystemSupport\SystemSupportBL.dll 0x00000001ae557aa0 1 1 RW-rw- \Device\HarddiskVolume3\Windows\WindowsUpdate.log 0x00000001ae566aa0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\urlmon.dll.mui 0x00000001ae569f20 2 1 ------ \Device\Afd\Endpoint 0x00000001ae572f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\l_10646.ttf 0x00000001ae576070 13 0 R--rw- \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Persist\Adapters 0x00000001ae5761e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ae58af20 2 1 ------ \Device\NamedPipe\mojo.6908.6912.13015703476469646639 0x00000001ae58c2d0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem92.PNF 0x00000001ae594780 2 1 ------ \Device\Afd\Endpoint 0x00000001ae594bf0 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive 0x00000001ae5986c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ae59b670 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae59d070 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\times.ttf 0x00000001ae59dd80 4 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\IoloBL.dll 0x00000001ae59e570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001ae59ecc0 1 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal 0x00000001ae5aab40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae5ade20 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AboutVAIOHub\AboutVAIOHubPL.dll 0x00000001ae5b1070 32 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx 0x00000001ae5b16b0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae5b1880 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001ae5b4d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_af2bfcc66947d224 0x00000001ae5b9360 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae5be070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001ae5d4070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae5da8e0 14 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui 0x00000001ae5e0b70 6 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.resources.dll 0x00000001ae5e1510 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SoftwareHub\SoftwareHubPL.dll 0x00000001ae5e1a10 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001ae5e5a40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae5e6f20 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\RegBack\SECURITY 0x00000001ae5ecd10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae5ef660 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\msproof7.dll 0x00000001ae5f8a10 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001ae5f9420 2 1 ------ \Device\Afd\Endpoint 0x00000001ae5fe6f0 6 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 0x00000001ae6c7e50 33 0 RW-rwd \Device\HarddiskVolume3\$Mft 0x00000001ae6cca90 32 0 RW-rwd \Device\HarddiskVolume3\$Mft 0x00000001ae6d3e50 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae6def20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae6e2c20 18 0 RW-rwd \Device\HarddiskVolume3\$LogFile 0x00000001ae6f18c0 27 0 RW-rwd \Device\HarddiskVolume3\$BitMap 0x00000001ae6f5860 7 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$Directory 0x00000001ae6fa9c0 18 0 RW-rwd \Device\HarddiskVolume3\$MapAttributeValue 0x00000001ae6facc0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\version.dll 0x00000001ae6faf20 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\winspool.drv 0x00000001ae6fdbd0 15 0 RW-rwd \Device\HarddiskVolume3\$MapAttributeValue 0x00000001ae6ffcd0 18 0 RW-rwd \Device\HarddiskVolume3\$MftMirr 0x00000001ae70d9c0 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae70ed50 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae70ef20 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\consent.exe 0x00000001ae727d50 14 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Wldap32.dll 0x00000001ae7289c0 2 1 RW-r-- \Device\HarddiskVolume3\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000006 0x00000001ae728cd0 1 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae728e00 2 1 RW-rw- \Device\clfsKtmLog 0x00000001ae72bc50 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasadhlp.dll 0x00000001ae778400 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\nvd3dumx.dll 0x00000001ae77f860 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\platforms\qwindows.dll 0x00000001ae7802a0 11 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\Wpc.dll 0x00000001ae7806d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\uiwbnp.dll 0x00000001ae781e60 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe 0x00000001ae784070 26 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wscui.cpl 0x00000001ae7848b0 10 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll 0x00000001ae786070 2 1 ------ \Device\NamedPipe\mojo.6908.6912.16225961821779528379 0x00000001ae786420 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001ae786570 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae786dc0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ae788790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001ae788a90 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae78b280 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 0x00000001ae792950 30 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7976d0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CFNetwork.dll 0x00000001ae7986d0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\riched32.dll 0x00000001ae79be20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae79c7e0 2 1 ------ \Device\NamedPipe\mojo.6908.6912.3596713330641647289 0x00000001ae79d4b0 3 0 R--rwd \Device\HarddiskVolume3\Windows\System32\PhotoMetadataHandler.dll 0x00000001ae79e420 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem18.PNF 0x00000001ae7a03c0 3 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll 0x00000001ae7a2ad0 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\drivers\etc 0x00000001ae7a34f0 7 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\PrestigeEliteStd-Bd.otf 0x00000001ae7a76e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001ae7addd0 3 1 R----- \Device\SAVOnAccess\Read 0x00000001ae7ae9b0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7aec50 2 1 ------ \Device\NamedPipe\mojo.6908.6912.7453745664434246952 0x00000001ae7af6e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\ebd55e8713ace0542ca31a2a3d78db26\System.ServiceProcess.ni.dll 0x00000001ae7b7a40 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001ae7b7f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001ae7b8070 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000368 0x00000001ae7ba560 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ASL.dll 0x00000001ae7bce60 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem101.PNF 0x00000001ae7be3f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae7c0450 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7c4070 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\WibuCm32.dll 0x00000001ae7c41f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\CodeMeter\Runtime\bin 0x00000001ae7cb8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7cdbf0 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSync.Resources.dll 0x00000001ae7d1cc0 1 1 ------ \Device\NamedPipe\tapsrv 0x00000001ae7d3f20 21 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7d8960 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\inetcomm.dll 0x00000001ae7d95a0 20 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\SyncEngine.dll 0x00000001ae7db8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7e1870 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\uniplat.dll 0x00000001ae7e19c0 2 1 ------ \Device\NamedPipe\wkssvc 0x00000001ae7e42f0 31 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 0x00000001ae7e58e0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7e91d0 2 1 ------ \Device\NamedPipe\chrome.6908.10.43455058 0x00000001ae7e9580 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem82.PNF 0x00000001ae7e9cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae7ed450 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ndptsp.tsp 0x00000001ae7eda80 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013 0x00000001ae7f0070 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\malgun.ttf 0x00000001ae7f0b50 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001ae7f11d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\70df39f1b9fb511a8acfc84c7f7627bf\System.Windows.Forms.ni.dll 0x00000001ae7f42c0 8 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\sqmapi.dll 0x00000001ae7f6990 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae7f6c00 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tapi32.dll 0x00000001ae7f7f20 1 0 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x00000001ae7f9070 5 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\de\FileSync.LocalizedResources.dll.mui 0x00000001ae7f99c0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\libicuuc.dll 0x00000001ae7fb8e0 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\wer.dll 0x00000001ae7fbf20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7fcf20 7 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{89697487-B87D-42A7-8C17-CA8F184127F4}.FSD 0x00000001ae7fd980 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001ae7fdf20 25 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae7ffa60 15 0 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Drive\user_default\sync_log.log 0x00000001ae800070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveAPI.dll 0x00000001ae800210 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\VAIOIntegrations.dll 0x00000001ae802710 14 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\msproof7.dll 0x00000001ae804070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae804b20 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem11.PNF 0x00000001ae807f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001ae8088e0 2 1 ------ \Device\NamedPipe\Winsock2\CatalogChangeListener-226c-0 0x00000001ae8118e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae812560 10 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem28.PNF 0x00000001ae813e60 2 1 ------ \Device\NamedPipe\mojo.6908.2092.6013581428467683828 0x00000001ae8161a0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 0x00000001ae823f20 1 1 RW-r-d \Device\HarddiskVolume3\Windows\System32\Msdtc\Trace\dtctrace.log 0x00000001ae8249d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ae825370 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dajedkncpodkggklbegccjpmnglmnflm\MANIFEST-000001 0x00000001ae827580 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\devenum.dll 0x00000001ae82af20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\MSMPEG2ENC.DLL 0x00000001ae8448d0 12 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem1.PNF 0x00000001ae845d30 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer_StaticRes.dll 0x00000001ae846df0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae84c070 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal 0x00000001ae84d970 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae84df20 13 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\assembly\dl3\4XCGBVLD.024\KWPDAEG0.MLP\c3e1958a\00c23a62_70cece01\SophosOutlookAddIn.DLL 0x00000001ae8507d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x00000001ae8534e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8541b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae855990 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae856410 