| |
| |||||||
Überwachung, Datenschutz und Spam: Anhang und Link aus Spam-Mail angeklicktWindows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
10.12.2025, 19:18
| #1 |
 |  Anhang und Link aus Spam-Mail angeklickt Hallo liebes Team, Spam-E-Mail mit PDF-Anhang wurde geöffnet. Im PDF wurde ein Link angeklickt, der laut Virustotal über mehrere Umleitungen zum regulären Log-in eines Webdiensts führte. Dort wurden die Zugangsdaten eingegeben. Die Zugangsdaten des Webdiensts setzte ich inzwischen zurück. Da ich selbst den Klick nicht ausführte, weiß ich nicht, ob es tatsächlich zu diesen Umleitungen kam und wo genau die Zugangsdaten eingegeben wurden. PDF-Anhang auf Virustotal: https://www.virustotal.com/gui/file/3e980add4ae4e8bd958b597232cea293a1a80641788c243ac8e73539a85aca7e C:\Users\MYNUTZER\Desktop\RE9738632-004510.pdf im Log unten URL auf Virustotal: https://www.virustotal.com/gui/url/bde69262940a42da83e2e663da8a4f63254fd04f6bf783fd1b768a509c87635b/details Windows Defender mit diesen Optionen nichts gefunden: - Schnellüberprüfung - Offline-Prüfung (Log siehe unten) 1. Was hat der Angreifer davon, wenn er auf die originale URL des Webdiensts weiterleitet? Kann er so die Zugangsdaten abgreifen oder ist davon auszugehen, dass vorher ein Keylogger oder andere Malware installiert wurde? 2. Ist sonst etwas zu erkennen oder tun? Danke! Hinweis: Rechner wird als Kleinunternehmer (Einzelnunternehmen) privat und gewerblich benutzt. FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2025
durchgeführt von Admin (Administrator) auf LENOVO_V320 (LENOVO 81CN) (10-12-2025 18:32:27)
Gestartet von C:\Users\MYNUTZER\Downloads\FRST64-11.exe
Geladene Profile: Admin & MYNUTZER
Plattform: Microsoft Windows 10 Home Version 22H2 19045.6691 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerShell\7\pwsh.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIM1E.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E1YATIBEE.EXE <3>
(IDRIX SARL -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2510.7.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3274640 2023-06-03] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [684256 2025-09-15] (Geek Software GmbH -> geek software GmbH)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-26] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [982888 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1320808 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2765952 2024-10-01] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\142.0.3595.94\Installer\setup.exe [7659048 2025-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5902496 2019-11-20] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Keine Datei)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [MicrosoftEdgeAutoLaunch_83786084B7B453946D75401B0D3CE158] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4228688 2025-12-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000004] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000005] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Run: [ConnectDetector] => C:\Users\MYNUTZER2\AppData\Roaming\Adobe\Connect\connectdetector.exe [640696 2021-04-19] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\WINDOWS\system32\EFXLM16A.DLL [193192 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-2760 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBM1E.DLL [180224 2014-03-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-2950 Series 64MonitorBE: C:\WINDOWS\system32\E1YLMBBEE.DLL [247976 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [3182776 2025-02-20] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {8828536E-656C-4140-BBCC-4540746BB69A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1581568 2025-08-24] (Adobe Inc. -> Adobe Inc.)
Task: {A35B1A28-FE21-4E7C-B582-013CE0E6D50B} - System32\Tasks\Backup HN => C:\Program Files\PowerShell\7\pwsh.exe [295456 2025-10-16] (Microsoft Corporation -> Microsoft Corporation) -> C:\PBackup\Backup_Home_Network_FP.ps1
Task: {16DF60B5-A35D-4CF5-826C-D5DDADC3D23E} - System32\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400} => C:\Windows\System32\spool\drivers\x64\3\E1YTSBEE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {23AC5DA0-E917-4C13-925E-A351C795B3B7} - System32\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20} => C:\Windows\System32\spool\drivers\x64\3\E1YTSBEE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {054A85A2-7A95-4CD6-B73B-D71FB8BFD41C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E70CD588-81A7-4B28-9054-DCA790AE6732} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5BEA3D2D-2794-46D9-9311-234B89186E35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3175DFB9-9820-4DB9-8A7F-9F623FD80AAC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpCmdRun.exe [1790656 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7353F222-5B8B-4577-884D-FDC792CCD912} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1164676345-3952839655-4202876673-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695424 2025-11-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {C2AD54AA-ADB5-478A-B499-1C169EDA31C4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-11-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {6B5FBE77-CBD7-4344-A35D-E0521FF6F58A} - System32\Tasks\Pull Backup => C:\Program Files\PowerShell\7\pwsh.exe [295456 2025-10-16] (Microsoft Corporation -> Microsoft Corporation) -> "C:\PBackup\Backup_Home_Network_Pull_FP.ps1"
Task: {9B8BE6CA-0633-4A08-8268-53E0158B63B4} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A59A7EC3-1542-4409-A929-1EB6A6D416AE} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0075E609-14A8-47D1-A025-5EB364E327EE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {F6C10BFE-48DB-4513-A2A2-950E68A678DB} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1164676345-3952839655-4202876673-1002 => C:\Users\MYNUTZER\AppData\Roaming\Zoom\bin\Zoom.exe [462768 2025-11-26] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBEE.EXE:/EXE:{164366C3-8184-49FB-AF42-533F58DEB400} /F:UpdateWORKGROUP\LENOVO_V320$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBEE.EXE:/EXE:{786FFD92-353A-4C78-9D0F-2934D74C9F20} /F:UpdateWORKGROUP\LENOVO_V320$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\35472716E64686165737: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\35472716E64686165737: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4D2937343731393: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4D2937343731393: [DhcpDomain] Speedport_W_724V_09011603_06_010
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F505F525: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F505F525: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F573237303F505: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F573237303F505: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\84165737845726562747573775B4: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\84165737845726562747573775B4: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\C48434D274163747: [DhcpNameServer] 192.168.140.2
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\C48434D274163747: [DhcpDomain] lhc.local
Tcpip\..\Interfaces\{87370ca0-e7f0-4e15-9f70-3302ca52c6b6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{87370ca0-e7f0-4e15-9f70-3302ca52c6b6}: [DhcpDomain] fritz.box
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-05]
Edge Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-08-28]
FireFox:
========
