[Closed] Trojan:MSIL/Malgent!MSR in infinitedocsapp.exe

[pt11]

Windows Defender detected infinitedocsapp.exe as a trojan.
It detected it only today, although the creation date of infinitedocsapp.exe in file explorer is 02.09.2025.
The detection triggered when selecting the file in file explorer (without executing it). If the file was executed in the past, is unknown.
infinitedocsapp.exe was moved to quarantine, then I restored it to upload to Virustotal and then deleted it to recycle bin.

VirusTotal

VirusTotal

www.virustotal.com

Windows 10 ESU
MS Office 2007: Yes, I know it is outdated and should be replaced.
The 2 backup jobs in Windows Task Scheduler were set up by me.

In Addition.txt under "Other Areas" infinitedocsapp.exe is listed as HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\MYUSER\Downloads\infinitedocsapp.exe
I think that this was caused by quarantining and then restoring the file from quarantine.

Now, neither Malwarebytes nor Windows defender offline scan find anything.

What should I do?
Thanks!

Malwarebytes
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/11/2026
Scan Time: 3:18 PM
Log File: e69ea3ba-35a8-11f1-8730-8c1645aebadd.json

-Software Information-
Version: 5.5.3.246
Components Version: 153.1.5565
Update Package Version: 1.0.108582
License: Trial

-System Information-
OS: Windows 10 (Build 19045.7058)
CPU: x64
File System: NTFS
User: LENOVO_V320\MYUSER

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234244
Threats Detected: 0
Threats Quarantined: 0
Scan Duration: 10 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-04-2026 01
Ran by Admin (administrator) on LENOVO_V320 (LENOVO 81CN) (11-04-2026 17:08:34)
Running from C:\Users\MYUSER\Desktop\Farbar04\FRST64English.exe
Loaded Profiles: Admin & MYUSER & PBackupReader
Platform: Microsoft Windows 10 Home Version 22H2 19045.7058 (X64) Language: Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxEM.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIM1E.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E1YATIBEE.EXE <3>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_767e7683f9ad126c\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerShell\7\pwsh.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3274640 2023-06-03] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [684256 2025-09-15] (Geek Software GmbH -> geek software GmbH)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-26] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [982888 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1320808 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2765952 2024-10-01] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\146.0.3856.109\Installer\setup.exe [5064744 2026-04-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5902496 2019-11-20] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (No File)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000004] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [EPLTarget\P0000000000000005] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBEE.EXE [484712 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Run: [ConnectDetector] => C:\Users\MYUSER2\AppData\Roaming\Adobe\Connect\connectdetector.exe [640696 2021-04-19] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\WINDOWS\system32\EFXLM16A.DLL [193192 2025-04-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-2760 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBM1E.DLL [180224 2014-03-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-2950 Series 64MonitorBE: C:\WINDOWS\system32\E1YLMBBEE.DLL [247976 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [3182776 2025-02-20] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9B17CCAF-1AAE-4CCE-BDC2-ECB222A927FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1612800 2026-01-23] (Adobe Inc. -> Adobe Inc.)
Task: {A35B1A28-FE21-4E7C-B582-013CE0E6D50B} - System32\Tasks\Backup HN => C:\Program Files\PowerShell\7\pwsh.exe [295456 2026-03-12] (Microsoft Corporation -> Microsoft Corporation) -> C:\PBackup\Backup_Home_Network_FP.ps1
Task: {16DF60B5-A35D-4CF5-826C-D5DDADC3D23E} - System32\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400} => C:\Windows\System32\spool\drivers\x64\3\E1YTSBEE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {23AC5DA0-E917-4C13-925E-A351C795B3B7} - System32\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20} => C:\Windows\System32\spool\drivers\x64\3\E1YTSBEE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {7353F222-5B8B-4577-884D-FDC792CCD912} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1164676345-3952839655-4202876673-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [705152 2026-04-08] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {C2AD54AA-ADB5-478A-B499-1C169EDA31C4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33920 2026-04-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {6B5FBE77-CBD7-4344-A35D-E0521FF6F58A} - System32\Tasks\Pull Backup => C:\Program Files\PowerShell\7\pwsh.exe [295456 2026-03-12] (Microsoft Corporation -> Microsoft Corporation) -> "C:\PBackup\Backup_Home_Network_Pull_FP.ps1"
Task: {9B8BE6CA-0633-4A08-8268-53E0158B63B4} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A59A7EC3-1542-4409-A929-1EB6A6D416AE} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0075E609-14A8-47D1-A025-5EB364E327EE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6EE109BD-EFDE-4106-89C2-65EB794451B4} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1164676345-3952839655-4202876673-1002 => C:\Users\MYUSER\AppData\Roaming\Zoom\bin\Zoom.exe [507784 2026-03-16] (Zoom Communications, Inc. -> Zoom Communications, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {164366C3-8184-49FB-AF42-533F58DEB400}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBEE.EXE:/EXE:{164366C3-8184-49FB-AF42-533F58DEB400} /F:UpdateWORKGROUP\LENOVO_V320$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2950 Series Update {786FFD92-353A-4C78-9D0F-2934D74C9F20}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBEE.EXE:/EXE:{786FFD92-353A-4C78-9D0F-2934D74C9F20} /F:UpdateWORKGROUP\LENOVO_V320$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\35472716E64686165737: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\35472716E64686165737: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4D2937343731393: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4D2937343731393: [DhcpDomain] Speedport_W_724V_09011603_06_010
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F505F525: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F505F525: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F573237303F505: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\75C414E4F573237303F505: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\84165737845726562747573775B4: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\84165737845726562747573775B4: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\C48434D274163747: [DhcpNameServer] 192.168.140.2
Tcpip\..\Interfaces\{43739e99-91bc-4b0c-949c-eb222d6a40d7}\C48434D274163747: [DhcpDomain] lhc.local
Tcpip\..\Interfaces\{87370ca0-e7f0-4e15-9f70-3302ca52c6b6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{87370ca0-e7f0-4e15-9f70-3302ca52c6b6}: [DhcpDomain] fritz.box