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae860db0 3 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\349c220aa895414631f1c0f672d4fb32\System.ComponentModel.Composition.ni.dll 0x00000001ae861070 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Pictures 0x00000001ae861570 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\udhisapi.dll 0x00000001ae861dd0 10 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-Light.otf 0x00000001ae869760 10 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3 0x00000001ae869f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae86ab40 18 0 RW-rwd \Device\HarddiskVolumeShadowCopy3\$MapAttributeValue 0x00000001ae86e2e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001ae86e8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ae870480 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001ae870f20 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer.exe 0x00000001ae878f20 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem133.PNF 0x00000001ae87d9c0 1 1 R--r-- \Device\HarddiskVolume3\Windows\Fonts\calibri.ttf 0x00000001ae883cb0 4 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MyriadPro-BoldCond.otf 0x00000001ae883f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae886130 1 1 ------ \Device\Afd\Endpoint 0x00000001ae889450 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem160.PNF 0x00000001ae88f570 1 1 R--rwd \Device\HarddiskVolume3\Users\Public\Music 0x00000001ae895790 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\UIAutomationCore.dll 0x00000001ae899560 1 1 RW-rwd \Device\clfs\Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat{d885a3e6-18b5-11e5-97ed-f0bf97d84308}.TM 0x00000001ae89c070 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\oleaccrc.dll 0x00000001ae89dcb0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{d885a3ea-18b5-11e5-97ed-f0bf97d84308}.TM 0x00000001ae89f9e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tquery.dll 0x00000001ae8a7400 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ae8a9d10 1 1 R--rwd \Device\HarddiskVolume3\Users\Public\Videos 0x00000001ae8abf20 10 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem143.PNF 0x00000001ae8afe60 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_web.whatsapp.com_0.localstorage-journal 0x00000001ae8b1700 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\segoeui.ttf 0x00000001ae8b2840 4 1 RWD--- \Device\clfs\Device\HarddiskVolume3\Windows\System32\config\components{54f46081-07b0-11e5-be3f-f0bf97d84308}.TxR 0x00000001ae8b5630 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001ae8b5780 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasctrs.dll 0x00000001ae8ba760 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\padekgcemlokbadohgkifijomclgjgif\MANIFEST-000009 0x00000001ae8bb3b0 3 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-Regular.otf 0x00000001ae8bd8e0 3 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74322\win32gui.pyd 0x00000001ae8c0620 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF141E34105CB30BB2.TMP 0x00000001ae8c72b0 1 1 R--rwd \Device\HarddiskVolume3\Users\Public\Recorded TV 0x00000001ae8c7550 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001ae8c79f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8caa40 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001ae8cd6d0 26 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8cf8e0 3 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Chunkfive.otf 0x00000001ae8cfa60 11 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MinionPro-Bold.otf 0x00000001ae8d46b0 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8d5f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8d6200 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001ae8d6580 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Pictures 0x00000001ae8d9310 4 0 R--rwd \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCAdmin.exe 0x00000001ae8d96d0 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat{d885a3ea-18b5-11e5-97ed-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001ae8d9a40 15 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms 0x00000001ae8e0f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8e1a70 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12033031860885209707 0x00000001ae8e2560 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12395327934889940410 0x00000001ae8e4070 13 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MSJH.TTC 0x00000001ae8e47d0 3 1 R--rwd \Device\HarddiskVolume3\Users\Public\Libraries 0x00000001ae8f5590 1 1 R--rwd \Device\HarddiskVolume3\Users\Public\Pictures 0x00000001ae8f5a40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae8f5c80 28 1 -W-r-- \Device\HarddiskVolume3\Windows\System32\LogFiles\HTTPERR\httperr1.log 0x00000001ae8fa070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae8fd070 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001ae904790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001ae9074f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001ae93a7c0 33 1 RWDr-d \Device\HarddiskVolume3\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 0x00000001ae98abd0 6 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea016d0 1 1 ------ \Device\Afd\Endpoint 0x00000001aea02300 13 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padekgcemlokbadohgkifijomclgjgif\LOG 0x00000001aea026d0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\NVIDIA\GLCache\a8e94eae86f20c1229e5b433d1085926\47408a7f6905bc01\f76ec40448865734.toc 0x00000001aea02d10 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea03900 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\mingliu.ttc 0x00000001aea06a40 2 1 ------ \Device\Afd\Endpoint 0x00000001aea06c00 1 1 ------ \Device\Afd\Endpoint 0x00000001aea08450 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 0x00000001aea0ac40 2 1 R--rwd \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Credentials 0x00000001aea0d4a0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat{d885a3e6-18b5-11e5-97ed-f0bf97d84308}.TM 0x00000001aea0e9f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aea10dd0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aea10f20 1 1 ------ \Device\NamedPipe\chrome.sync.6908.2092.3027543919 0x00000001aea138f0 7 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MyriadPro-Bold.otf 0x00000001aea13f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea1b190 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 0x00000001aea20f20 2 1 ------ \Device\Afd\Endpoint 0x00000001aea22850 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll 0x00000001aea238e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001aea23e60 19 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aea25070 15 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000001aea25300 2 1 ------ \Device\NamedPipe\a1e12ba1-3b56-43d9-b7ba-9793f1cc926a 0x00000001aea266d0 10 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal 0x00000001aea26b10 14 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\538e335e3d3da46dbebb486f7a697ac8\System.Web.Services.ni.dll 0x00000001aea282b0 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001aea298e0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 0x00000001aea2b320 2 1 ------ \Device\nativewifip\{247c8ffc-3117-4741-ac84-880ea8b3722e} 0x00000001aea4fb50 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aea6b670 6 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll 0x00000001aea6e440 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea71f20 2 1 ------ \Device\NamedPipe\1705aaac-6de3-450b-a10e-925f59d04a76 0x00000001aea7bf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001aea7df20 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\IDStore.dll 0x00000001aea7e1b0 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\actxprxy.dll 0x00000001aea7e300 2 1 ------ \Device\NamedPipe\mojo.6908.2092.9323163002369291975 0x00000001aea7e8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aea82600 1 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001aea82920 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001aea86650 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Newtonsoft.Json.dll 0x00000001aea881b0 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 0x00000001aea88300 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ApplePushService.dll 0x00000001aea8e2e0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Apple Computer\Cache.db 0x00000001aea8fd10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aea90070 1 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Drives_Meter_V2.2.gadget\images\back_2.png 0x00000001aea90660 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea97230 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294 0x00000001aea98dd0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.indexeddb.leveldb\LOCK 0x00000001aea99a90 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aea99f20 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.Types.dll 0x00000001aea9c2a0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msscntrs.dll 0x00000001aea9cd10 2 2 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 0x00000001aea9e470 1 1 RW-r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\Lync\Tracing\OCAddin\OCAddin-15.0.4727.1000-Office-x64ship-U.0.etl 0x00000001aeaa0d40 2 1 ------ \Device\NamedPipe\chrome.6908.330.36575206 0x00000001aeaa76d0 2 1 ------ \Device\Afd\Endpoint 0x00000001aeaa9320 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeaf66c0 1 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\TrueImageHome\tdrpapi.dll 0x00000001aeafb550 3 1 ------ \Device\NamedPipe????????? 0x00000001aeafb8e0 1 1 -W-r-- \Device\HarddiskVolume3\Users\Admin\Downloads\vaio_mem.dmp 0x00000001aeafc4d0 1 1 ------ \Device\Afd\Endpoint 0x00000001aeb07d10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeb087a0 5 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini 0x00000001aeb0bf20 2 1 R--rwd \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Roaming\Microsoft\Credentials 0x00000001aeb0f070 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.volatilityfoundation.org_0.localstorage-journal 0x00000001aeb10b30 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mciiogijehkdemklbdcbfkefimifhecn_0.localstorage-journal 0x00000001aeb11260 10 0 R--rwd \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\cde2d4fa350b6d49f9d1b61d01a1c803\System.Deployment.ni.dll 0x00000001aeb11b60 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aeb158e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dui70.dll 0x00000001aeb15bf0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeb2e250 8 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\MSOUTL.OLB 0x00000001aeb2fd10 1 1 RW-rw- \Device\HarddiskVolume3\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log 0x00000001aebf8570 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aebf8990 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aebfc450 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat.LOG2 0x00000001aebfdb10 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\imageres.dll 0x00000001aec00f20 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\linkinfo.dll 0x00000001aec03380 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec038e0 11 0 R--rwd \Device\HarddiskVolume3\Windows\System32\tsgqec.dll 0x00000001aec03f20 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec07f20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec0ca40 