FF DefaultProfile: xu2jle4c.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu2jle4c.default [2019-11-20]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release [2025-10-14]
FF Extension: (New Tab) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\Extensions\newtab@mozilla.org.xpi [2025-10-03]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-10-13]
FF Extension: (Data Leak Blocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\features\{772b0499-7b27-4a92-8fa4-1c4de1e41a07}\data-leak-blocker@mozilla.com.xpi [2025-10-13]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corporation -> Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-11-18] (Adobe Inc. -> Adobe Systems Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174584 2025-08-24] (Adobe Inc. -> Adobe Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [222768 2025-04-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MpDefenderCoreService.exe [2026184 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [684256 2025-09-15] (Geek Software GmbH -> geek software GmbH)
R2 VeraCryptSystemFavorites; C:\Windows\system32\VeraCrypt.exe [5902496 2019-11-20] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\NisSrv.exe [4414480 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0\MsMpEng.exe [282440 2025-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287232 2022-06-17] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [333192 2025-11-18] (Microsoft Windows -> Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2020-09-11] (Microsoft Corporation) [Datei ist nicht signiert]
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [828256 2019-11-20] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20904 2025-11-18] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [629168 2025-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102792 2025-11-18] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-12-10 18:32 - 2025-12-10 18:34 - 000021710 _____ C:\Users\MYNUTZER\Downloads\FRST.txt
2025-12-10 18:31 - 2025-12-10 18:31 - 000000000 ____D C:\Users\MYNUTZER\Downloads\FRST-OlderVersion
2025-12-10 18:30 - 2025-12-10 18:33 - 000000000 ____D C:\FRST
2025-12-10 18:24 - 2025-12-10 18:31 - 002444288 _____ (Farbar) C:\Users\MYNUTZER\Downloads\FRST64-11.exe
2025-12-10 17:23 - 2025-12-10 17:23 - 083623936 _____ C:\WINDOWS\system32\config\SOFTWARE
2025-12-10 17:09 - 2025-12-10 17:23 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2025-12-10 15:18 - 2025-12-10 16:18 - 000436993 _____ C:\Users\MYNUTZER\Desktop\RE9738632-004510.pdf
2025-12-10 14:22 - 2025-12-10 14:22 - 000168949 _____ C:\Users\MYNUTZER\Desktop\Scanned_from_a_Lexmark_Multifunction_Product10-12-2025-113032.pdf
2025-12-10 12:35 - 2025-12-10 17:35 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-12-09 12:39 - 2025-12-09 12:39 - 000736201 _____ C:\Users\MYNUTZER\Desktop\Rechnung97.pdf
2025-12-09 12:38 - 2025-12-09 12:38 - 000741120 _____ C:\Users\MYNUTZER\Desktop\Auftragsbestätigung.pdf
2025-12-08 16:58 - 2025-12-08 17:25 - 000391029 _____ C:\Users\MYNUTZER\Desktop\RHS EGH WHG 3.pdf
2025-12-08 16:58 - 2025-12-08 17:23 - 000662923 _____ C:\Users\MYNUTZER\Desktop\RHS EGV WHG 1 .pdf
2025-12-08 13:51 - 2025-12-08 13:51 - 000077512 _____ C:\Users\MYNUTZER\Desktop\V-HSG 5a.pdf
2025-12-08 10:59 - 2025-12-08 10:59 - 001141442 _____ C:\Users\MYNUTZER\Desktop\01.12.25-Prot._HSG 5a-1. OG.pdf
2025-12-05 10:56 - 2025-12-05 10:56 - 000171603 _____ C:\Users\MYNUTZER\Downloads\2025_Kundeninformation zur Einlagensicherung_vom_2025.12.04_20251205105633.pdf
2025-12-05 10:29 - 2025-12-05 10:29 - 000018635 _____ C:\Users\MYNUTZER\Desktop\Stadtwerke Bad Hersfeld GmbH (zaehler@ablesen.de) - 2025-12-02 0759.eml
2025-12-05 09:01 - 2025-12-05 09:01 - 011029775 _____ C:\Users\MYNUTZER\Desktop\ISTA 24-25.pdf
2025-12-05 07:36 - 2025-12-05 07:36 - 000352874 _____ C:\Users\MYNUTZER\Desktop\05.12.25-an Frau_MV.pdf
2025-12-04 19:07 - 2025-12-08 11:08 - 001290656 _____ C:\Users\MYNUTZER\Desktop\Auszug_HSG 5a.pdf
2025-12-04 17:56 - 2025-12-06 10:28 - 000011591 _____ C:\Users\MYNUTZER\Desktop\RHS_BK bis 30.09..xlsx
2025-12-04 17:56 - 2025-12-04 18:01 - 000416549 _____ C:\Users\MYNUTZER\Desktop\RHS_BK bis 30.09..pdf
2025-12-04 14:25 - 2025-12-04 14:25 - 001242584 _____ C:\Users\MYNUTZER\Downloads\Entwurf_Powi_UB_02.pdf
2025-12-04 13:32 - 2025-12-04 13:33 - 003456929 _____ C:\Users\MYNUTZER\Desktop\Anlagen MV_Rathgeber.pdf
2025-12-04 13:27 - 2025-12-05 07:18 - 000000943 _____ C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400}.job
2025-12-04 13:27 - 2025-12-04 13:27 - 000004142 _____ C:\WINDOWS\system32\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400}
2025-12-04 11:00 - 2025-12-04 13:40 - 000485716 _____ C:\Users\MYNUTZER\Desktop\MV2.pdf
2025-12-04 10:56 - 2025-12-04 10:56 - 001574565 _____ C:\Users\MYNUTZER\Downloads\Musterformular.pdf
2025-12-03 21:22 - 2025-12-03 21:22 - 000002209 _____ C:\Users\Public\Desktop\Epson Printer Connection Checker.lnk
2025-12-03 21:21 - 2025-12-05 07:18 - 000000943 _____ C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20}.job
2025-12-03 21:21 - 2025-12-03 21:21 - 000004142 _____ C:\WINDOWS\system32\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20}
2025-12-03 21:19 - 2025-12-03 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2025-12-03 21:19 - 2025-12-03 21:22 - 000000000 ____D C:\Program Files (x86)\Epson Software
2025-12-03 21:19 - 2025-12-03 21:20 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Epson
2025-12-03 21:19 - 2025-12-03 21:19 - 000000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2025-12-03 21:05 - 2025-12-03 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2025-12-03 21:04 - 2025-12-03 21:05 - 000000000 ____D C:\Program Files\PDF24
2025-12-03 20:53 - 2025-12-04 02:30 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\EPSON
2025-12-03 20:53 - 2025-12-03 21:22 - 000000000 ____D C:\Program Files (x86)\epson
2025-12-03 20:53 - 2025-12-03 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2025-12-03 20:53 - 2025-04-08 12:21 - 003667640 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\ESXWDT00.DLL
2025-12-03 20:53 - 2025-04-08 12:21 - 001522872 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2u2.dll
2025-12-03 20:53 - 2025-04-08 12:21 - 000222768 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2025-12-03 20:53 - 2025-04-08 12:21 - 000147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2025-12-03 20:45 - 2025-12-03 20:45 - 000000000 ____D C:\Program Files\EpsonNet
2025-12-03 20:45 - 2025-06-24 11:06 - 000247976 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E1YLMBBEE.DLL
2025-12-01 16:11 - 2025-12-01 19:21 - 000009094 _____ C:\Users\MYNUTZER\Documents\Durchgeführte Tätigkeiten.xlsx
2025-12-01 14:20 - 2025-12-01 14:20 - 000289679 _____ C:\Users\MYNUTZER\Desktop\HSG 5-_Datenblatt.pdf
2025-12-01 14:14 - 2025-12-01 14:14 - 000278314 _____ C:\Users\MYNUTZER\Desktop\HSG 5_Datenblatt.pdf
2025-12-01 13:18 - 2025-12-01 13:18 - 009398311 _____ C:\Users\MYNUTZER\Desktop\01.12.25-MV ServiceFlex UG_HSG -1. OG.pdf
2025-12-01 07:22 - 2025-12-01 07:22 - 000087253 _____ C:\Users\MYNUTZER\Downloads\2025_Nr.011_Kontoauszug_vom_2025.11.28_20251201072237.pdf
2025-12-01 07:21 - 2025-12-01 07:21 - 000072389 _____ C:\Users\MYNUTZER\Downloads\2025_Nr.011_Kontoauszug_vom_2025.11.28_20251201072155.pdf
2025-11-29 09:42 - 2025-11-29 09:42 - 000700675 _____ C:\Users\MYNUTZER\Desktop\2m22m59__GEMÜTLICHE KLEINE WOHNUNG.pdf
2025-11-29 09:40 - 2025-11-29 09:40 - 000700675 _____ C:\Users\MYNUTZER\Downloads\2m22m59__GEMÜTLICHE KLEINE WOHNUNG2.pdf