FireFox:
========
FF TaskBarID: 308046B0AF4A39CB -> C:\Program Files\Mozilla Firefox
FF DefaultProfile: 04gwl9u1.default-release -> 308046B0AF4A39CB
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xu2jle4c.default [2019-11-20]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release [2025-10-14]
FF Extension: (New Tab) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\Extensions\newtab@mozilla.org.xpi [2025-10-03]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-10-13]
FF Extension: (Data Leak Blocker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\04gwl9u1.default-release\features\{772b0499-7b27-4a92-8fa4-1c4de1e41a07}\data-leak-blocker@mozilla.com.xpi [2025-10-13]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corporation -> Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2026-04-01] (Adobe Inc. -> Adobe Systems Inc.)

Edge:
=======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-05]
Edge Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-08-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [180216 2026-01-23] (Adobe Inc. -> Adobe Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [222768 2025-04-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11467392 2026-04-11] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-04-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpDefenderCoreService.exe [2088128 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [684256 2025-09-15] (Geek Software GmbH -> geek software GmbH)
R2 VeraCryptSystemFavorites; C:\Windows\system32\VeraCrypt.exe [5902496 2019-11-20] (IDRIX SARL -> IDRIX)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\NisSrv.exe [4451664 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MsMpEng.exe [290704 2026-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287232 2022-06-17] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [159296 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt.sys [212584 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [81000 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [190096 2026-04-11] (Malwarebytes Inc -> Malwarebytes)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2020-09-11] (Microsoft Corporation) [File not signed]
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [828256 2019-11-20] (IDRIX SARL -> IDRIX)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21888 2026-03-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [641416 2026-03-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [103816 2026-03-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-04-11 16:52 - 2026-04-11 16:52 - 000000000 ____D C:\Users\Admin\AppData\Local\Malwarebytes
2026-04-11 16:00 - 2026-04-11 16:00 - 000000000 ____D C:\Users\PBackupReader\AppData\Local\Malwarebytes
2026-04-11 15:15 - 2026-04-11 15:20 - 000000000 ____D C:\Users\MYUSER\AppData\LocalLow\IGDump
2026-04-11 15:15 - 2026-04-11 15:15 - 000190096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2026-04-11 15:14 - 2026-04-11 17:09 - 000000000 ____D C:\Users\MYUSER\AppData\Local\Malwarebytes
2026-04-11 15:14 - 2026-04-11 15:14 - 085196800 _____ C:\WINDOWS\system32\config\SOFTWARE
2026-04-11 15:13 - 2026-04-11 15:13 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2026-04-11 15:13 - 2026-04-11 15:13 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2026-04-11 15:12 - 2026-04-11 15:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2026-04-11 15:12 - 2026-04-11 15:12 - 000000000 ____D C:\Program Files\Malwarebytes
2026-04-11 13:44 - 2026-04-11 17:08 - 000000000 ____D C:\Users\MYUSER\Desktop\Farbar04
2026-04-11 13:42 - 2026-04-11 17:08 - 000000000 ____D C:\FRST
2026-04-09 19:51 - 2026-04-11 14:18 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2026-04-08 12:06 - 2026-04-11 14:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2026-04-06 20:30 - 2026-04-06 20:30 - 000530880 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-HSG5a-2025-3.pdf