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001aec0d560 5 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\security.dll 0x00000001aec17790 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001aec178e0 7 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 0x00000001aec182b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aec18ce0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.14207354496056146355 0x00000001aec1b390 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\vpnike.dll 0x00000001aec1d6b0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001aec20400 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aac-b83b-11e3-ace5-806e6f6e6963}.TxR.1.regtrans-ms 0x00000001aec211c0 13 1 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hdokiejnpimakedhajhdlcegeplioahd_0\3 0x00000001aec22790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aec26910 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wshext.dll 0x00000001aec28dd0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aec28f20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001aec2a210 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\kmddsp.tsp 0x00000001aec2af20 28 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies 0x00000001aec2cb00 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec2e190 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001aec2e570 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001aec2e720 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec2e990 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dxtrans.dll 0x00000001aec2f200 5 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\mswstr10.dll 0x00000001aec30dd0 2 1 RW-rw- \Device\clfs\Device\HarddiskVolume3\Windows\System32\config\components{54f46082-07b0-11e5-be3f-f0bf97d84308}.TM 0x00000001aec341f0 27 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec36f20 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec37480 4 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 0x00000001aec38070 1 1 ------ \Device\NamedPipe\ 0x00000001aec38f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aec39380 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec394d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec398e0 8 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ChromeDWriteFontCache 0x00000001aec39cd0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll 0x00000001aec42f20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aec51a10 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem30.PNF 0x00000001aec55a60 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ChunkingLibrary.dll 0x00000001aec58180 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem39.PNF 0x00000001aec5af20 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001aec66c50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aec6d200 17 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal 0x00000001aec7c380 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 0x00000001aec7cf20 7 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MSYH.TTC 0x00000001aec80870 1 1 R--rw- \Device\HarddiskVolume3????????????? 0x00000001aed09a00 2 1 ------ \Device\NamedPipe\chrome.6908.436.167658528 0x00000001aed0d4e0 14 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\de\ZetaProducerExtendedControlsLibrary.resources.dll 0x00000001aed13300 4 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll 0x00000001aed16280 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed18220 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed1bb40 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk 0x00000001aed1bcd0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\ActionCenter.dll.mui 0x00000001aed1ed10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed1f070 1 1 ------ \Device\NamedPipe\ 0x00000001aed20c80 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aed20dd0 22 0 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.accdb 0x00000001aed20f20 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padekgcemlokbadohgkifijomclgjgif\000003.log 0x00000001aed21340 7 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll 0x00000001aed22300 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage 0x00000001aed22f20 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aed28440 1 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001aed2a970 1 1 RW-r-- \Device\HarddiskVolume3\Users\Admin\OneDrive\ID10T's Security-012-013\Drawing1.vsd 0x00000001aed2add0 33 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll 0x00000001aed2d6d0 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat{d885a3e6-18b5-11e5-97ed-f0bf97d84308}.TMContainer00000000000000000001.regtrans-ms 0x00000001aed2e070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed2e5e0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padekgcemlokbadohgkifijomclgjgif\MANIFEST-000002 0x00000001aed306b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed30800 2 1 ------ \Device\Afd\Endpoint 0x00000001aed311b0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aed328e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aed34f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed36560 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\iscsicpl.dll 0x00000001aed376d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed3be20 1 1 RW---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{22392B51-7D56-4760-9BC6-9E791CFE403C}.tmp 0x00000001aed3cb40 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wscinterop.dll 0x00000001aed3d8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed3fa60 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Videos 0x00000001aed424f0 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries 0x00000001aed428e0 14 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\LOG 0x00000001aed478e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed47cb0 2 1 ------ \Device\Afd\Endpoint 0x00000001aed488e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed4b4a0 1 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aed514a0 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\tapiperf.dll 0x00000001aed51a40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed53260 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aed53970 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\FirewallAPI.dll.mui 0x00000001aed55b00 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wmpmde.dll 0x00000001aed5a280 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed5a3d0 5 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\msdtcVSp1res.dll.mui 0x00000001aed5a790 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aed5a8e0 28 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\padekgcemlokbadohgkifijomclgjgif\LOG 0x00000001aed5cf20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdtc.exe 0x00000001aed5d790 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdtctm.dll 0x00000001aed609c0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.14207354496056146355 0x00000001aed60d10 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aed62460 3 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\~DF1E07BBAFEAB32709.TMP 0x00000001aed84230 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\KMSVC.DLL 0x00000001aed85af0 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_de.slideshare.net_0.localstorage 0x00000001aed88a20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aed8a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001aed8ac00 18 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\000003.ldb 0x00000001aed94070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed94440 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aed977c0 2 1 ------ \Device\Afd\Endpoint 0x00000001aed98f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aed99210 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aed99570 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Acronis\TrueImageHome\Common\icudt38.dll 0x00000001aed99b20 17 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal 0x00000001aed9ab50 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk 0x00000001aeda7380 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\xolehlp.dll 0x00000001aeda8c40 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\drivers\etc 0x00000001aedb98e0 19 1 RW-rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\ArchiveExplorer\2015-06-28-12-08-35.log 0x00000001aedbe7a0 1 0 RW-rwd \Device\HarddiskVolume3\$NonCachedIo 0x00000001aedc18c0 5 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\teamviewer10.otf 0x00000001aedc51c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aedc5b40 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\taskbarcpl.dll 0x00000001aedc6070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aedca070 2 1 ------ \Device\Afd\Endpoint 0x00000001aedcbc00 3 1 ------ \Device\Afd\Endpoint 0x00000001aedcf070 2 1 ------ \Device\Afd\Endpoint 0x00000001aedd0320 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001aedd2c10 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.105.77642461 0x00000001aedd48e0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.12395327934889940410 0x00000001aedd7740 2 1 ------ \Device\Afd\Endpoint 0x00000001aedee8e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\oleaccrc.dll 0x00000001aedf0790 13 0 R--r-d \Device\HarddiskVolume3\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll 0x00000001aedf9cb0 31 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx 0x00000001aedf9f20 30 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aedfd570 7 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\Miama.otf 0x00000001aee03580 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png 0x00000001aee07f20 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AdobeMyungjoStd-Medium.otf 0x00000001aee0f3d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aee0fcd0 1 1 RW---- \Device\HarddiskVolume3\Windows\AppCompat\Programs\Amcache.hve.LOG1 0x00000001aee153c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aee15620 1 1 -W-rwd \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log 0x00000001aee18910 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\CharlemagneStd-Bold.otf 0x00000001aee1ba10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aee1ecb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aee23f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aee4a580 16 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem61.PNF 0x00000001aee5f5c0 18 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_info.prelert.com_0.localstorage-journal 0x00000001aee61a20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aee66070 16 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\msjet40.dll 0x00000001aee6fad0 18 0 RW-rwd \Device\HarddiskVolume3\$ConvertToNonresident 0x00000001aee71070 8 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V883708cb#\0bcb33f7c09411d2aad35a333b4fb5dd\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll 0x00000001aee77950 2 1 ------ \Device\NamedPipe\chrome.6908.302.175129056 0x00000001aee78840 1 1 -W-rw- \Device\HarddiskVolume3\Windows\Temp\FXSTIFFDebugLogFile.txt 0x00000001aee78990 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aee8a2c0 1 1 ------ \Device\Afd\Endpoint 0x00000001aee8c6b0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\AdvancedTools\AdvancedToolsBL.dll 0x00000001aee8c800 5 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\timesbd.ttf 0x00000001aee9de40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aeeaa070 