2025-11-26 18:08 - 2025-12-01 05:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-11-26 08:48 - 2025-11-26 08:48 - 000571849 _____ C:\Users\MYNUTZER\Desktop\RHS_BK 25.pdf
2025-11-26 06:11 - 2025-11-26 06:11 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2025-11-23 08:59 - 2025-11-23 08:59 - 000987805 _____ C:\Users\MYNUTZER\Desktop\hoeherstufung-pflegegeld-15711.pdf
2025-11-20 16:18 - 2025-11-20 16:18 - 000083344 _____ C:\Users\MYNUTZER\Desktop\202509013446.pdf
2025-11-19 16:01 - 2025-11-19 16:01 - 000092924 _____ C:\Users\MYNUTZER\Downloads\produkt_203078938-1.pdf
2025-11-19 15:55 - 2025-11-19 15:55 - 000092895 _____ C:\Users\MYNUTZER\Downloads\produkt_203078936-1.pdf
2025-11-19 15:47 - 2025-11-19 15:47 - 000092548 _____ C:\Users\MYNUTZER\Downloads\produkt_203078933-1.pdf
2025-11-11 14:54 - 2025-11-11 14:54 - 000010327 _____ C:\Users\MYNUTZER\Desktop\2024_Anonym.xlsx
2025-11-10 11:45 - 2025-11-10 11:45 - 000023504 _____ C:\Users\MYNUTZER\Desktop\Anonym.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-12-10 18:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-12-10 18:23 - 2022-02-14 05:55 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-12-10 17:35 - 2019-11-20 16:43 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-12-10 17:35 - 2019-11-20 15:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-12-10 17:32 - 2020-08-02 18:25 - 001632024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-12-10 17:32 - 2019-12-07 15:50 - 000707316 _____ C:\WINDOWS\system32\perfh007.dat
2025-12-10 17:32 - 2019-12-07 15:50 - 000142574 _____ C:\WINDOWS\system32\perfc007.dat
2025-12-10 17:32 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-12-10 17:30 - 2021-12-19 17:58 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-12-10 17:25 - 2020-08-02 18:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-12-10 17:25 - 2019-11-20 16:16 - 000000000 __SHD C:\Users\MYNUTZER\IntelGraphicsProfiles
2025-12-10 17:24 - 2020-08-02 18:17 - 000008192 ___SH C:\DumpStack.log.tmp
2025-12-10 17:15 - 2019-12-07 10:03 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2025-12-10 17:13 - 2020-08-02 18:17 - 000298656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-12-10 17:08 - 2023-12-16 16:30 - 000000000 ____D C:\Users\PBackup
2025-12-10 17:08 - 2023-12-02 14:56 - 000000000 ____D C:\Users\PBackupReader
2025-12-10 17:07 - 2020-08-02 17:56 - 000000000 ____D C:\Users\MYNUTZER
2025-12-10 17:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-12-10 17:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-12-10 17:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-12-10 17:06 - 2019-11-21 10:04 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\KeePass
2025-12-10 16:48 - 2017-05-17 22:39 - 000028718 _____ C:\Users\MYNUTZER\Desktop\MYNUTZERPasswörter.kdbx
2025-12-10 14:42 - 2020-08-02 18:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-12-10 13:26 - 2019-11-25 09:00 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\Microsoft\Excel
2025-12-10 12:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-12-10 12:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-12-10 09:26 - 2019-11-20 16:32 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\Microsoft\Word
2025-12-10 09:06 - 2017-05-17 22:39 - 000000000 ____D C:\Users\MYNUTZER\Desktop\ANONYM - BLANKO
2025-12-10 08:13 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-12-10 08:11 - 2020-08-02 18:18 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-12-10 07:49 - 2019-11-20 17:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-12-10 07:47 - 2019-11-20 17:16 - 218369424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-12-10 06:04 - 2020-08-02 16:43 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-12-10 06:04 - 2020-08-02 16:43 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-12-09 19:40 - 2023-11-25 15:42 - 000000000 ___HD C:\Backup_From_NP
2025-12-07 11:48 - 2025-11-09 20:12 - 000000000 ____D C:\Users\MYNUTZER\Desktop\Sonnenhang_EG
2025-12-03 21:22 - 2023-11-30 12:49 - 000000000 ____D C:\ProgramData\Package Cache
2025-12-03 21:22 - 2019-11-20 16:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-12-03 21:20 - 2019-11-20 16:49 - 000000000 ____D C:\ProgramData\EPSON
2025-12-02 18:08 - 2019-11-20 15:37 - 000000000 ____D C:\Program Files (x86)\K.IM 3.5 - Kompakte Immobilienbewertung
2025-11-29 09:39 - 2020-08-02 18:21 - 000003754 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-11-29 09:39 - 2020-08-02 18:21 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-11-27 06:05 - 2019-11-20 15:27 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-11-26 16:14 - 2025-03-11 10:59 - 000000000 ____D C:\Users\MYNUTZER\AppData\Roaming\Zoom
2025-11-26 10:56 - 2024-11-19 07:15 - 000000000 ____D C:\Users\MYNUTZER\Desktop\ANONYM 2024
2025-11-26 06:11 - 2025-03-11 10:59 - 000004256 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1164676345-3952839655-4202876673-1002
2025-11-25 13:46 - 2017-05-17 22:39 - 000000000 ____D C:\Users\MYNUTZER\Desktop\DATEN LIEGENSCHAFTEN
2025-11-23 07:42 - 2022-10-13 10:20 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2025-11-18 06:51 - 2019-11-20 14:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-11-16 20:23 - 2019-11-20 16:30 - 000000000 ____D C:\Users\MYNUTZER\AppData\Local\D3DSCache
2025-11-15 11:40 - 2019-11-20 15:56 - 000000000 ____D C:\ProgramData\Realtek
2025-11-15 11:39 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2025-11-15 11:39 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2025-11-15 11:39 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2025-11-15 11:39 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2025-11-15 11:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-11-15 11:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-11-15 11:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-11-15 11:35 - 2020-08-02 17:56 - 000000000 ____D C:\Users\Admin
2025-11-11 14:28 - 2025-11-09 20:17 - 000000000 ____D C:\Users\MYNUTZER\Desktop\Handy_Fotos 09.11.25
2025-11-11 11:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-11-2025
durchgeführt von Admin (10-12-2025 18:37:16)
Gestartet von C:\Users\MYNUTZER\Downloads
Microsoft Windows 10 Home Version 22H2 19045.6691 (X64) (2020-08-02 17:21:11)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Admin (S-1-5-21-1164676345-3952839655-4202876673-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1164676345-3952839655-4202876673-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1164676345-3952839655-4202876673-503 - Limited - Disabled)
MYNUTZER (S-1-5-21-1164676345-3952839655-4202876673-1002 - Limited - Enabled) => C:\Users\MYNUTZER
Gast (S-1-5-21-1164676345-3952839655-4202876673-501 - Limited - Disabled)
MYNUTZER2 (S-1-5-21-1164676345-3952839655-4202876673-1003 - Limited - Enabled) => C:\Users\MYNUTZER2
PBackup (S-1-5-21-1164676345-3952839655-4202876673-1005 - Administrator - Enabled) => C:\Users\PBackup
PBackupReader (S-1-5-21-1164676345-3952839655-4202876673-1004 - Limited - Enabled) => C:\Users\PBackupReader
WDAGUtilityAccount (S-1-5-21-1164676345-3952839655-4202876673-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat Reader - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 25.001.20937 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.)
Adobe Connect (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Adobe Connect App) (Version: 2021.3.27.64 - Adobe Systems Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601120}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.)