2026-04-06 20:30 - 2026-04-06 20:30 - 000530880 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-HSG5a-2025-2.pdf
2026-04-06 20:28 - 2026-04-06 20:28 - 000678158 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-Elementar-HSG5a-2025-1.pdf
2026-04-06 20:28 - 2026-04-06 20:28 - 000678158 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-Elementar-HSG5a-2025.pdf
2026-04-06 20:28 - 2026-04-06 20:28 - 000530880 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-HSG5a-2025-1.pdf
2026-04-06 20:28 - 2026-04-06 20:28 - 000530880 _____ C:\Users\MYUSER\Downloads\Allianz-Beitrag-WGVers-HSG5a-2025.pdf
2026-04-06 20:25 - 2026-04-06 20:25 - 000510671 _____ C:\Users\MYUSER\Downloads\Rech-2025-2.pdf
2026-04-06 20:25 - 2026-04-06 20:25 - 000510671 _____ C:\Users\MYUSER\Downloads\Rech-2025-1.pdf
2026-04-06 20:25 - 2026-04-06 20:25 - 000510671 _____ C:\Users\MYUSER\Downloads\Rech-2025.pdf
2026-04-06 20:21 - 2026-04-06 20:21 - 000371873 _____ C:\Users\MYUSER\Downloads\Rech-SW-2025-ALLE-3.pdf
2026-04-06 20:21 - 2026-04-06 20:21 - 000371873 _____ C:\Users\MYUSER\Downloads\Rech-SW-2025-ALLE-2.pdf
2026-04-06 20:21 - 2026-04-06 20:21 - 000371873 _____ C:\Users\MYUSER\Downloads\Rech-SW-2025-ALLE-1.pdf
2026-04-06 20:19 - 2026-04-06 20:19 - 000371873 _____ C:\Users\MYUSER\Downloads\Rech-SW-2025-ALLE.pdf
2026-04-02 09:35 - 2026-04-02 09:35 - 000083845 _____ C:\Users\MYUSER\Downloads\2026_Nr.003_Kontoauszug_vom_2026.04.01_20260402093545.pdf
2026-04-02 09:35 - 2026-04-02 09:35 - 000051698 _____ C:\Users\MYUSER\Downloads\2026_Wir informieren Sie - Ihre Kontoabrechnung_vom_2026.04.01_20260402093516.pdf
2026-04-02 09:34 - 2026-04-02 09:34 - 000053692 _____ C:\Users\MYUSER\Downloads\2026_Mitteilung_vom_2026.04.01_20260402093434.pdf
2026-04-02 09:33 - 2026-04-02 09:33 - 000075189 _____ C:\Users\MYUSER\Downloads\4_2026_Nr.003_Kontoauszug_vom_2026.04.01_20260402093330.pdf
2026-04-02 09:31 - 2026-04-02 09:31 - 000049790 _____ C:\Users\MYUSER\Downloads\4_2026_Mitteilung_vom_2026.04.01_20260402093129.pdf
2026-03-30 15:49 - 2026-03-30 15:49 - 000194181 _____ C:\Users\MYUSER\Downloads\coupon.pdf
2026-03-25 13:24 - 2026-03-25 13:24 - 000011307 _____ C:\Users\MYUSER\Desktop\BK 2025_Aufstellung.xlsx
2026-03-25 11:21 - 2026-03-25 11:21 - 000000000 ____D C:\Program Files\PowerShell
2026-03-18 17:47 - 2026-03-18 17:47 - 000301182 _____ C:\Users\MYUSER\Downloads\Steckbrief.pdf
2026-03-18 16:00 - 2026-03-18 16:00 - 000453919 _____ C:\Users\MYUSER\Downloads\Märchen UB HS2.pdf
2026-03-17 13:52 - 2026-03-17 13:52 - 000044890 _____ C:\Users\MYUSER\Downloads\2026_Limit im Online-Banking geändert_vom_2026.03.11_20260317125222290.pdf
2026-03-17 13:52 - 2026-03-17 13:52 - 000044890 _____ C:\Users\MYUSER\Downloads\2026_Limit im Online-Banking geändert_vom_2026.03.04_20260317125240163.pdf
2026-03-17 13:52 - 2026-03-17 13:52 - 000044887 _____ C:\Users\MYUSER\Downloads\2026_Limit im Online-Banking geändert_vom_2026.03.02_20260317125257610.pdf
2026-03-17 13:52 - 2026-03-17 13:52 - 000044821 _____ C:\Users\MYUSER\Downloads\2026_Limit im Online-Banking geändert_vom_2026.03.05_20260317125235666.pdf
2026-03-17 13:52 - 2026-03-17 13:52 - 000044821 _____ C:\Users\MYUSER\Downloads\2026_Limit im Online-Banking geändert_vom_2026.03.04_20260317125246844.pdf
2026-03-16 21:34 - 2026-03-16 21:34 - 000000000 ____D C:\Users\MYUSER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2026-03-13 12:31 - 2026-03-13 12:31 - 000221757 _____ C:\Users\MYUSER\Downloads\2nvgw5k__ZUM WOHLFÜHLEN_ - IDEAL FÜR EIN PÄRCHEN - gemütliche 3-Zimmer-Wohnung in guter Wohnlage.-4.pdf

==================== One month (modified) ==================
f
(If an entry is included in the fixlist, the file/folder will be moved.)