14 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Solve\SolveBL.dll 0x00000001aeeb5bc0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeeb9980 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Care\Inferences 0x00000001aeebd9f0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Solution.Types.dll 0x00000001aeebe920 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\ProcessBridge\ProcessBridgeBL.dll 0x00000001aeec1840 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001aeeccb00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001aeecff20 2 1 ------ \Device\NamedPipe\tapsrv 0x00000001aeed0190 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 0x00000001aeed1cb0 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeed1e60 11 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\AppleBMDAV.resources\de.lproj\AppleBMDAVLocalized.dll 0x00000001aeed34f0 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\AuthFWGP.dll 0x00000001aeed4070 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\DevExpress.XtraEditors.v14.2.dll 0x00000001aeed4430 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aeed6f20 2 1 ------ \Device\NamedPipe\mojo.6908.6912.5294823730943145954 0x00000001aeed7340 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sony Corporation\VAIO Care\Inferences 0x00000001aeed9ac0 10 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\aspnet_counters.dll 0x00000001aeed9f20 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeedb490 4 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Locales\de.pak 0x00000001aeee1c50 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mssph.dll 0x00000001aeee56e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll 0x00000001aeee9570 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png 0x00000001aeeed6d0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\Qt5Core.dll 0x00000001aeeedd10 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeeee4f0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001aeeeebf0 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL 0x00000001aeeef9d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeef0240 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aeef6560 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\UPDATE.DLL 0x00000001aeefc1f0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeefe570 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef00a40 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreFoundation.dll 0x00000001aef01f20 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x00000001aef05070 2 1 ------ \Device\Afd\Endpoint 0x00000001aef078f0 9 0 R--rwd \Device\HarddiskVolume3\Windows\System32\idndl.dll 0x00000001aef09070 11 0 R--r-d \Device\HarddiskVolume3\Program Files\Sandboxie\SbieCtrl.exe 0x00000001aef0a9c0 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x00000001aef0e8c0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index 0x00000001aef104b0 6 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\inetconn.dll 0x00000001aef10600 2 1 ------ \Device\Afd\Endpoint 0x00000001aef13440 25 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx 0x00000001aef14580 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe 0x00000001aef15b60 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef19070 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\shfolder.dll 0x00000001aef198e0 12 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal 0x00000001aef27d10 1 0 R--r-d \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_de-de_677ec5ef54cba91e\comctl32.dll.mui 0x00000001aef28a40 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef2bc10 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\FXSST.dll 0x00000001aef2cf20 2 1 ------ \Device\Afd\Endpoint 0x00000001aef2e3f0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\MANIFEST-000001 0x00000001aef2f380 1 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef30310 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 0x00000001aef31070 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef33510 2 1 ------ \Device\NamedPipe\chrome.6908.16.110518203 0x00000001aef39d10 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef3b630 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hidphone.tsp 0x00000001aef3c790 2 1 ------ \Device\NamedPipe\mojo.6908.2092.6013581428467683828 0x00000001aef3e570 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\GreenshotPlugin.dll 0x00000001aef3f720 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe 0x00000001aef40e60 19 1 RW-r-- \Device\HarddiskVolume3\Users\UpdatusUser\ntuser.dat{d885a3e6-18b5-11e5-97ed-f0bf97d84308}.TMContainer00000000000000000002.regtrans-ms 0x00000001aef418e0 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef42430 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aef46440 9 0 R--r-d \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe 0x00000001aef468e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aef47070 2 1 ------ \Device\Afd\Endpoint 0x00000001aef47610 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aef4c330 16 0 R--rwd \Device\HarddiskVolume3\Windows\Web\Wallpaper\Scenes\Desktop.ini 0x00000001aef4df20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef4f070 2 1 ------ \Device\NamedPipe\chrome.6908.302.175129056 0x00000001aef4f3e0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Web\Wallpaper\Characters\Desktop.ini 0x00000001aef4f8e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001aef503e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aef50bd0 22 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef523b0 15 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\Msdtc\MSDTC.LOG 0x00000001aef56dc0 11 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001aef58760 4 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\rasman.dll 0x00000001aef5b530 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Apple Computer\Logs\asl.120743_28Jun15.log 0x00000001aef5cf20 2 1 ------ \Device\Afd\Endpoint 0x00000001aef5e8e0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SearchFolder.dll 0x00000001aef62bb0 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001aef65850 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001aef65f20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef6b840 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001aef6c960 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aef6fa80 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hgprint.dll 0x00000001aef70180 2 1 ------ \Device\NamedPipe\mojo.6908.6912.14409754749775168600 0x00000001aef71a40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef727d0 1 1 -W-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\PDApp.log 0x00000001aef74610 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aef77420 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dciman32.dll 0x00000001aef77a80 2 1 ------ \Device\NamedPipe\chrome.6908.2.63384748 0x00000001aef781f0 14 0 R--rwd \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\jscript9.dll.mui 0x00000001aef78560 7 0 R--rwd \Device\HarddiskVolume3\Program Files\Sony\VAIO Update\InternetWrapperPS.dll 0x00000001aef7a070 2 1 ------ \Device\Afd\Endpoint 0x00000001aef7bf20 8 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001aef7cc50 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aef7de00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001aef7e580 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001aef7fa40 21 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\GreenshotPlugin.dll 0x00000001aef80070 3 1 RW-rw- \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb 0x00000001aef84310 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\iedkcs32.dll 0x00000001aef888e0 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\objc.dll 0x00000001aef8daa0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aef8eb00 9 0 R--r-d \Device\HarddiskVolume3\Program Files\Sandboxie\SbieMsg.dll 0x00000001aef926d0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\libicuin.dll 0x00000001aef938c0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001aef94cb0 2 1 ------ \Device\NamedPipe\Adobe Active File Monitor 9.0 0x00000001aef953c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aef99900 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\ntshrui.dll 0x00000001aef9d070 15 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\ntdll.dll.mui 0x00000001aefa2ab0 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aefa2c00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aefa3440 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aefa3c50 15 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 0x00000001aefa4070 2 1 ------ \Device\NamedPipe\Sophos@DATCv1 0x00000001aefa6b60 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001aefac2a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001aefaf360 15 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\d3dcompiler_47.dll 0x00000001aefb3dd0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\P2PGraph.dll 0x00000001aefb6cd0 15 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\cour.ttf 0x00000001aefb8570 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aefb89a0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aefbadd0 2 1 ------ \Device\NamedPipe\chrome.6908.3.197373826 0x00000001aefc4300 3 1 R--rwd \Device\HarddiskVolume3\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001aefc87b0 21 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 0x00000001aefc98e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aefcd300 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001aefcdcd0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\werconcpl.dll 0x00000001aefd24e0 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\_MEI74~2\resources\fonts\Roboto-Regular.ttf 0x00000001aefd2f20 5 0 R--r-d \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe 0x00000001aefd5070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001aefd58e0 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 0x00000001aefd65a0 5 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncClient.dll 0x00000001aefd8750 16 0 R--rwd \Device\HarddiskVolume3\Windows\Resources\Ease of Access Themes\hc2.theme 0x00000001aefdba30 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\LCFEM 0x00000001aefdc780 5 3 RW-r-- \Device\HarddiskVolume3\Users\Admin\Documents\Outlook Files\Outlook.pst 0x00000001aefdff20 25 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll 0x00000001aefe22e0 1 1 ------ \Device\Afd\Endpoint 0x00000001aefe5a10 16 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\6868f1a3664667b35134e8e78222d2cb\GreenshotPlugin.ni.dll 0x00000001aefe6c50 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\thumbcache.dll 0x00000001aefe7f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll 0x00000001aefe8b50 24 1 -W-r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Adobe\AAMUpdater\1.0\aamus.log 0x00000001aefea8e0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aefeb6d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\d41e14dae81a26661e32b25cba8c117a\System.Drawing.ni.dll 0x00000001aefee6c0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll 0x00000001aeff0070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeff2f20 2 1 ------ \Device\NamedPipe\chrome.gpu.5828.0.4760119 0x00000001aeff3900 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\drmv2clt.dll 0x00000001aeff3f20 10 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\BlackoakStd.otf 