Epson Event Manager (HKLM-x32\...\{5E51EA28-9CED-4B92-A636-A71E40D48D50}) (Version: 3.11.82 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.04.02.04 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{3E43D194-E18D-4C8A-B36D-15F14395A0A6}) (Version: 3.4.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{8D3E35BD-10F6-42A9-8F4D-F9BE5F51D477}) (Version: 3.7.17 - Seiko Epson Corporation)
EPSON WF-2760 Series Printer Uninstall (HKLM\...\EPSON WF-2760 Series) (Version: - Seiko Epson Corporation)
EPSON WF-2950 Series Printer Uninstall (HKLM\...\EPSON WF-2950 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{DB5EDF09-A7A7-47FA-B365-A7500A472878}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Git version 2.24.1.2 (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Git_is1) (Version: 2.24.1.2 - The Git Development Community)
K.IM 3.5 - Kompakte Immobilienbewertung (HKLM-x32\...\K.IM_is1) (Version: - Gfi)
KeePass Password Safe 2.54 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.54 - Dominik Reichl)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 143.0.3650.75 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 142.0.3595.94 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel MUI (German) 2007 (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (HKLM-x32\...\{90120000-00A1-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (HKLM-x32\...\{90120000-002C-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}) (Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (HKLM\...\{90120000-002A-0407-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (HKLM-x32\...\{90120000-006E-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\OneDriveSetup.exe) (Version: 24.156.0804.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27024 (HKLM-x32\...\{7258184A-EC44-4B1A-A7D3-68D85A35BFD0}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27024 (HKLM-x32\...\{5EEFCEFB-E5F7-4C82-99A5-813F04AA4FBD}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox) (Version: 145.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0 - Mozilla)
Mozilla Thunderbird ESR (x64 de) (HKLM\...\Mozilla Thunderbird 140.6.0 ESR (x64 de)) (Version: 140.6.0 - Mozilla)
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PDF24 Creator 11.28.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.28.2 - Geek Software GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerShell 7.5.4.0-x64 (HKLM-x32\...\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}) (Version: 7.5.4.0 - Microsoft Corporation)
PowerShell 7-x64 (HKLM\...\{E8159677-ACF8-4D64-9D36-5C36B8BBEA39}) (Version: 7.5.4.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Hotfix1 - IDRIX)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WISO Hausverwalter 2020 (HKLM-x32\...\{E30CC343-3905-4CB1-A5FE-EF676D5CB0A7}) (Version: 14.00.1512 - Buhl Data Service GmbH)
Zoom Workplace (HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\ZoomUMX) (Version: 6.6.6 (19875) - Zoom Communications, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2025-07-21] ()
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2024-08-24] (INTEL CORP)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-08-14] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1164676345-3952839655-4202876673-1002_Classes\CLSID\{5e4ed412-4bc5-4b5b-9b66-14aa2d4e0197}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1164676345-3952839655-4202876673-1002_Classes\CLSID\{751BB081-8510-4638-89C0-E8CF50F7B1BD}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Acrobat Elements\ContextMenuShim64.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2023-12-16 16:01 - 2023-06-20 09:00 - 000101376 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-02-14 12:52 - 2022-02-23 10:59 - 000000441 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Network ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
ist aktiviert.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
WLAN: Realtek 8821CE Wireless LAN 802.11ac PCI-E NIC -> rtwlane.sys
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\Control Panel\Desktop\\Wallpaper -> c:\users\MYNUTZER\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\ab.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\AppData\Local\JetBrains\IntelliJIdea2020.1
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\Desktop\Master_Thesis\Submission_Disc\Quellcode\axon-server-api
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\Desktop\Master_Thesis\Submission_Disc\Quellcode\AxonFramework
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\Desktop\Master_Thesis\Submission_Disc\Quellcode\axonserver-tamper-evidence-common
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\Desktop\Master_Thesis\Submission_Disc\Quellcode\audit-server-connector
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\MYNUTZER2\Desktop\Master_Thesis\Submission_Disc\Quellcode\audit-server
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_83786084B7B453946D75401B0D3CE158"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{469EAB48-EB9E-4E5D-9E8F-DD35AE800B14}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => Keine Datei
FirewallRules: [TCP Query User{3B55B160-B3F7-48EC-899E-6FAED4A45A19}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => Keine Datei
FirewallRules: [UDP Query User{297D1CAF-B214-48FF-BC93-9C908EAC703F}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => Keine Datei
FirewallRules: [TCP Query User{D4E0D385-89DA-456C-A9C2-8B09B5B9C0A4}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => Keine Datei
FirewallRules: [{7A03987C-D06A-41E3-8704-B03EAE296B8A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{FCEF4839-B921-49E8-BEC3-76348CCFC7EB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{72C6D46F-6D94-4AC4-BD11-5082AAC017E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FFF428F9-A024-422E-806B-60CC683C7EB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3A565074-B858-4230-80E3-8F61F5BE84EF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2039BF60-4BA2-48D2-AF42-C4BE037DAA1E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{04A33EED-6BE2-479F-9BE1-7B7315672C75}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C761D4F6-1FF7-48D1-9D4E-E56F3BA9D6BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB482C7B-C358-4588-85B9-F299604C6256}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E62F9F03-ED31-4A34-A958-6A00BC641186}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{10B68C30-2868-4E0C-8B30-CD72306DD730}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => Keine Datei
FirewallRules: [UDP Query User{D252CBF0-BA55-4BBB-957B-4AB00116AF2F}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => Keine Datei
FirewallRules: [{49D87F2A-DDCC-46FD-9880-87572175CA82}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Keine Datei
FirewallRules: [{FF7C209B-02A1-4E9A-8F8A-5B32896B30AD}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Keine Datei
FirewallRules: [{BB2036C2-B3F1-4090-B3AA-20ABDFBCF3BE}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{07A0E6AA-1071-4286-9904-16F47A92ECB7}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
==================== Wiederherstellungspunkte =========================
10-12-2025 08:05:18 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/05/2025 07:23:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025c6e
ID des fehlerhaften Prozesses: 0x624
Startzeit der fehlerhaften Anwendung: 0x01dc65af64f01894
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Berichtskennung: 018431f8-62e8-44ce-abef-00d0a113f668
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/05/2025 07:23:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.19041.3636, Zeitstempel: 0x7e27562f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00088d4a
ID des fehlerhaften Prozesses: 0x624
Startzeit der fehlerhaften Anwendung: 0x01dc65af64f01894
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\msvcrt.dll
Berichtskennung: 6648f1fc-43c5-4dfe-a217-41a460d216ed
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2025 07:06:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025c6e
ID des fehlerhaften Prozesses: 0x3200
Startzeit der fehlerhaften Anwendung: 0x01dc64e4088086e9
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Berichtskennung: 9324275c-370f-45a5-9eed-e65c0aecb95c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2025 07:06:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.19041.3636, Zeitstempel: 0x7e27562f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00088d4a
ID des fehlerhaften Prozesses: 0x3200
Startzeit der fehlerhaften Anwendung: 0x01dc64e4088086e9
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\msvcrt.dll
Berichtskennung: 0f8f5ff0-1869-4685-9ee6-5eb9e60d2896
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2025 07:00:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025fb0
ID des fehlerhaften Prozesses: 0x2ef4
Startzeit der fehlerhaften Anwendung: 0x01dc64e337098dc2
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Berichtskennung: ca95256c-fcdf-4840-a633-00ea19195e3a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2025 07:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.19041.3636, Zeitstempel: 0x7e27562f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008abf9
ID des fehlerhaften Prozesses: 0x2ef4
Startzeit der fehlerhaften Anwendung: 0x01dc64e337098dc2
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\msvcrt.dll
Berichtskennung: 5a5732b6-4f30-42cc-a485-9d88d035a295
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/03/2025 09:29:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025fb0
ID des fehlerhaften Prozesses: 0x3854
Startzeit der fehlerhaften Anwendung: 0x01dc649375805c6f
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Berichtskennung: 3a590d1c-b16d-4553-b4c6-9e44faabd76c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/03/2025 09:29:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pdf24-Twain-x86.exe, Version: 0.0.0.0, Zeitstempel: 0x666af3d1
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.19041.3636, Zeitstempel: 0x7e27562f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008abf9
ID des fehlerhaften Prozesses: 0x3854
Startzeit der fehlerhaften Anwendung: 0x01dc649375805c6f
Pfad der fehlerhaften Anwendung: C:\Program Files\PDF24\twain\pdf24-Twain-x86.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\msvcrt.dll
Berichtskennung: 56f9f6c7-0756-497d-8f26-9b3a70454211
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/10/2025 05:30:01 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Zertifikate für den sicheren Start wurden aktualisiert, aber noch nicht auf die Gerätefirmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und vollständigen Schutz sicherzustellen. Diese Gerätesignaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel:
UpdateType:
Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2301018.