2026-04-11 17:07 - 2021-03-31 09:22 - 000000000 ____D C:\Temp
2026-04-11 17:05 - 2020-08-02 19:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-04-11 17:05 - 2019-11-20 18:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2026-04-11 16:53 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-04-11 15:14 - 2025-12-10 18:09 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2026-04-11 15:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2026-04-11 15:13 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2026-04-11 14:56 - 2022-02-14 06:55 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2026-04-11 14:49 - 2019-11-20 18:16 - 221154392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2026-04-11 14:21 - 2020-08-02 19:25 - 001632024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-04-11 14:21 - 2019-12-07 16:50 - 000707316 _____ C:\WINDOWS\system32\perfh007.dat
2026-04-11 14:21 - 2019-12-07 16:50 - 000142574 _____ C:\WINDOWS\system32\perfc007.dat
2026-04-11 14:20 - 2021-12-19 18:58 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-04-11 14:18 - 2019-11-20 17:43 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2026-04-11 14:18 - 2019-11-20 16:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2026-04-11 14:15 - 2020-08-02 19:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-04-11 14:15 - 2020-08-02 19:17 - 000008192 ___SH C:\DumpStack.log.tmp
2026-04-11 14:15 - 2019-11-20 17:16 - 000000000 __SHD C:\Users\MYUSER\IntelGraphicsProfiles
2026-04-11 14:07 - 2019-12-07 11:03 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2026-04-11 07:14 - 2020-08-02 19:21 - 000003754 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-04-11 07:14 - 2020-08-02 19:21 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2026-04-10 20:24 - 2023-11-25 16:42 - 000000000 ___HD C:\Backup_From_NP
2026-04-10 13:02 - 2019-11-21 11:04 - 000000000 ____D C:\Users\MYUSER\AppData\Roaming\KeePass
2026-04-10 12:20 - 2019-11-20 17:32 - 000000000 ____D C:\Users\MYUSER\AppData\Roaming\Microsoft\Word
2026-04-10 12:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-04-10 09:04 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2026-04-09 14:09 - 2017-05-17 23:39 - 000000000 ____D C:\Users\MYUSER\Desktop\DATEN LIEGENSCHAFTEN
2026-04-09 06:26 - 2019-11-20 16:56 - 000000000 ____D C:\ProgramData\Realtek
2026-04-09 06:26 - 2019-11-20 16:27 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2026-04-09 06:25 - 2023-12-16 17:30 - 000000000 ____D C:\Users\PBackup
2026-04-09 06:25 - 2023-12-02 15:56 - 000000000 ____D C:\Users\PBackupReader
2026-04-09 06:25 - 2020-08-02 18:56 - 000000000 ____D C:\Users\MYUSER
2026-04-08 12:06 - 2025-12-15 08:21 - 000392320 _____ (Mozilla Foundation) C:\Users\MYUSER\Desktop\Firefox.exe
2026-04-07 17:11 - 2020-08-02 17:43 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-04-07 17:11 - 2020-08-02 17:43 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-04-06 21:04 - 2017-05-17 23:39 - 000000000 ____D C:\Users\MYUSER\Desktop\KORRESPONDENZ - BLANKO
2026-04-06 18:42 - 2019-11-25 10:00 - 000000000 ____D C:\Users\MYUSER\AppData\Roaming\Microsoft\Excel
2026-04-04 16:02 - 2020-08-02 18:56 - 000000000 ____D C:\Users\Admin
2026-04-03 18:22 - 2022-10-13 11:20 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2026-03-26 20:27 - 2019-11-20 15:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2026-03-25 11:21 - 2023-11-30 13:49 - 000000000 ____D C:\ProgramData\Package Cache
2026-03-25 11:21 - 2023-11-25 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2026-03-22 12:56 - 2019-11-20 17:30 - 000000000 ____D C:\Users\MYUSER\AppData\Local\D3DSCache
2026-03-21 16:23 - 2020-08-02 19:17 - 000298656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2026-03-21 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2026-03-21 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2026-03-21 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2026-03-21 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2026-03-17 20:33 - 2022-10-13 11:20 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2026-03-17 09:45 - 2025-03-11 11:59 - 000000000 ____D C:\Users\MYUSER\AppData\Roaming\Zoom
2026-03-16 21:34 - 2025-03-11 11:59 - 000004254 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1164676345-3952839655-4202876673-1002
2026-03-12 13:43 - 2017-05-17 23:39 - 000000000 ____D C:\Users\MYUSER\Desktop\SONSTIGES