0x00000001aeff4370 21 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeff6070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wlanhlp.dll 0x00000001aeff6740 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeff6a10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arial.ttf 0x00000001aeff7070 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll 0x00000001aeff71d0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\AVFoundationCF.dll 0x00000001aeff75a0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001aeff8580 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001aeffff20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af201b50 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af202f20 9 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\Visio Content\1033\NETSYM_M.VSS 0x00000001af204350 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CommonPlugin\CommonPluginBL.dll 0x00000001af2048e0 28 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 0x00000001af20ff20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af211310 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001af213310 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af2149b0 2 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\wlanext.exe.mui 0x00000001af21a3a0 16 0 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\{90FF583C-A7C2-4F62-8404-A3C517125096}.2.ver0x0000000000000001.db 0x00000001af220980 10 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\OUTLRPC.DLL 0x00000001af22e460 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001af235070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af2366d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af236f20 11 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af23bcb0 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.xing.com_0.localstorage-journal 0x00000001af23e070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af23eb30 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af23ec80 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\AltTab.dll 0x00000001af2424d0 1 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll 0x00000001af246a60 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\MFC71U.DLL 0x00000001af248070 2 1 ------ \Device\NamedPipe\mojo.6908.6912.9117176632403837866 0x00000001af2488e0 1 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\segoeuib.ttf 0x00000001af2496d0 7 0 R--rwd \Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll 0x00000001af249aa0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\ffmpegsumo.dll 0x00000001af24b440 28 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp 0x00000001af24df20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af24ecf0 8 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\KozMinPro-Heavy.otf 0x00000001af2528e0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\BtvStack.exe 0x00000001af256cb0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rasdlg.dll 0x00000001af256f20 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\accessibilitycpl.dll 0x00000001af257560 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af25b970 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af25d070 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 0x00000001af25d580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001af25d6d0 1 1 ------ \Device\000000a6\rtmicintopo 0x00000001af25fac0 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Acronis\TrueImageHome\Command 0x00000001af25ff20 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001af263560 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem37.PNF 0x00000001af263950 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem83.PNF 0x00000001af266420 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem74.PNF 0x00000001af268d90 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cmd.exe 0x00000001af269310 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\p2pcollab.dll 0x00000001af26f440 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\VAN.dll 0x00000001af2725c0 1 1 ------ \Device\0000009b\topo01 0x00000001af272af0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_child.dll 0x00000001af272e80 5 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms 0x00000001af2742e0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af2788e0 3 0 R--r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Caches\{C5BFAD9C-9E4E-48E2-99A2-BFC20A93DD1A}.2.ver0x0000000000000001.db 0x00000001af278a40 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\gatts.dll 0x00000001af278c20 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\L2capLib.dll 0x00000001af279dd0 2 1 ------ \Device\Afd\Endpoint 0x00000001af284cd0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af289bb0 6 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdate\VAIOCareUpdateBL.dll 0x00000001af28f070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem77.PNF 0x00000001af290e40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af293f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001af296310 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\sim.dll 0x00000001af296580 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\DeviceCenter.dll 0x00000001af296f20 1 1 ------ \Device\000000a6\rtspdifwave 0x00000001af2989c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001af299d10 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SynCOM.dll 0x00000001af29a8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af29af20 4 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\SystemSupport\SystemSupportBL.dll 0x00000001af29e8e0 10 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\de-DE\btvstack.exe.mui 0x00000001af29f510 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af2a4c20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001af2a78e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msftedit.dll 0x00000001af2ab6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001af2ae570 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\kbhook.dll 0x00000001af2b33e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001af2b4070 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af2b6070 1 1 R--r-- \Device\HarddiskVolume3\Windows\Fonts\micross.ttf 0x00000001af2c0070 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdate\VAIOCareUpdateBL.dll 0x00000001af2c75b0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem147.PNF 0x00000001af2e4070 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Evernote\Evernote\libtidy.dll 0x00000001af2e4f20 2 1 ------ \Device\NamedPipe\AcronisFCDPService 0x00000001af2e95c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\CommonPlugin\CommonPluginBL.dll 0x00000001af2ed3e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af2eef20 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\RfcommLib.dll 0x00000001af2f0570 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Recorded TV 0x00000001af2f2360 1 1 ------ \Device\000000a6\rtspdiftopo 0x00000001af2f3300 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af2f3800 2 0 R--r-d \Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPHelper.exe 0x00000001af2f9a40 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\fdWSD.dll 0x00000001af2fda40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3041d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af307130 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll 0x00000001af307310 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af3076d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af307cb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001af309070 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\RootCom.dll 0x00000001af30aa40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3118e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msimtf.dll 0x00000001af312f20 2 1 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\WER\ReportArchive 0x00000001af3136d0 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ActionCenter.dll 0x00000001af313bb0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af3144c0 1 1 ------ \Device\000000a6\singlelineouttopo 0x00000001af3156d0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Windows Sidebar\sidebar.exe 0x00000001af318310 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af3186d0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af318cb0 1 1 RW-rw- \Device\HarddiskVolume3\Windows\Logs\CBS\CBS.log 0x00000001af319f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001af31a5c0 10 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af31ab60 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\prnfldr.dll 0x00000001af31b5c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af31c070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af31c8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af31daa0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af31ecb0 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af31f6d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\Syncreg.dll 0x00000001af31fa40 16 0 RW-r-- \Device\HarddiskVolume3\ProgramData\Sophos\Sophos Device Control\logs\DeviceControl.txt 0x00000001af321310 1 1 ------ \Device\000000a6\rearlineoutwave3 0x00000001af322070 31 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3221c0 14 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem80.PNF 0x00000001af322790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001af322a40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001af322d10 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\stobject.dll 0x00000001af323580 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\CertPolEng.dll 0x00000001af3236d0 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE 0x00000001af325d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001af326310 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\Handsfree.dll 0x00000001af3276d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af327a40 13 0 R--rwd \Device\HarddiskVolume3\Program Files\Windows Sidebar\sidebar.exe 0x00000001af327cb0 13 0 R--rwd \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 0x00000001af328560 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af329910 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af32b3e0 1 1 ------ \Device\000000a6\rtmicinwave 0x00000001af32b8e0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af32bbf0 1 1 ------ \Device\0000009b\topo01 0x00000001af32c400 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af32d2a0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af32e690 3 2 ------ \Device\NamedPipe\chrome.sync.6908.2092.3883904913 0x00000001af32f300 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\resources.pak 0x00000001af32f6d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af330cb0 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Greenshot.exe 0x00000001af3338e0 6 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms 0x00000001af3346d0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\OutLookLib.dll 0x00000001af3366d0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3388e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001af338cb0 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 0x00000001af3398e0 16 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\YSCrashDump.dll 0x00000001af33da10 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SyncCenter.dll 0x00000001af345ea0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\Qt5Svg.dll 0x00000001af347cb0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\riched20.dll 