Error: (12/10/2025 05:08:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Übermittlungsoptimierung konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/10/2025 05:07:28 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO_V320)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/10/2025 05:07:28 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO_V320)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/10/2025 05:07:28 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO_V320)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/10/2025 05:07:27 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO_V320)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/09/2025 01:32:39 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR11 gefunden.
Error: (12/06/2025 09:19:58 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Zertifikate für den sicheren Start wurden aktualisiert, aber noch nicht auf die Gerätefirmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und vollständigen Schutz sicherzustellen. Diese Gerätesignaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel:
UpdateType: 0
Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2301018.
Windows Defender:
================
Date: 2025-12-10 08:24:40
Description:
Microsoft Defender Antivirus śčåп ħąś ьэĕŋ şŧøφρеδ ъзƒőѓз çőмрłêτìòή.%ň %ţŞčдň ΪĎ:%в{CC000A01-3434-4F9B-9B22-1A1FF89FE71F}%ň %ŧŞčåη Ŧўρę:%вAntimalware%η %ŧŚĉàň Ρäґαм℮ŧéѓš:%ъSchnellüberprüfung%ñ %тЦśёѓ:%ъNT-AUTORITÄT\SYSTEM%π %τŠţõφ Яëąšбⁿ:%вŞċħęðùłėđ ŝ¢ǻй ẁąş ѕĸϊρφέđ веčаџŝĕ ťĥε łąşţ şϋς¢еşѕƒûļ şċаņ ẁäş ẁìţħϊή ťђè ļдšţ 7 ďªÿş
Date: 2025-12-09 13:27:03
Description:
Microsoft Defender Antivirus śčåп ħąś ьэĕŋ şŧøφρеδ ъзƒőѓз çőмрłêτìòή.%ň %ţŞčдň ΪĎ:%в{031478B0-A75B-455F-826B-E77847843D3A}%ň %ŧŞčåη Ŧўρę:%вAntimalware%η %ŧŚĉàň Ρäґαм℮ŧéѓš:%ъSchnellüberprüfung%ñ %тЦśёѓ:%ъNT-AUTORITÄT\SYSTEM%π %τŠţõφ Яëąšбⁿ:%вŞċħęðùłėđ ŝ¢ǻй ẁąş ѕĸϊρφέđ веčаџŝĕ ťĥε łąşţ şϋς¢еşѕƒûļ şċаņ ẁäş ẁìţħϊή ťђè ļдšţ 7 ďªÿş
Date: 2025-12-08 09:53:00
Description:
Microsoft Defender Antivirus śčåп ħąś ьэĕŋ şŧøφρеδ ъзƒőѓз çőмрłêτìòή.%ň %ţŞčдň ΪĎ:%в{42E0846B-3D9D-4793-886E-D20CC6160768}%ň %ŧŞčåη Ŧўρę:%вAntimalware%η %ŧŚĉàň Ρäґαм℮ŧéѓš:%ъSchnellüberprüfung%ñ %тЦśёѓ:%ъNT-AUTORITÄT\SYSTEM%π %τŠţõφ Яëąšбⁿ:%вŞċħęðùłėđ ŝ¢ǻй ẁąş ѕĸϊρφέđ веčаџŝĕ ťĥε łąşţ şϋς¢еşѕƒûļ şċаņ ẁäş ẁìţħϊή ťђè ļдšţ 7 ďªÿş
Date: 2025-12-07 11:56:25
Description:
Microsoft Defender Antivirus śčåп ħąś ьэĕŋ şŧøφρеδ ъзƒőѓз çőмрłêτìòή.%ň %ţŞčдň ΪĎ:%в{49D34391-C6EA-4B40-B93B-AE285FA15E1B}%ň %ŧŞčåη Ŧўρę:%вAntimalware%η %ŧŚĉàň Ρäґαм℮ŧéѓš:%ъSchnellüberprüfung%ñ %тЦśёѓ:%ъNT-AUTORITÄT\SYSTEM%π %τŠţõφ Яëąšбⁿ:%вŞċħęðùłėđ ŝ¢ǻй ẁąş ѕĸϊρφέđ веčаџŝĕ ťĥε łąşţ şϋς¢еşѕƒûļ şċаņ ẁäş ẁìţħϊή ťђè ļдšţ 7 ďªÿş
Date: 2025-12-06 09:49:37
Description:
Microsoft Defender Antivirus śčåп ħąś ьэĕŋ şŧøφρеδ ъзƒőѓз çőмрłêτìòή.%ň %ţŞčдň ΪĎ:%в{35CD78BD-9367-4244-9331-7563B15D337A}%ň %ŧŞčåη Ŧўρę:%вAntimalware%η %ŧŚĉàň Ρäґαм℮ŧéѓš:%ъSchnellüberprüfung%ñ %тЦśёѓ:%ъNT-AUTORITÄT\SYSTEM%π %τŠţõφ Яëąšбⁿ:%вŔР€ сóňйê¢τїøй ŗŭⁿδôẅñ
Event[0]:
Date: 2025-12-10 17:15:09
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.
CodeIntegrity:
===============
Date: 2025-04-01 11:47:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: LENOVO 6JCN24WW 02/24/2018
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 8066.72 MB
Verfügbarer physikalischer RAM: 3240.91 MB
Summe virtueller Speicher: 13186.72 MB
Verfügbarer virtueller Speicher: 8632.14 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:236.71 GB) (Free:78.68 GB) (Model: INTEL SSDSC2KW256G8L) NTFS
Drive p: (PBackup) (Removable) (Total:210 GB) (Free:182.28 GB) NTFS
Drive s: (Samsung256) (Fixed) (Total:229.49 GB) (Free:19.32 GB) (Model: Samsung Portable SSD T1 SCSI Disk Device) NTFS
\\?\Volume{3efd4058-3c73-4c33-a477-278f3e1b317b}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ce35a82-5f03-456e-b76b-e280b31781f4}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{7dc0a558-4dce-41f7-96d3-0cd1155c3259}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{bdfd4050-d5e4-11f0-9407-8c1645aebadd}\ () (RAMDisk) (Total:236.71 GB) (Free:80.2 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A932EAC0)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 48B7BA41)
Partition 1: (Not Active) - (Size=229.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Windows Defender: Code:
ATTFilter
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-10-2025 17:09:59
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/10/2025 16:09:59.821499800 UTC (22156 ms since boot)
2025-12-10T16:09:59.819Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2025-12-10T16:09:59.819Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20251210-170959-00000003-ffffffff.bin ...