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-04-2026 01
Ran by Admin (11-04-2026 17:09:33)
Running from C:\Users\MYUSER\Desktop\Farbar04
Microsoft Windows 10 Home Version 22H2 19045.7058 (X64) (2020-08-02 17:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-1164676345-3952839655-4202876673-1001 - Administrators - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1164676345-3952839655-4202876673-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-1164676345-3952839655-4202876673-503 - Limited - Disabled)
MYUSER (S-1-5-21-1164676345-3952839655-4202876673-1002 - Limited - Enabled) => C:\Users\MYUSER
Gast (S-1-5-21-1164676345-3952839655-4202876673-501 - Limited - Disabled)
MYUSER2 (S-1-5-21-1164676345-3952839655-4202876673-1003 - Limited - Enabled) => C:\Users\MYUSER2
PBackup (S-1-5-21-1164676345-3952839655-4202876673-1005 - Administrators - Enabled) => C:\Users\PBackup
PBackupReader (S-1-5-21-1164676345-3952839655-4202876673-1004 - Limited - Enabled) => C:\Users\PBackupReader
WDAGUtilityAccount (S-1-5-21-1164676345-3952839655-4202876673-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {A537353A-1D6A-F6B5-9153-CE1CF80FBE66}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat Reader - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 26.001.21367 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.)
Adobe Connect (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Adobe Connect App) (Version: 2021.3.27.64 - Adobe Systems Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601149}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.)
Epson Event Manager (HKLM-x32\...\{5E51EA28-9CED-4B92-A636-A71E40D48D50}) (Version: 3.11.82 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.04.02.04 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{3E43D194-E18D-4C8A-B36D-15F14395A0A6}) (Version: 3.4.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{8D3E35BD-10F6-42A9-8F4D-F9BE5F51D477}) (Version: 3.7.17 - Seiko Epson Corporation)
EPSON WF-2760 Series Printer Uninstall (HKLM\...\EPSON WF-2760 Series) (Version: - Seiko Epson Corporation)
EPSON WF-2950 Series Printer Uninstall (HKLM\...\EPSON WF-2950 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{DB5EDF09-A7A7-47FA-B365-A7500A472878}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Git version 2.24.1.2 (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\Git_is1) (Version: 2.24.1.2 - The Git Development Community)
KeePass Password Safe 2.54 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.54 - Dominik Reichl)
Malwarebytes version 5.5.3.246 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.5.3.246 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 146.0.3856.109 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 146.0.3856.109 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel MUI (German) 2007 (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (HKLM-x32\...\{90120000-00A1-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (HKLM-x32\...\{90120000-002C-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}) (Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (HKLM\...\{90120000-002A-0407-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (HKLM-x32\...\{90120000-006E-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\OneDriveSetup.exe) (Version: 24.156.0804.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27024 (HKLM-x32\...\{7258184A-EC44-4B1A-A7D3-68D85A35BFD0}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27024 (HKLM-x32\...\{5EEFCEFB-E5F7-4C82-99A5-813F04AA4FBD}) (Version: 14.16.27024 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox) (Version: 149.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0 - Mozilla)
Mozilla Thunderbird ESR (x64 de) (HKLM\...\Mozilla Thunderbird 140.9.1 ESR (x64 de)) (Version: 140.9.1 - Mozilla)
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PDF24 Creator 11.28.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.28.2 - Geek Software GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerShell 7.5.5.0-x64 (HKLM-x32\...\{cac8e818-d8ea-4633-a39f-8604cb101a19}) (Version: 7.5.5.0 - Microsoft Corporation)
PowerShell 7-x64 (HKLM\...\{634F4903-28DC-4BA6-A39F-4B3E394D4E36}) (Version: 7.5.5.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Hotfix1 - IDRIX)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom Workplace (HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\ZoomUMX) (Version: 6.7.8 (32670) - Zoom Communications, Inc.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2025-07-21] ()
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2024-08-24] (INTEL CORP)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-08-14] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1164676345-3952839655-4202876673-1002_Classes\CLSID\{5e4ed412-4bc5-4b5b-9b66-14aa2d4e0197}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1164676345-3952839655-4202876673-1002_Classes\CLSID\{751BB081-8510-4638-89C0-E8CF50F7B1BD}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Acrobat Elements\ContextMenuShim64.dll [2026-02-17] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-04-11] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-04-11] (Malwarebytes Inc -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-12-16 17:01 - 2023-06-20 10:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-02-14 13:52 - 2022-02-23 11:59 - 000000441 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.178.1
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
WLAN: Realtek 8821CE Wireless LAN 802.11ac PCI-E NIC -> rtwlane.sys