0x00000001af34b1e0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\libdispatch.dll 0x00000001af34ecf0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001af34f070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af3508e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af3516f0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\BPP.dll 0x00000001af351d10 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll 0x00000001af352460 1 1 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\MoreLinq.dll 0x00000001af353790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af3538e0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\riched32.dll 0x00000001af3546b0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dsound.dll 0x00000001af358f20 27 1 RWDrw- \Device\HarddiskVolume3 0x00000001af3615b0 1 1 ------ \Device\000000a6\rtspdifwave 0x00000001af3650b0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3695d0 16 0 R--rwd \Device\HarddiskVolume3\Windows\Web\Wallpaper\Nature\Desktop.ini 0x00000001af36c4d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af374f20 2 1 ------ \Device\NamedPipe\Adobe Active File Monitor 9.0 0x00000001af375070 1 1 ------ \Device\0000004b\topology 0x00000001af376510 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3798e0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\imapi2.dll 0x00000001af37a6d0 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\701f2b79b02a02beba70e50bb2edb212\mscorlib.ni.dll 0x00000001af37e800 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Windows Sidebar\sidebar.exe 0x00000001af380f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001af387ca0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af38ccb0 2 1 ------ \Device\NamedPipe\chrome.6908.4.115452734 0x00000001af391a40 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af392a70 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\batmeter.dll 0x00000001af39ab00 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\srchadmin.dll 0x00000001af3a03e0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\log4net.dll 0x00000001af3a46d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WPDShServiceObj.dll 0x00000001af3a7d10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af3a86d0 9 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e634c6664efd9e59b36c206198161310\System.Xaml.ni.dll 0x00000001af3a8a40 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\rastapi.dll 0x00000001af3aabd0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\VAIOCareUpdateCommon\VAIOCareUpdateCommonBL.dll 0x00000001af3ac8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af3ad8e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.resources\v4.0_4.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll 0x00000001af3af910 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\MSVCP71.DLL 0x00000001af3b0070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3b0240 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\Greenshot.exe 0x00000001af3b1f20 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001af3b3d90 16 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-Regular.otf 0x00000001af3b41c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3b7800 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af3b7dd0 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\QUTIL.DLL 0x00000001af3b8cb0 4 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\44ae556c5b6ed70a6619ce32fc775b48\Greenshot.ni.exe 0x00000001af3c91e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af3d6880 11 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Libraries\Microsoft.WindowsAPICodePack.dll 0x00000001af3db350 1 1 ------ \Device\Afd\Endpoint 0x00000001af3df070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af3e4d10 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\TeamViewer_Resource_de.dll 0x00000001af3e8b20 1 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE 0x00000001af3f31c0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af40f980 8 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consolab.ttf 0x00000001af431d40 1 1 ------ \Device\NamedPipe\ 0x00000001af432070 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af433f20 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af4345b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af434f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442 0x00000001af437700 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClientApi.dll 0x00000001af43f8e0 12 0 R--r-d \Device\HarddiskVolume3\Program Files\Internet Explorer\sqmapi.dll 0x00000001af4445f0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af444740 13 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\AGaramondPro-Bold.otf 0x00000001af445cc0 15 0 RW-rwd \Device\HarddiskVolumeShadowCopy2\$BitMap 0x00000001af446570 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\BTBIP.dll 0x00000001af447070 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem26.PNF 0x00000001af44a8e0 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\de-DE\KernelBase.dll.mui 0x00000001af44ef20 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af4543d0 1 1 RW---- \Device\HarddiskVolume3\Windows\System32\config\RegBack\SOFTWARE 0x00000001af456a70 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\arialbd.ttf 0x00000001af457d20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af459f20 1 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Pictures 0x00000001af45a720 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af45b4c0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af45b610 16 0 R--rwd \Device\HarddiskVolume3\Windows\System32\themeui.dll 0x00000001af460ac0 1 1 ------ \Device\Mup\;R:0000000000037dd2\10.10.0.88\homes 0x00000001af462560 23 1 R--r-d \Device\HarddiskVolume3\Program Files\Greenshot\log4net.dll 0x00000001af463310 1 1 ------ \Device\Mup\;V:0000000000037dd2\10.10.0.88\Movies 0x00000001af470560 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\WWanAPI.dll 0x00000001af472310 1 1 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png 0x00000001af474590 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af475a40 6 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\msvcr110.dll 0x00000001af4765b0 19 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\TxR\{8c266aac-b83b-11e3-ace5-806e6f6e6963}.TxR.2.regtrans-ms 0x00000001af478220 19 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.splunk.com_0.localstorage-journal 0x00000001af478e60 2 1 ------ \Device\NamedPipe\Adobe Active File Monitor 9.0 0x00000001af47a7a0 13 1 R--rwd \Device\HarddiskVolume3\Windows\Fonts\calibrib.ttf 0x00000001af4836c0 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\EN-US\VSNClient.exe.mui 0x00000001af48af20 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wups.dll 0x00000001af48b570 3 1 R----- \Device\SAVOnAccess\Read 0x00000001af48dbf0 8 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\ACECORE.DLL 0x00000001af48df20 1 1 ------ \Device\Mup\;Q:0000000000037f3e\10.10.0.88\mpauli 0x00000001af4934b0 2 0 R--r-d \Device\HarddiskVolume3\ProgramData\Sony Corporation\Sony Packaging Manager\PackagingTemp\{1DF75360-D933-4CCB-8B64-F0BB81894B58}\VUInstaller.exe 0x00000001af498560 1 1 ------ \Device\Afd\Endpoint 0x00000001af49b730 1 1 R--rw- \Device\HarddiskVolume3\ProgramData\Sony Corporation\Sony Packaging Manager\PackagingTemp\{1DF75360-D933-4CCB-8B64-F0BB81894B58} 0x00000001af49de40 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af49ec60 3 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\KozGoPr6N-Bold.otf 0x00000001af4a2770 6 0 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png 0x00000001af4a29c0 17 0 R--rw- \Device\HarddiskVolume3\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png 0x00000001af4a63f0 17 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\Plugins\Notification\NotificationPL.dll 0x00000001af4ab370 1 1 ------ \Device\000000a6\singlelineouttopo 0x00000001af4af940 1 1 ------ \Device\Mup\;Z:0000000000037dd2\10.10.1.2\usb_drive_a-1 0x00000001af4b0cf0 15 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll 0x00000001af4b12a0 1 1 ------ \Device\Mup\;W:0000000000037dd2\10.10.0.88\Backups 0x00000001af4b1700 3 1 R----- \Device\SAVOnAccess\Read 0x00000001af4ba710 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\chrome_100_percent.pak 0x00000001af4bb130 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001af4be8a0 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mshtml.dll 0x00000001af4c0070 6 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msdart.dll 0x00000001af4c06d0 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af4c0c90 1 1 ------ \Device\Mup\;U:0000000000037f3e\10.10.0.88\Music 0x00000001af4c45d0 6 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini 0x00000001af4c4cb0 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\SKINMAGIC.DLL 0x00000001af4cb7c0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af4ccc50 8 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\112d3950b7504d50c59d0cba2392c858\System.Transactions.ni.dll 0x00000001af4cf990 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af4cfb70 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\wuapp.exe 0x00000001af4d06d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af4d0e60 2 1 ------ \Device\Afd\Endpoint 0x00000001af4d4360 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af4d6f20 2 1 ------ \Device\Afd\Endpoint 0x00000001af4d8d80 2 1 ------ \Device\NamedPipe\mojo.6908.6912.8545457003035273574 0x00000001af4dcf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af4df070 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mfc42u.dll 0x00000001af4df790 3 1 ------ \Device\NamedPipe\enclipper_pipe0 0x00000001af4e3600 1 1 ------ \Device\Afd\Endpoint 0x00000001af4e58e0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bitsperf.dll 0x00000001af4e9f20 1 1 RWD--- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Temp\JET1B7C.tmp 0x00000001af4ea210 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\dwmredir.dll 0x00000001af4ebd90 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af4ec860 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\WEB.DE\WEB.DE SmartDrive Manager\MSVCR71.DLL 0x00000001af4ed1e0 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\MFC71DEU.DLL 0x00000001af4ed650 2 1 ------ \Device\Afd\Endpoint 0x00000001af4f1a40 13 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem10.PNF 0x00000001af4f2070 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bitsigd.dll 0x00000001af4f5070 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\audiodg.exe.mui 0x00000001af4f6b60 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af4fa900 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\shdocvw.dll 0x00000001af4fc9c0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\mspatcha.dll 0x00000001af4fd7f0 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af4fec00 5 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af5008f0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001af503260 5 0 R--r-d \Device\HarddiskVolume3\Windows\System32\linkinfo.dll 0x00000001af504bd0 19 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll 0x00000001af505070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af507450 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af50ba40 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af50c6a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af50d6e0 28 1 RW-r-- \Device\HarddiskVolume3\Windows\SoftwareDistribution\ReportingEvents.log 