2025-12-10T16:09:59.819Z [WPP] Trace session started - WdoWppTracing-20251210-170959-00000003-ffffffff.bin
2025-12-10T16:09:59.819Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2025-12-10T16:09:59.819Z [PlatUpd] Service launched successfully from: C:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2025-12-10T16:09:59.819Z Service is asked to be reenabled.
2025-12-10T16:09:59.835Z Task(-EnableService) launched
2025-12-10T16:10:00.038Z Loaded module#0 MpComServer.
2025-12-10T16:10:00.053Z Loading engine...
2025-12-10T16:10:00.053Z CSignatureStatus: changed to DUE_REPORTED
2025-12-10T16:10:00.053Z Engine loaded!
2025-12-10T16:10:00.069Z Verifying license file...
2025-12-10T16:10:00.100Z Verified [C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2025-12-10T16:10:01.803Z MpManagerEnable: setting DisableAS to 0 ...
2025-12-10T16:10:01.803Z MpManagerEnable: setting DisableAV to 0 ...
2025-12-10T16:10:32.417Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2025-12-10T16:10:32.417Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-10-2025 17:10:32 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-10-2025 17:16:35
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/10/2025 16:16:35.418006500 UTC (18750 ms since boot)
2025-12-10T16:16:35.406Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2025-12-10T16:16:35.406Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20251210-171635-00000003-ffffffff.bin ...
2025-12-10T16:16:35.421Z [WPP] Trace session started - WdoWppTracing-20251210-171635-00000003-ffffffff.bin
2025-12-10T16:16:35.421Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2025-12-10T16:16:35.421Z [PlatUpd] Service launched successfully from: C:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2025-12-10T16:16:35.421Z Service is asked to be reenabled.
2025-12-10T16:16:35.421Z Task(-EnableService) launched
2025-12-10T16:16:35.452Z Loaded module#0 MpComServer.
2025-12-10T16:16:35.452Z Loading engine...
2025-12-10T16:16:36.093Z UpdateEngine start: Source: 3, szUpdateDirectory: C:\WINDOWS\Microsoft Antimalware\Definition Updates\{DD694294-7A90-4244-9A80-7F81E54B2E6D}
2025-12-10T16:16:36.718Z Verifying engine and signature files (source: 0) ...
2025-12-10T16:16:36.843Z Verified [C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}\mpengine.dll]
2025-12-10T16:16:37.499Z Verified [C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}\mpasbase.vdm]
2025-12-10T16:16:37.499Z Verified [C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}\mpasdlta.vdm]
2025-12-10T16:16:37.872Z Verified [C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}\mpavbase.vdm]
2025-12-10T16:16:37.872Z Verified [C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}\mpavdlta.vdm]
Database:
2025-12-10T16:16:38.055Z Can't find offline cache cache (C:\WINDOWS\Microsoft Antimalware\Scans\mpcache-2011F250DD44F34F9D4363314E66809AF248453C.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
Geo ID not found using standard default set: :
2025-12-10T16:16:44.506Z SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx
2025-12-10T16:16:44.506Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2025-12-10T16:16:44.538Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2025-12-10T16:16:44.538Z CSignatureStatus: back to good
2025-12-10T16:16:44.538Z [Engine] Loaded C:\WINDOWS\Microsoft Antimalware\Definition Updates\{A6E55032-17D6-4D59-8B9C-652800F13F37}
2025-12-10T16:16:44.538Z [Engine] Removing C:\WINDOWS\Microsoft Antimalware\Definition Updates\{DD694294-7A90-4244-9A80-7F81E54B2E6D} ...
Beginning quarantine recovery
Quarantine ID:{00000000-0000-0000-0000-000000000000}
Target:
Flags:131074
Start time:12-10-2025 17:16:44
Finished quarantine recovery
Quarantine ID:{00000000-0000-0000-0000-000000000000}
Result:0
End time:12-10-2025 17:16:44
2025-12-10T16:16:44.553Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-10-2025 17:16:44
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.25110.1
AS Signature Version: 1.443.15.0
AV Signature Version: 1.443.15.0
************************************************************
2025-12-10T16:16:44.553Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: C:\WINDOWS\Microsoft Antimalware\Definition Updates\{DD694294-7A90-4244-9A80-7F81E54B2E6D}
2025-12-10T16:16:44.569Z Engine loaded!
2025-12-10T16:16:44.569Z Verifying license file...
2025-12-10T16:16:44.569Z Verified [C:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2025-12-10T16:16:44.569Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.25110.1
AS Signature Version: 1.443.15.0
AV Signature Version: 1.443.15.0
************************************************************
2025-12-10T16:16:45.539Z MpManagerEnable: setting DisableAS to 0 ...
2025-12-10T16:16:45.539Z MpManagerEnable: setting DisableAV to 0 ...
2025-12-10T16:16:45.539Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x00000555BA5C7F1B, sigsha=138662c2d63655b4169a20e580e5d2375c986214, cached=false, source=0, resourceid=0x2fd5d3ca
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98961FA8, sigsha=29727b199c33e2ba7beb863c494f3a822d8e7975, cached=false, source=0, resourceid=0x1e17b347
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AF73F2F, sigsha=34beabc7c90d49b44c8f9bb1cff30f9369d83b02, cached=false, source=0, resourceid=0x1e17b347
Internal signature match:subtype=Lowfi, sigseq=0x000005550D8A922A, sigsha=0fe32bfd2392527aa796ed38880c1eb47c464cf7, cached=false, source=0, resourceid=0x1e17b347
Internal signature match:subtype=Lowfi, sigseq=0x0000157E280584E9, sigsha=c9830f635de68f0927a676858786b0250f526104, cached=false, source=0, resourceid=0x1e17b347
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE5E7662A, sigsha=8d3fe03f8d00e224cd08c035b82a51ba019d4831, cached=false, source=0, resourceid=0x76512468
Internal signature match:subtype=Lowfi, sigseq=0x0000157E752483F7, sigsha=64ce4f290a2979ba3450ad89bbf19bb8be8df944, cached=false, source=0, resourceid=0x76512468
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6B158C27, sigsha=40a753c84bd225659d7573c5ede394680229e428, cached=false, source=0, resourceid=0x76512468
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB97D389, sigsha=40dd3c1b7524a09b57af8c5f4a7973af83e7f8b3, cached=false, source=0, resourceid=0xaca6532f
Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790
Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790
Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790
Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790
2025-12-10T16:17:35.439Z Process scan (postsignatureupdatescan) started.
2025-12-10T16:17:35.673Z Process scan (postsignatureupdatescan) completed.