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\Control Panel\Desktop\\Wallpaper -> c:\users\MYUSER\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\josi und milow.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1164676345-3952839655-4202876673-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\MYUSER\Downloads\infinitedocsapp.exe


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_83786084B7B453946D75401B0D3CE158"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{469EAB48-EB9E-4E5D-9E8F-DD35AE800B14}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => No File
FirewallRules: [TCP Query User{3B55B160-B3F7-48EC-899E-6FAED4A45A19}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => No File
FirewallRules: [UDP Query User{297D1CAF-B214-48FF-BC93-9C908EAC703F}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => No File
FirewallRules: [TCP Query User{D4E0D385-89DA-456C-A9C2-8B09B5B9C0A4}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => No File
FirewallRules: [{7A03987C-D06A-41E3-8704-B03EAE296B8A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{FCEF4839-B921-49E8-BEC3-76348CCFC7EB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{72C6D46F-6D94-4AC4-BD11-5082AAC017E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FFF428F9-A024-422E-806B-60CC683C7EB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3A565074-B858-4230-80E3-8F61F5BE84EF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2039BF60-4BA2-48D2-AF42-C4BE037DAA1E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{04A33EED-6BE2-479F-9BE1-7B7315672C75}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C761D4F6-1FF7-48D1-9D4E-E56F3BA9D6BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB482C7B-C358-4588-85B9-F299604C6256}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E62F9F03-ED31-4A34-A958-6A00BC641186}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{10B68C30-2868-4E0C-8B30-CD72306DD730}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => No File
FirewallRules: [UDP Query User{D252CBF0-BA55-4BBB-957B-4AB00116AF2F}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => No File
FirewallRules: [{49D87F2A-DDCC-46FD-9880-87572175CA82}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{FF7C209B-02A1-4E9A-8F8A-5B32896B30AD}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{BB2036C2-B3F1-4090-B3AA-20ABDFBCF3BE}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{07A0E6AA-1071-4286-9904-16F47A92ECB7}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Restore Points =========================

10-04-2026 09:03:50 Geplanter Prüfpunkt

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/09/2026 06:26:58 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (04/09/2026 06:26:58 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (03/30/2026 04:13:35 PM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (03/30/2026 04:13:35 PM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (03/21/2026 04:23:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..

Error: (03/21/2026 04:23:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]

Error: (03/21/2026 04:22:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..

Error: (03/21/2026 04:22:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]


System errors:
=============
Error: (04/11/2026 02:20:08 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Aktualisierte Zertifikate für den sicheren Start sind auf diesem Gerät verfügbar, wurden aber noch nicht auf die Firmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und den vollständigen Schutz aufrechtzuerhalten. Diese Geräte-Signaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
Weitere Informationen finden Sie unter Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Error: (04/11/2026 02:05:51 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Aktualisierte Zertifikate für den sicheren Start sind auf diesem Gerät verfügbar, wurden aber noch nicht auf die Firmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und den vollständigen Schutz aufrechtzuerhalten. Diese Geräte-Signaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
Weitere Informationen finden Sie unter Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Error: (04/11/2026 01:58:41 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO_V320)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (04/09/2026 06:31:34 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Aktualisierte Zertifikate für den sicheren Start sind auf diesem Gerät verfügbar, wurden aber noch nicht auf die Firmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und den vollständigen Schutz aufrechtzuerhalten. Diese Geräte-Signaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
Weitere Informationen finden Sie unter Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Error: (04/04/2026 07:07:15 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Aktualisierte Zertifikate für den sicheren Start sind auf diesem Gerät verfügbar, wurden aber noch nicht auf die Firmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und den vollständigen Schutz aufrechtzuerhalten. Diese Geräte-Signaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
Weitere Informationen finden Sie unter Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Error: (04/04/2026 07:02:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎04.‎2026 um 22:41:19 unerwartet heruntergefahren.

Error: (03/21/2026 04:29:30 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Aktualisierte Zertifikate für den sicheren Start sind auf diesem Gerät verfügbar, wurden aber noch nicht auf die Firmware angewendet. Lesen Sie den veröffentlichten Leitfaden, um das Update abzuschließen und den vollständigen Schutz aufrechtzuerhalten. Diese Geräte-Signaturinformationen sind hier enthalten.
DeviceAttributes: FirmwareVersion:6JCN24WW;OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_81CN_BU_idea_FM_V320-17IKB;OSArchitecture:amd64;
BucketId: 299abc94dc7a0dc40e0f1982d0f5b13abad5b72bda9fd0c353e93130c04cbbe5
BucketConfidenceLevel: Under Observation - More Data Needed
UpdateType:
Weitere Informationen finden Sie unter Windows Secure Boot certificate expiration and CA updates - Microsoft Support.