0x00000001af50ff20 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af512f20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af516d10 23 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af5188e0 2 1 ------ \Device\Afd\Endpoint 0x00000001af518a40 2 1 ------ \Device\Afd\Endpoint 0x00000001af519790 4 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\networkitemfactory.dll 0x00000001af519c00 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001af51af20 1 1 ------ \Device\NamedPipe\chrome.sync.6908.2092.3883904913 0x00000001af51d7e0 2 1 ------ \Device\Afd\Endpoint 0x00000001af51f5b0 27 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx 0x00000001af521380 2 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\config\components{54f46081-07b0-11e5-be3f-f0bf97d84308}.TxR.0.regtrans-ms 0x00000001af5262f0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af526670 3 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\glu32.dll 0x00000001af527a30 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af528300 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\padekgcemlokbadohgkifijomclgjgif\LOCK 0x00000001af528450 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreMedia.dll 0x00000001af528d40 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\cabinet.dll 0x00000001af52a820 1 1 ------ \Device\Mup\;S:0000000000037f3e\10.10.0.88\Bilder 0x00000001af52c070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af52f290 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\CoreGraphics.dll 0x00000001af52fa70 1 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af530d90 10 0 R--rwd \Device\HarddiskVolume3\Program Files\Microsoft Office\Office15\FACEBOOKPROVIDER.DLL 0x00000001af531310 26 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af531600 2 1 R--rwd \Device\HarddiskVolume3\Users\Admin\Music 0x00000001af5346e0 10 0 R--r-d \Device\HarddiskVolume3\ProgramData\Sony Corporation\Sony Packaging Manager\PackagingTemp\{1DF75360-D933-4CCB-8B64-F0BB81894B58}\UpdateModuleSetup.exe 0x00000001af5367f0 1 1 ------ \Device\Afd\Endpoint 0x00000001af537220 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af537520 1 1 ------ \Device\Mup\;T:0000000000037f3e\10.10.0.88\Books 0x00000001af5389b0 2 1 ------ \Device\NamedPipe\mojo.6908.2092.2196948282843135279 0x00000001af53e310 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af53f9d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msdmo.dll 0x00000001af542740 24 0 RW-rw- \Device\HarddiskVolume3\Windows\WindowsUpdate.log 0x00000001af545360 16 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searchsecurity.techtarget.com_0.localstorage-journal 0x00000001af5462c0 10 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\TeamViewer\tv_w32.dll 0x00000001af548bf0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af559760 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af559940 4 0 -W---- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 0x00000001af55ada0 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af5633e0 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\msconfig.exe 0x00000001af563f20 11 0 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 0x00000001af565410 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\bitsprx5.dll 0x00000001af565cb0 16 1 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Network\Downloader\qmgr1.dat 0x00000001af567400 1 1 RWDrwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0 0x00000001af56cf20 24 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af56f6d0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\goep.dll 0x00000001af571070 3 0 R--r-d \Device\HarddiskVolume3\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL 0x00000001af571270 11 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem109.PNF 0x00000001af571740 1 1 RW---- \Device\HarddiskVolume3\Users\UpdatusUser\AppData\Local\Microsoft\Windows\UsrClass.dat 0x00000001af574bd0 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\d3d11.dll 0x00000001af57a6a0 2 1 R--rwd \Device\HarddiskVolume3\Users\Public\Music 0x00000001af57a8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af57af20 15 1 RW-r-- \Device\HarddiskVolume3\ProgramData\Microsoft\Network\Downloader\qmgr0.dat 0x00000001af57b800 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af57fd10 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af586290 18 1 R--r-d \Device\HarddiskVolume3\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll 0x00000001af58c4a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af58ef20 7 0 R--r-d \Device\HarddiskVolume3\Windows\System32\upnp.dll 0x00000001af591070 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af592c00 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk 0x00000001af593290 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af593a70 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001af594c80 1 1 ------ \Device\Afd\Endpoint 0x00000001af594f20 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Apple\Internet Services\VideoToolbox.dll 0x00000001af595ae0 10 1 R--rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{F4F1FA7C-7016-4D66-85D5-E845DD1F46BF}.FSD 0x00000001af5965a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af59ac80 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af59f7e0 12 0 R--r-d \Device\HarddiskVolume3\Windows\Fonts\segoeuii.ttf 0x00000001af5a0bc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001af5a0d10 2 1 ------ \Device\NamedPipe\mojo.6908.2092.7021255824655493149 0x00000001af5a6450 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\icudtl.dat 0x00000001af5a6790 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af5a6ac0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001af5ac5a0 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\msvcr120_clr0400.dll 0x00000001af5b1070 8 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll 0x00000001af5b3910 1 1 ------ \Device\000000a6\rtspdiftopo 0x00000001af5b3ca0 1 1 ------ \Device\0000004b\wave 0x00000001af5b3f20 16 0 R--rwd \Device\HarddiskVolume3\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk 0x00000001af5b68e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af5b75a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757 0x00000001af5b81e0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\icuuc53.dll 0x00000001af5b86b0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af5b96c0 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\MSOSYNC.EXE 0x00000001af5ba310 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wmiprov.dll 0x00000001af5bd3d0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af5bddc0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130 0x00000001af5c1d20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251 0x00000001af5cbf20 2 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Care\VCService.exe 0x00000001af5d0070 1 1 R--r-- \Device\HarddiskVolume3\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 0x00000001af5d1b10 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af5d4a30 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af5d5070 7 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af5d66d0 8 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\1033\ospintl.dll 0x00000001af5dc6a0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af5ddb00 1 1 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\stdole2.tlb 0x00000001af5dfa60 1 1 RW-rw- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 0x00000001af5e05d0 10 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ntshrui.dll 0x00000001af5e7cb0 16 0 R--r-d \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll 0x00000001af5ee600 2 1 ------ \Device\NamedPipe\mojo.6908.2092.9551308876952557631 0x00000001af613620 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af613770 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL 0x00000001af62b9e0 1 1 ------ \Device\NamedPipe\ProtectedPrefix\Administrators 0x00000001af62bb30 1 1 ------ \Device\Mailslot\ProtectedPrefix 0x00000001af62bc80 1 1 ------ \Device\NamedPipe\ProtectedPrefix 0x00000001af684d20 3 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\utils.dll 0x00000001af685070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af6882b0 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6887a0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\clusapi.dll 0x00000001af688a40 8 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af68a350 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wpdshext.dll 0x00000001af68af20 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001af68bf20 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af68d8e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af68f070 1 1 R--r-d \Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat 0x00000001af6924f0 11 0 R--r-d \Device\HarddiskVolume3\Windows\System32\INETRES.dll 0x00000001af695900 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001af698070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc 0x00000001af698320 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af69b7a0 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\natives_blob.bin 0x00000001af69b8f0 2 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\snapshot_blob.bin 0x00000001af6a15a0 1 0 RW-rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 0x00000001af6a1b60 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sxsstore.dll 0x00000001af6a2ca0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6ab610 2 1 R--rwd \Device\HarddiskVolume3\Program Files (x86)\HP\Common 0x00000001af6abd10 15 0 R--rwd \Device\HarddiskVolume3\Windows\System32\scrrun.dll 0x00000001af6ac070 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\msvcp110.dll 0x00000001af6acf20 16 0 R--r-d \Device\HarddiskVolume3\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll 0x00000001af6ad430 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6ada60 4 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\194d716f3f4e5e53fc5644a8eec87435\System.ServiceProcess.ni.dll 0x00000001af6add60 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\mssprxy.dll 0x00000001af6aecb0 30 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6b08e0 13 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\System\Ole DB\oledb32.dll 0x00000001af6b1a90 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af6b7d00 2 1 ------ \Device\Afd\Endpoint 0x00000001af6b95b0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\AthBtTray.exe 0x00000001af6b98e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\FirewallAPI.dll 0x00000001af6bc6d0 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe 0x00000001af6bed10 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\consola.ttf 0x00000001af6c0b70 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6c8490 10 0 R--rw- \Device\HarddiskVolume3\Windows\Fonts\MyriadPro-Semibold.otf 0x00000001af6c8d20 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\RtkCfg64.dll 0x00000001af6cbf20 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6d0070 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\nvwgf2umx.dll 0x00000001af6d0dd0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\GlassWire.exe 0x00000001af6d0f20 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 0x00000001af6d1580 1 1 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\DE-DE\VSNClient.exe.mui 0x00000001af6d3e20 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001af6d44d0 2 1 ------ \Device\Afd\Endpoint 0x00000001af6d58e0 17 