Engine:
2025-12-10T16:18:00.915Z Setting original file name "pcalua.exe" for "\\?\c:\windows\syswow64\pcacli.dll", hr=0x0
Engine:
2025-12-10T16:18:05.817Z Setting original file name "reg.exe" for "\\?\c:\windows\syswow64\reg.exe", hr=0x0
Engine:
2025-12-10T16:18:06.035Z Setting original file name "register-cimprovider2.exe" for "\\?\c:\windows\syswow64\register-cimprovider.exe", hr=0x0
Engine:
2025-12-10T16:18:07.416Z Setting original file name "rundll32.exe" for "\\?\c:\windows\syswow64\rundll32.exe", hr=0x0
Engine:
2025-12-10T16:18:07.924Z Setting original file name "schtasks.exe" for "\\?\c:\windows\syswow64\schtasks.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC97771BD, sigsha=0d38669fbe4311eec72c2767872bbdca3119f396, cached=false, source=0, resourceid=0x58f757df
Engine:
2025-12-10T16:19:35.771Z Setting original file name "pcalua.exe" for "\\?\c:\windows\system32\pcadm.dll", hr=0x0
ExpensiveFile:
2025-12-10T16:19:46.086Z Scan time for `\\?\C:\WINDOWS\system32\pidgenx.dll` is 9125 units
Engine:
2025-12-10T16:19:53.053Z Setting original file name "reg.exe" for "\\?\c:\windows\system32\reg.exe", hr=0x0
Engine:
2025-12-10T16:19:53.210Z Setting original file name "register-cimprovider2.exe" for "\\?\c:\windows\system32\register-cimprovider.exe", hr=0x0
Engine:
2025-12-10T16:19:56.335Z Setting original file name "rundll32.exe" for "\\?\c:\windows\system32\rundll32.exe", hr=0x0
Engine:
2025-12-10T16:19:57.024Z Setting original file name "schtasks.exe" for "\\?\c:\windows\system32\schtasks.exe", hr=0x0
Engine:
2025-12-10T16:20:14.524Z Setting original file name "vssadmin.exe" for "\\?\c:\windows\system32\vssadmin.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x00001080ED8ECD1E, sigsha=5cb6cdf45f487e216cf3059a7d21408d2b03339e, cached=false, source=0, resourceid=0x6ba90a2d
Engine:
2025-12-10T16:21:44.391Z Triggered AR EMS scan
Engine:
2025-12-10T16:21:44.391Z EMS scan for process: lsass pid: 776, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.501Z EMS scan for process: svchost pid: 900, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.563Z EMS scan for process: svchost pid: 1000, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.579Z EMS scan for process: svchost pid: 544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.673Z EMS scan for process: svchost pid: 868, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.719Z EMS scan for process: svchost pid: 1028, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.766Z EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.829Z EMS scan for process: svchost pid: 1468, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.891Z EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.923Z EMS scan for process: svchost pid: 1716, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2025-12-10T16:21:44.970Z EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x000081E72779F4F7, sigsha=2bb8e1c3e7038475e9e3c1dcd2729621b15e48c2, cached=false, source=0, resourceid=0x6d039bf3
Internal signature match:subtype=Lowfi, sigseq=0x000081E72779F4F7, sigsha=2bb8e1c3e7038475e9e3c1dcd2729621b15e48c2, cached=false, source=0, resourceid=0xc829db20
Engine:
2025-12-10T16:22:26.695Z Setting original file name "powershell.exe" for "\\?\c:\windows\syswow64\windowspowershell\v1.0\powershell.exe", hr=0x0
Engine:
2025-12-10T16:22:26.758Z Setting original file name "powershell.exe" for "\\?\c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x000072E771B9BDEE, sigsha=49f3e58fb3437cafde656d6e3946d24d0148fd77, cached=false, source=0, resourceid=0x7efeae77
QuickScan:
2025-12-10T16:23:34.640Z ScanID:55A9AA49-9664-4759-B552-35CC0B5AAA11: Quick scan finished with error 0
2025-12-10T16:23:34.652Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2025-12-10T16:23:34.824Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-10-2025 17:23:34 (Exit Code = 0x0)
************************************************************
Code:
ATTFilter ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2025/12/10 17:09:59:600 TID:1544 PID:1512
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
Loading offline registry library returned 0x00000000
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
Binary architecture is amd64
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
UtilIsFileExists(C:\WINDOWS\SysWOW64\ntdll.dll) returned 0x00000000
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
CheckProcessorArchitecture returned 0x00000000
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
Setting target OS key: "C:\WINDOWS"
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
SetRecoveryEnvironmentKey returned 0x00000000
ERROR 2025/12/10 17:09:59:600 TID:1544 PID:1512
Unable to open the offline HKLM SYSTEM hive with 0x80070020
ERROR 2025/12/10 17:09:59:600 TID:1544 PID:1512
Unable to open the target OS HKLM\System hive with 0x80070020
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
BuildTargetOSDriveMapping returned 0x80070020
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
Searching for signatures. Default signature path: ""
INFO 2025/12/10 17:09:59:600 TID:1544 PID:1512
Searching for signatures at root of drives...
WARNING 2025/12/10 17:09:59:600 TID:1544 PID:1512
Missing definitions file in 'C:\mpam-fex64.exe'
WARNING 2025/12/10 17:09:59:616 TID:1544 PID:1512
Missing definitions file in 'D:\mpam-fex64.exe'
WARNING 2025/12/10 17:09:59:616 TID:1544 PID:1512
Missing definitions file in 'E:\mpam-fex64.exe'
WARNING 2025/12/10 17:09:59:616 TID:1544 PID:1512
Missing definitions file in 'X:\mpam-fex64.exe'
INFO 2025/12/10 17:09:59:616 TID:1544 PID:1512
Searching for signatures from installed product on target OS
ERROR 2025/12/10 17:09:59:616 TID:1544 PID:1512
Unable to open the offline HKLM SOFTWARE hive with 0x80070020
ERROR 2025/12/10 17:09:59:616 TID:1544 PID:1512
Unable to open the offline HKLM hive with 0x80070020
WARNING 2025/12/10 17:09:59:616 TID:1544 PID:1512
No signatures found in search path.
INFO 2025/12/10 17:09:59:616 TID:1544 PID:1512
SearchForSignatures returned 0x8004cc04
ERROR 2025/12/10 17:09:59:616 TID:1544 PID:1512
Unable to open the offline HKLM SOFTWARE hive with 0x80070020
INFO 2025/12/10 17:09:59:616 TID:1544 PID:1512
Initializing offline environment and service...
INFO 2025/12/10 17:09:59:710 TID:1544 PID:1512
XCopySignatures returned hr = 0x0
INFO 2025/12/10 17:10:01:803 TID:1544 PID:1512
GetTempPathW where sigs would unpack = C:\WINDOWS\Microsoft Antimalware\Tmp\
INFO 2025/12/10 17:10:01:803 TID:1544 PID:1512
Running signature update...
INFO 2025/12/10 17:10:01:803 TID:2044 PID:1512
Update started
INFO 2025/12/10 17:10:01:819 TID:800 PID:1512
Search Started (Type: 3) (Path: https://go.microsoft.com/fwlink/?LinkID=851034&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=F7F4CD20-7371-4319-B1DB-6FCFC68573EC&ostype=0&signaturetype=0&beta=0&plat=4.18.1907.16384&OsVersion=10.0.19041.1)...
INFO 2025/12/10 17:10:02:116 TID:800 PID:1512
Update failed with hr: 0x80072ee7
INFO 2025/12/10 17:10:02:116 TID:800 PID:1512
Installation Completed
INFO 2025/12/10 17:10:02:366 TID:768 PID:1512
Search Started (Type: 3) (Path: https://go.microsoft.com/fwlink/?LinkID=870379&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=F7F4CD20-7371-4319-B1DB-6FCFC68573EC&ostype=0&signaturetype=0&beta=0&plat=4.18.1907.16384&OsVersion=10.0.19041.1)...
INFO 2025/12/10 17:10:02:381 TID:768 PID:1512
Update failed with hr: 0x80072ee7
INFO 2025/12/10 17:10:02:381 TID:768 PID:1512
Installation Completed
INFO 2025/12/10 17:10:02:381 TID:2044 PID:1512
Update completed with hr: 0x80072ee7
INFO 2025/12/10 17:10:02:381 TID:1544 PID:1512
Signature update completed with 0x80072ee7
INFO 2025/12/10 17:10:02:381 TID:1544 PID:1512
Waiting for 30 seconds and going to try signature update one more time...