Error: (03/21/2026 04:23:45 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "UsoSvc" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{B91D5831-B1BD-4608-8198-D72E155020F7}


Windows Defender:
================
Date: 2026-04-11 14:52:23
Description:
Microsoft Defender Antivirus ŝčαⁿ ћªŝ вëëπ šţοφφèδ ьēƒόґ℮ сǿmрľëтίóп.%ń %τŚćåй ĨÐ:%в{1F86CA17-1BBD-4F3E-9D82-2CD4DC16C439}%ⁿ %ťŚςдπ Ŧÿφē:%ъAntimalware%й %ŧŚςåʼn Рãгªmётєŕŝ:%вVollständige Überprüfung%ņ %ťŪśεґ:%ьLENOVO_V320\MYUSER%η %τŠŧőр Ŕєäŝöи:%ъŬňќйοẃη

Date: 2026-04-11 14:52:23
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:

Trojan:MSIL/Malgent!MSR threat description - Microsoft Security Intelligence

Name: Trojan:MSIL/Malgent!MSR
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\$Recycle.Bin\S-1-5-21-1164676345-3952839655-4202876673-1002\$RH4L2ZT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Benutzer
Benutzer: LENOVO_V320\MYUSER
Prozessname: Unknown
Sicherheitsversion: AV: 1.449.34.0, AS: 1.449.34.0, NIS: 1.449.34.0
Modulversion: AM: 1.1.26030.3008, NIS: 1.1.26030.3008

Date: 2026-04-11 13:17:26
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:

Trojan:MSIL/Malgent!MSR threat description - Microsoft Security Intelligence

Name: Trojan:MSIL/Malgent!MSR
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\MYUSER\Downloads\infinitedocsapp.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: LENOVO_V320\MYUSER
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.449.34.0, AS: 1.449.34.0, NIS: 1.449.34.0
Modulversion: AM: 1.1.26030.3008, NIS: 1.1.26030.3008

Date: 2026-04-10 09:04:44
Description:
Microsoft Defender Antivirus ŝčαⁿ ћªŝ вëëπ šţοφφèδ ьēƒόґ℮ сǿmрľëтίóп.%ń %τŚćåй ĨÐ:%в{FC24BD76-2282-4E79-B73B-53FEA714F255}%ⁿ %ťŚςдπ Ŧÿφē:%ъAntimalware%й %ŧŚςåʼn Рãгªmётєŕŝ:%вSchnellüberprüfung%ņ %ťŪśεґ:%ьNT-AUTORITÄT\SYSTEM%η %τŠŧőр Ŕєäŝöи:%ъŞсĥěðúℓêδ šćàņ ẅáś ŝκїррєð ъёćáμşē τħё ŀąѕţ ѕůсςзşѕƒµĺ šςǻň ẅàŝ щϊτħϊŋ тĥе łâśť 7 ðãŷś

Date: 2026-04-09 14:01:51
Description:
Microsoft Defender Antivirus ŝčαⁿ ћªŝ вëëπ šţοφφèδ ьēƒόґ℮ сǿmрľëтίóп.%ń %τŚćåй ĨÐ:%в{27696C64-D5DF-411D-9DE0-0534B6416AD5}%ⁿ %ťŚςдπ Ŧÿφē:%ъAntimalware%й %ŧŚςåʼn Рãгªmётєŕŝ:%вSchnellüberprüfung%ņ %ťŪśεґ:%ьNT-AUTORITÄT\SYSTEM%η %τŠŧőр Ŕєäŝöи:%ъЃΡÇ čбʼnиěċŧíоñ ŗύйđòώη
Event[0]:

Date: 2025-12-10 17:15:09
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.

CodeIntegrity:
===============
Date: 2026-04-11 15:22:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2026-04-11 15:15:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-04-01 11:47:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1cb41c9af98b1ce8\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 6JCN24WW 02/24/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 64%
Total physical RAM: 8066.72 MB
Available physical RAM: 2846.13 MB
Total Virtual: 15746.72 MB
Available Virtual: 10380.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:236.71 GB) (Free:77.05 GB) (Model: INTEL SSDSC2KW256G8L) NTFS

\\?\Volume{3efd4058-3c73-4c33-a477-278f3e1b317b}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ce35a82-5f03-456e-b76b-e280b31781f4}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{7dc0a558-4dce-41f7-96d3-0cd1155c3259}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A932EAC0)

Partition: GPT.

==================== End of Addition.txt =======================

 

[icotonev]

Hello..! Welcome to MalwareTips..! My name is icotonev and I'm here to help you remove malware ..!
There are no obvious signs of an active infection..!