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6d5dc0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af6d8070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6da580 9 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\wpcap.dll 0x00000001af6dc9c0 33 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6dfbc0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6e0820 13 0 R--rwd \Device\HarddiskVolume3\Windows\System32\pautoenr.dll 0x00000001af6e16b0 12 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\55285f4d071d4b06488a4d61a4899170\System.Configuration.Install.ni.dll 0x00000001af6e4450 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\cryptnet.dll 0x00000001af6e5380 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af6e5f20 1 1 ------ \Device\Afd\AsyncConnectHlp 0x00000001af6e6580 12 0 R--rwd \Device\HarddiskVolume3\Windows\System32\shgina.dll 0x00000001af6ee2b0 1 1 ------ \Device\Afd\Endpoint 0x00000001af6ef6e0 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0x00000001af6f2a80 2 1 ------ \Device\Afd\Endpoint 0x00000001af6f3070 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\qmgrprxy.dll 0x00000001af6f4070 11 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll 0x00000001af6f41c0 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\bcrypt.dll 0x00000001af6f4470 2 1 ------ \Device\Afd\Endpoint 0x00000001af6f4e90 3 1 ------ \Device\NamedPipe\pgsignal_4040 0x00000001af6f5280 12 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1257.NLS 0x00000001af6f7b90 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af6f7e20 4 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\msvcr110.dll 0x00000001af6f8070 6 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\GlassWire\GWIdlMon.exe 0x00000001af6f8ba0 3 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a0b4e6b92d9c147d801a6f2e3a15080b\System.Windows.Forms.ni.dll 0x00000001af6f9f20 13 0 R--r-- \Device\HarddiskVolume3\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000167.db 0x00000001af6fbb60 2 1 ------ \Device\Afd\Endpoint 0x00000001af6fbcc0 2 1 ------ \Device\Afd\Endpoint 0x00000001af6fc560 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af7028e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001af7045a0 15 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\FWPUCLNT.DLL 0x00000001af704a30 14 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1254.NLS 0x00000001af704cd0 16 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wshbth.dll 0x00000001af705cb0 7 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Bluetooth Suite\de-DE\athbttray.exe.mui 0x00000001af707930 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\regapi.dll 0x00000001af7088e0 13 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe 0x00000001af70a070 3 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemess.dll 0x00000001af70cf20 14 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe 0x00000001af70d070 16 0 RW-r-- \Device\HarddiskVolume3\Users\Admin\Documents\Outlook Files\Outlook.pst 0x00000001af70d6d0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af70d860 10 0 R--rwd \Device\HarddiskVolume3\Windows\System32\browcli.dll 0x00000001af70db00 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll 0x00000001af70df20 2 1 ------ \Device\Afd\Endpoint 0x00000001af70e9b0 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\SensApi.dll 0x00000001af7106e0 4 0 R--r-d \Device\HarddiskVolume3\Program Files\Sony\VAIO Smart Network\DE-DE\VSNClient.exe.mui 0x00000001af710a40 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48 0x00000001af711220 5 0 R--r-d \Device\HarddiskVolume3\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll 0x00000001af711580 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem25.PNF 0x00000001af7116d0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af711a70 1 1 R--r-d \Device\HarddiskVolume3\Windows\System32\de-DE\KernelBase.dll.mui 0x00000001af71a790 3 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\ssleay32.dll 0x00000001af71a8e0 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af71b7e0 32 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af71e7c0 16 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1250.NLS 0x00000001af720b00 1 1 RW-rw- \Device\HarddiskVolume3\ProgramData\GlassWire\service\glasswire.db 0x00000001af724070 8 0 R--r-d \Device\HarddiskVolume3\Windows\System32\HPWia2_OJ8600.dll 0x00000001af7244a0 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Config 0x00000001af7248e0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b 0x00000001af727250 3 1 R--rwd \Device\HarddiskVolume3\ProgramData\Sophos\Management Communications System\Endpoint\Config 0x00000001af727cd0 8 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe 0x00000001af728800 12 0 R--r-d \Device\HarddiskVolume3\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntexe.cat 0x00000001af729f20 16 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\HP\Common\log4net.dll 0x00000001af72b8e0 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af72bcc0 1 1 R--r-- \Device\HarddiskVolume3\Windows\assembly\pubpol350.dat 0x00000001af72dd40 13 0 ------ \Device\HarddiskVolume3\Windows\System32\C_874.NLS 0x00000001af72ed10 17 1 R--rw- \Device\HarddiskVolume3\ProgramData\GlassWire\service\GeoIP.dat 0x00000001af72f070 14 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1253.NLS 0x00000001af731460 7 0 ------ \Device\HarddiskVolume3\Windows\System32\C_932.NLS 0x00000001af7317e0 6 0 ------ \Device\HarddiskVolume3\Windows\System32\C_936.NLS 0x00000001af733f20 11 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Google\Drive\googledrivesync.exe 0x00000001af734750 3 1 R----- \Device\SAVOnAccess\Read 0x00000001af734d20 1 1 ------ \Device\0000004b\wave 0x00000001af735570 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\httpapi.dll 0x00000001af735bb0 9 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1255.NLS 0x00000001af735f20 9 0 ------ \Device\HarddiskVolume3\Windows\System32\C_949.NLS 0x00000001af7368e0 15 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll 0x00000001af7378e0 6 0 ------ \Device\HarddiskVolume3\Windows\System32\C_950.NLS 0x00000001af737f20 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af738490 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\PortableDeviceConnectApi.dll 0x00000001af738b30 33 1 -W-r-- \Device\HarddiskVolume3\Program Files (x86)\HP\Common\idfSoftwareLog.txt 0x00000001af73cf20 1 1 R--rw- \Device\HarddiskVolume3\Windows\Fonts\lucon.ttf 0x00000001af73df20 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\l3codeca.acm 0x00000001af73f4a0 13 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd2f9ea99ac0f984b9dc430824638c9f\System.Drawing.ni.dll 0x00000001af745070 13 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af7456c0 12 0 ------ \Device\HarddiskVolume3\Windows\System32\C_1258.NLS 0x00000001af747070 2 0 R--r-d \Device\HarddiskVolume3\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a78078ff6ff0c28ef3bf65bd84e193f0\System.ServiceModel.ni.dll 0x00000001af747400 8 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\gpapi.dll 0x00000001af748070 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af74a6d0 6 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll 0x00000001af74abc0 13 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\hid.dll 0x00000001af74b640 14 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sqmapi.dll 0x00000001af74d6d0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\wbem\esscli.dll 0x00000001af74f790 18 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af74f8e0 16 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\npmproxy.dll 0x00000001af751580 13 0 R--r-d \Device\HarddiskVolume3\Windows\System32\hnetcfg.dll 0x00000001af7516d0 12 0 R--rwd \Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\OFFICE15\Cultures\OFFICE.ODF 0x00000001af759110 4 0 R--r-d \Device\HarddiskVolume3\Windows\System32\sppc.dll 0x00000001af759830 24 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx 0x00000001af75a070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af75bf20 15 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af75c8e0 12 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\AUAdapter.dll 0x00000001af75d950 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001af75daa0 5 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Sophos\AutoUpdate\libeay32.dll 0x00000001af75e070 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d 0x00000001af75e580 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57 0x00000001af7606d0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af7648e0 1 1 R--rw- \Device\HarddiskVolume3\Program Files (x86)\GlassWire 0x00000001af7654b0 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx 0x00000001af7658f0 14 0 R--rwd \Device\HarddiskVolume3\Windows\System32\FirewallControlPanel.dll 0x00000001af76bcb0 16 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af76d590 12 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af76f200 10 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\dwmapi.dll 0x00000001af76f8e0 11 0 R--r-d \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll 0x00000001af770070 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af7708e0 1 1 RW---- \Device\HarddiskVolume3\Windows\AppCompat\Programs\Amcache.hve.LOG2 0x00000001af7738e0 28 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af776290 3 1 R--rwd \Device\HarddiskVolume3\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001af7763e0 15 0 R--r-- \Device\HarddiskVolume3\Windows\inf\oem42.PNF 0x00000001af776de0 3 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af777920 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af779450 1 1 R--rw- \Device\HarddiskVolume3\Windows\System32 0x00000001af77a070 2 0 RW-rwd \Device\HarddiskVolume3\$Directory 0x00000001af77c3d0 9 0 R--r-d \Device\HarddiskVolume3\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe 0x00000001af77d280 1 1 ------ \Device\Mup\;S:0000000000037dd2\10.10.0.88\Bilder 0x00000001af77dea0 1 1 ------ \Device\Afd\Endpoint 0x00000001af77e9c0 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a 0x00000001af785070 11 0 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Local\Zeta Producer 12.5\Applications\Zeta.VoyagerLibrary.WinForms.dll 0x00000001af789340 18 1 RW-r-- \Device\HarddiskVolume3\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx 0x00000001af78b420 9 0 R--r-d \Device\HarddiskVolume3\Program Files\AccessData\PostgreSQL\9.3\bin\libpq.dll 0x00000001af78d3e0 11 0 R--r-- \Device\HarddiskVolume3\Windows\System32\clfs.sys 0x00000001af791860 7 0 R--r-d \Device\HarddiskVolume3\Windows\SysWOW64\rasadhlp.dll 0x00000001af7948e0 5 1 R--r-d \Device\HarddiskVolume3\Program Files (x86)\HP\Common\Plugins\HPDIA.exe 0x00000001af794bb0 2 1 ------ \Device\Afd\Endpoint 0x00000001af7a09b0 2 1 ------ \Device\Afd\Endpoint 0x00000001af7a3ab0 1 1 R--rw- \Device\HarddiskVolume3\Windows\SysWOW64 0x00000001af7a7910 3 1 R--rwd \Device\HarddiskVolume3\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My 0x00000001af7a8dd0 1 1 R--rw- \Device\HarddiskVolume3\Windows 0x00000001af7a9300 1 1 R--rw- \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6 0x00000001af7b0dd0 15 0 R--r-d \Device\HarddiskVolume3\Windows\System32\audiosrv.dll 0x00000001af7b17a0 9 0 R--r-d \Device\HarddiskVolume3\Windows\System32\ncrypt.dll 0x00000001af7c38e0 1 1 R--rw- \Device\????????? 0x00000001af7c86b0 7 0 RW-rwd \Device\3:00) Buenos Aires 0x00000001af7ce790 7 0 R--r-d \Device\????????????????????????????