INFO 2025/12/10 17:10:32:402 TID:536 PID:1512
Update started
INFO 2025/12/10 17:10:32:402 TID:8 PID:1512
Search Started (Type: 3) (Path: https://go.microsoft.com/fwlink/?LinkID=851034&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=F7F4CD20-7371-4319-B1DB-6FCFC68573EC&ostype=0&signaturetype=0&beta=0&plat=4.18.1907.16384&OsVersion=10.0.19041.1)...
INFO 2025/12/10 17:10:32:402 TID:8 PID:1512
Update failed with hr: 0x80072ee7
INFO 2025/12/10 17:10:32:402 TID:8 PID:1512
Installation Completed
INFO 2025/12/10 17:10:32:402 TID:796 PID:1512
Search Started (Type: 3) (Path: https://go.microsoft.com/fwlink/?LinkID=870379&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=F7F4CD20-7371-4319-B1DB-6FCFC68573EC&ostype=0&signaturetype=0&beta=0&plat=4.18.1907.16384&OsVersion=10.0.19041.1)...
INFO 2025/12/10 17:10:32:402 TID:796 PID:1512
Update failed with hr: 0x80072ee7
INFO 2025/12/10 17:10:32:402 TID:796 PID:1512
Installation Completed
INFO 2025/12/10 17:10:32:402 TID:536 PID:1512
Update completed with hr: 0x80072ee7
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
Signature update completed with 0x80072ee7
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
AS Signature Version: 0.0.0.0
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
Engine Version: 0.0.0.0
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
Launching user interface...
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
Auto-scan mode selected...
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
Registered for notifications
INFO 2025/12/10 17:10:32:402 TID:1544 PID:1512
RunCallisto returned 0x80501002
INFO 2025/12/10 17:10:36:479 TID:1544 PID:1512
Looking for Defender registry key on target OS
INFO 2025/12/10 17:10:37:198 TID:1544 PID:1512
Changes were committed to target OS hive.
INFO 2025/12/10 17:10:37:292 TID:1544 PID:1512
SetOfflineScanRunFlag returned 0x00000000
INFO 2025/12/10 17:10:37:292 TID:1544 PID:1512
Offline scan completed with 0x80501002
FINISH 2025/12/10 17:10:37:307 TID:1516 PID:1512
START 2025/12/10 17:16:32:516 TID:1540 PID:1508
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
Loading offline registry library returned 0x00000000
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
Binary architecture is amd64
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
UtilIsFileExists(C:\WINDOWS\SysWOW64\ntdll.dll) returned 0x00000000
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
CheckProcessorArchitecture returned 0x00000000
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
Setting target OS key: "C:\WINDOWS"
INFO 2025/12/10 17:16:32:516 TID:1540 PID:1508
SetRecoveryEnvironmentKey returned 0x00000000
INFO 2025/12/10 17:16:32:656 TID:1540 PID:1508
Mapping target OS C drive to WinPE C drive
INFO 2025/12/10 17:16:32:656 TID:1540 PID:1508
Mapping target OS E drive to WinPE D drive
INFO 2025/12/10 17:16:32:672 TID:1540 PID:1508
BuildTargetOSDriveMapping returned 0x00000000
INFO 2025/12/10 17:16:32:672 TID:1540 PID:1508
Searching for signatures. Default signature path: ""
INFO 2025/12/10 17:16:32:672 TID:1540 PID:1508
Searching for signatures at root of drives...
WARNING 2025/12/10 17:16:32:672 TID:1540 PID:1508
Missing definitions file in 'C:\mpam-fex64.exe'
WARNING 2025/12/10 17:16:32:672 TID:1540 PID:1508
Missing definitions file in 'D:\mpam-fex64.exe'
WARNING 2025/12/10 17:16:32:672 TID:1540 PID:1508
Missing definitions file in 'E:\mpam-fex64.exe'
WARNING 2025/12/10 17:16:32:672 TID:1540 PID:1508
Missing definitions file in 'X:\mpam-fex64.exe'
INFO 2025/12/10 17:16:32:672 TID:1540 PID:1508
Searching for signatures from installed product on target OS
INFO 2025/12/10 17:16:33:703 TID:1540 PID:1508
Looking for Defender registry key on target OS
INFO 2025/12/10 17:16:33:703 TID:1540 PID:1508
Mapped target os path (C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02F96B77-C82F-4B1F-966B-7E2465E87BF8}) to winpe path (C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02F96B77-C82F-4B1F-966B-7E2465E87BF8})
INFO 2025/12/10 17:16:33:703 TID:1540 PID:1508
Found signatures on the target OS at C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02F96B77-C82F-4B1F-966B-7E2465E87BF8}
INFO 2025/12/10 17:16:33:781 TID:1540 PID:1508
SearchForSignatures returned 0x00000000
INFO 2025/12/10 17:16:34:796 TID:1540 PID:1508
Looking for Defender registry key on target OS
INFO 2025/12/10 17:16:34:796 TID:1540 PID:1508
Mapped target os path (C:\ProgramData\Microsoft\Windows Defender) to winpe path (C:\ProgramData\Microsoft\Windows Defender)
INFO 2025/12/10 17:16:34:874 TID:1540 PID:1508
Initializing offline environment and service...
INFO 2025/12/10 17:16:35:390 TID:1540 PID:1508
XCopySignatures returned hr = 0x0
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
GetTempPathW where sigs would unpack = C:\WINDOWS\Microsoft Antimalware\Tmp\
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Signatures are already fairly recent. Skipping sig update.
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
AS Signature Version: 1.443.15.0
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Engine Version: 1.1.25110.1
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Launching user interface...
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Auto-scan mode selected...
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Registered for notifications
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Automatic scan started
INFO 2025/12/10 17:16:45:539 TID:1540 PID:1508
Launched Console UI, waiting...
INFO 2025/12/10 17:23:34:652 TID:1548 PID:1508
CALLBACK: Scan complete. hResult=0x0, threat count=0
INFO 2025/12/10 17:23:34:652 TID:1540 PID:1508
Wait finished (Scan signaled)
INFO 2025/12/10 17:23:34:652 TID:1540 PID:1508
Getting results from scan...
INFO 2025/12/10 17:23:34:652 TID:1540 PID:1508
Scan completed successfully, attempting to clean any active malware. Number of threats from scan: 0
INFO 2025/12/10 17:23:34:652 TID:1540 PID:1508
RunCallisto returned 0x00000000
INFO 2025/12/10 17:23:34:652 TID:1540 PID:1508
PreserveCallistoDetections returned 0x00000000
INFO 2025/12/10 17:23:38:727 TID:1540 PID:1508
Looking for Defender registry key on target OS
INFO 2025/12/10 17:23:39:294 TID:1540 PID:1508
Changes were committed to target OS hive.
INFO 2025/12/10 17:23:39:372 TID:1540 PID:1508
SetOfflineScanRunFlag returned 0x00000000
INFO 2025/12/10 17:23:39:372 TID:1540 PID:1508
Offline scan completed with 0x00000000
FINISH 2025/12/10 17:23:39:386 TID:1512 PID:1508
Geändert von logposter (10.12.2025 um 19:23 Uhr) |
| Themen zu Anhang und Link aus Spam-Mail angeklickt |
| andere, angeklickt, angreifer, anhang, beiträge, defender, erkenne, erkennen, gefunde, gen, https, installier, installiert, keylogger, link, log-in, malware, nichts, phishing - mail, privat, rechner, umleitungen, unternehmen, virus, virustotal, zwischen |
Baum-Darstellung