Farbar Recovery Scan Tool Fix

• Right click on the FRST64 icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (No File)
C:\Users\MYUSER\Downloads\infinitedocsapp.exe
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\...\StartupApproved\Run: => "Skype for Desktop"
FirewallRules: [UDP Query User{469EAB48-EB9E-4E5D-9E8F-DD35AE800B14}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => No File
FirewallRules: [TCP Query User{3B55B160-B3F7-48EC-899E-6FAED4A45A19}C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe] => (Block) C:\program files\jetbrains\intellij idea 2020.1.4\bin\idea64.exe => No File
FirewallRules: [UDP Query User{297D1CAF-B214-48FF-BC93-9C908EAC703F}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => No File
FirewallRules: [TCP Query User{D4E0D385-89DA-456C-A9C2-8B09B5B9C0A4}C:\program files\java\jdk-14.0.2\bin\java.exe] => (Block) C:\program files\java\jdk-14.0.2\bin\java.exe => No File
FirewallRules: [{7A03987C-D06A-41E3-8704-B03EAE296B8A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [{FCEF4839-B921-49E8-BEC3-76348CCFC7EB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File
FirewallRules: [TCP Query User{10B68C30-2868-4E0C-8B30-CD72306DD730}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => No File
FirewallRules: [UDP Query User{D252CBF0-BA55-4BBB-957B-4AB00116AF2F}C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe] => (Allow) C:\users\admin\appdata\local\temp\2k7r8xkbxiftomlxeuzakdfbdhs\onvue.exe => No File
FirewallRules: [{49D87F2A-DDCC-46FD-9880-87572175CA82}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{FF7C209B-02A1-4E9A-8F8A-5B32896B30AD}] => (Allow) C:\Users\Admin\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File

CMD: netsh int ip reset
CMD: ipconfig /flushDNS

CMD: sfc /scannow
CMD: DISM /Online /Cleanup-Image /CheckHealth

EmptyTemp:
End::

• Click Fix
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

In your next reply, please include:

• Fixlog.txt

 

[pt11]

Thanks!

I have not tried the script, yet, but is it really valid syntax?
The middle part after CloseProcesses: seems like output from the log without directives for the fix.

Maybe like this?

Start::
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus]
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\Software\Microsoft\Windows\CurrentVersion\Run: [Skype for Desktop]
C:\Users\MYUSER\Downloads\infinitedocsapp.exe
HKU\S-1-5-21-1164676345-3952839655-4202876673-1001\Software\Microsoft\Windows\CurrentVersion\Run: [Skype for Desktop]
HKU\S-1-5-21-1164676345-3952839655-4202876673-1002\Software\Microsoft\Windows\CurrentVersion\Run: [Skype for Desktop]

FirewallRules: [{469EAB48-EB9E-4E5D-9E8F-DD35AE800B14}]
FirewallRules: [{3B55B160-B3F7-48EC-899E-6FAED4A45A19}]
FirewallRules: [{297D1CAF-B214-48FF-BC93-9C908EAC703F}]
FirewallRules: [{D4E0D385-89DA-456C-A9C2-8B09B5B9C0A4}]
FirewallRules: [{7A03987C-D06A-41E3-8704-B03EAE296B8A}]
FirewallRules: [{FCEF4839-B921-49E8-BEC3-76348CCFC7EB}]
FirewallRules: [{10B68C30-2868-4E0C-8B30-CD72306DD730}]
FirewallRules: [{D252CBF0-BA55-4BBB-957B-4AB00116AF2F}]
FirewallRules: [{49D87F2A-DDCC-46FD-9880-87572175CA82}]
FirewallRules: [{FF7C209B-02A1-4E9A-8F8A-5B32896B30AD}]

CMD: netsh int ip reset
CMD: ipconfig /flushdns

CMD: sfc /scannow
CMD: DISM /Online /Cleanup-Image /CheckHealth

EmptyTemp:
End::

 

[icotonev]

Maybe like this?

I don't understand what you're getting at... Don't you want help...?

 

[icotonev]

I strongly recommend that you follow my instructions...! If you don't want to do that, just let me know and the thread will be closed..!

 

[icotonev]

A few notes: In Addition.txt, you can see that the file: C:\Users\MYUSER\Downloads\infinitedocsapp.exe
ended up in Defender Exclusions → likely due to a restore-from-quarantine operation. There are no other traces of it on your system. The system appears clean based on all available scans..! You can delete the file by following these instructions:

Add or Remove Microsoft Defender Antivirus Exclusions in Windows 10

How to Add or Remove Exclusions for Windows Defender Antivirus in Windows 10

www.tenforums.com

Due to lack of activity ....! This topic is now closed.