"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"19:15:36,0584721","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,0688748","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,0749493","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:15:36,0810185","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,0863681","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,0917964","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:15:36,0978880","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,1036440","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,1236401","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1239103","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1240804","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1267539","ruby.exe","5668","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:15:36,1269159","ruby.exe","5668","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:15:36,1270771","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:15:36,1284804","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:15:36,1286528","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1289824","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1292595","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1294241","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1301080","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1305927","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,1330044","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,1354332","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:15:36,1408831","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,1426291","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,1445975","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:15:36,1467246","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:15:36,1485916","ruby.exe","5668","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:15:36,1513895","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1516613","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1518306","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1521873","ruby.exe","5668","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:15:36,1523412","ruby.exe","5668","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:15:36,1525027","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:15:36,1526874","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:15:36,1528489","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1531550","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1534101","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1539021","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1541529","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1545211","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1547728","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1549335","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1551595","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1555020","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1557503","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1559107","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1561328","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:15:36,1564228","ruby.exe","5668","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:15:36,1566661","ruby.exe","5668","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:15:36,1568262","ruby.exe","5668","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:15:36,1570617","ruby.exe","5668","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:15:36,1573740","ruby.exe","5668","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"19:15:36,1575285","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:15:36,1576701","ruby.exe","5668","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:15:36,1579869","ruby.exe","5668","ReadFile","C:\Dokumente und Einstellungen\robert\a.rb","END OF FILE","Offset: 0, Length: 65.536"
"19:15:36,1581621","ruby.exe","5668","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7284064","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7353410","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7421793","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:19:12,7467819","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7521166","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7576349","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:19:12,7629619","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7683838","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7738705","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7743033","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7744902","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7747346","ruby.exe","6020","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:19:12,7748905","ruby.exe","6020","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:19:12,7750673","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:19:12,7752238","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:19:12,7753939","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7758127","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7760761","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7762376","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7764658","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7769176","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7786876","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7803889","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:19:12,7819886","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7848758","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7865791","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:19:12,7883587","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:19:12,7905411","ruby.exe","6020","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:19:12,7921276","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7924173","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7925863","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7928282","ruby.exe","6020","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:19:12,7930987","ruby.exe","6020","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:19:12,7932540","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:19:12,7934009","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:19:12,7935618","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7938840","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7941376","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7942988","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7945251","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7948433","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7950972","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7952570","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7954867","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7967997","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7970737","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7972394","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7974704","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:19:12,7978018","ruby.exe","6020","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:19:12,7980560","ruby.exe","6020","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:19:12,7982175","ruby.exe","6020","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:19:12,7985812","ruby.exe","6020","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:19:12,7987332","ruby.exe","6020","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"19:19:12,7988832","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:19:12,7990679","ruby.exe","6020","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:19:12,7993623","ruby.exe","6020","ReadFile","C:\Dokumente und Einstellungen\robert\a.rb","END OF FILE","Offset: 0, Length: 65.536"
"19:19:12,7995391","ruby.exe","6020","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5028221","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5123264","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5178156","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:20:13,5224629","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5279127","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5335146","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:20:13,5382043","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5451252","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5506399","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5510229","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5511933","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5514400","ruby.exe","5104","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:20:13,5519669","ruby.exe","5104","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:20:13,5521513","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:20:13,5523105","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:20:13,5524860","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5528718","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5531383","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5533009","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5535920","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5540554","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5558023","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5574721","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\site_ruby\a.rb","NAME NOT FOUND",""
"19:20:13,5590390","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5607610","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5627364","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\vendor_ruby\a.rb","NAME NOT FOUND",""
"19:20:13,5643612","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\a.rb","NAME NOT FOUND",""
"19:20:13,5661033","ruby.exe","5104","QueryOpen","C:\Programme\cygwin\lib\ruby\1.8\i386-cygwin\a.rb","NAME NOT FOUND",""
"19:20:13,5676982","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5679606","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Read Attributes, Read Control, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5681569","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5684064","ruby.exe","5104","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:20:13,5685567","ruby.exe","5104","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Read Attributes, Read Control, Position: 0, Mode: , AlignmentRequirement: Word"
"19:20:13,5689389","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:20:13,5690911","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:20:13,5693158","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5696348","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5698966","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5700600","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5702980","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5706360","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5708841","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5710436","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5712705","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5715641","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5718133","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5719725","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5721943","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""
"19:20:13,5724899","ruby.exe","5104","QueryOpen","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, AllocationSize: 0, EndOfFile: 0, FileAttributes: A"
"19:20:13,5727369","ruby.exe","5104","CreateFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FUSSEL\robert, OpenResult: Opened"
"19:20:13,5728978","ruby.exe","5104","QueryNameInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Name: \Dokumente und Einstellungen\robert\a.rb"
"19:20:13,5731696","ruby.exe","5104","QueryInformationVolume","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","VolumeCreationTime: 04.01.2006 16:37:56, VolumeSerialNumber: 6CDA-28EF, SupportsObjects: True, VolumeLabel: "
"19:20:13,5733297","ruby.exe","5104","QueryAllInformationFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","CreationTime: 14.12.2008 19:15:30, LastAccessTime: 14.12.2008 19:15:30, LastWriteTime: 14.12.2008 19:15:30, ChangeTime: 14.12.2008 19:15:30, FileAttributes: A, AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xd21000000000cd7, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"19:20:13,5734783","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","BUFFER OVERFLOW","Information: Owner, Group, DACL"
"19:20:13,5736213","ruby.exe","5104","QuerySecurityFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS","Information: Owner, Group, DACL"
"19:20:13,5740493","ruby.exe","5104","ReadFile","C:\Dokumente und Einstellungen\robert\a.rb","END OF FILE","Offset: 0, Length: 65.536"
"19:20:13,5742493","ruby.exe","5104","CloseFile","C:\Dokumente und Einstellungen\robert\a.rb","SUCCESS",""