C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720) is attempting to invade process C:\WINDOWS\system32\ctfmon.exe (PID: 2972). This behaviour is typical of some malware.
07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Action allowed (by exclusions).
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:17:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process
07.01.31 1:18:31 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process: successfully
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup Rollback
07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\igdbs.dat Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1742-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1743-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e76297ac-182c-11db-94b0-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c041139c-183c-11db-bd0f-00e04c771968}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1741-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1740-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData Rollback
07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\common.ini Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49} Rollback
07.01.31 1:18:33 C:\Documents and Settings\All Users\Application Data\TEMP
FC5A2B2 Rollback: not found
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{0781F7A018B2EFAD7} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{I781F7A018B2EFAD7} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs Rollback
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Rollback completed with some errors
07.01.31 1:50:02 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:02 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:18 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:18 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:27 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:27 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:43 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:43 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:44 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:44 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:52:05 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:05 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 3424). This behaviour is typical of some malware.
07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Attempt to terminate process
07.01.31 1:57:55 C:\WINDOWS\system32\logon.scr Attempt to terminate process: successfully
07.01.31 1:57:55 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2436). This behaviour is typical of some malware.
07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Attempt to terminate process
07.01.31 1:58:22 C:\WINDOWS\system32\imapi.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\alg.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\TaskManager.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\spoolsv.exe Attempt to terminate process: successfully
07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Attempt to terminate process
07.01.31 2:22:03 C:\WINDOWS\system32\defrag.exe Attempt to terminate process: successfully
07.01.31 2:22:05 C:\WINDOWS\system32\wuauclt.exe Attempt to terminate process: successfully
07.01.31 2:25:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 3884) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1164). This behaviour is typical of some malware.
07.01.31 2:25:03 C:\WINDOWS\explorer.exe Attempt to terminate process
07.01.31 2:25:07 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
07.01.31 2:25:07 C:\Program Files\Mozilla Firefox\firefox.exe Attempt to terminate process: successfully
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Zbmvyyn Sversbk.yax Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinRAR.ZIP Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids\xslfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpl\OpenWithProgids\RealPlayer.PLSPL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids\MozillaXML Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids\Excel.Template Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids\Excel.Sheet.8 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids\WVXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wri\OpenWithProgids\wrifile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithProgids\WPLFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids\ASXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids\WMVFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\wmffile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids\WMAFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids\ASFFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids\WAXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids\soundrec Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids\txtfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\MSPaper.Document Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\MSPaper.Document Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids\SSM Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids\AUFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids\RealPlayer.SMIL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids\RealPlayer.SMIL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids\htmlfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx\OpenWithProgids\RealPlayer.RVX.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids\RealPlayer.RV.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids\Word.RTF.8 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids\RealPlayer.RSML.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids\RealJukebox.RMX.1 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\OpenWithProgids\RealPlayer.RMVB.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids\RealPlayer.RMS.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids\RealJukebox.RMP.1 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids\RealPlayer.RAM.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj\OpenWithProgids\RealJukebox.RMJ.1 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids\midfile Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids\RealPlayer.RM.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax\OpenWithProgids\RealPlayer.RAX.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids\RealPlayer.RAM.6