audit: read-only system audit 2026-06-05
Windows-Host baerchen (frisch aufgesetzt) und Laufwerksstruktur geprüft. Rohdaten unter audit/raw/, Bericht unter docs/audit/system-audit-2026-06-05.md. Homelab-Server-Abschnitt ausstehend (SSH-Bestätigung fehlt).
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
### VOLUMES ###
|
||||
DriveLetter Label FS Size_GB Free_GB Health
|
||||
C (kein Label) NTFS 166.9 59.5 Healthy
|
||||
D Daten-Projekte NTFS 167.7 148.6 Healthy
|
||||
E Games NTFS 930.6 714.9 Healthy
|
||||
G M2 SSD NTFS 930.9 877.5 Healthy
|
||||
H Externe HDD NTFS 7452.0 3801.3 Healthy
|
||||
(kein BW) Recovery x5 NTFS diverse diverse Healthy
|
||||
|
||||
### DISKS ###
|
||||
Disk 0 INTEL SSDSC2BW180A3L SATA 167.68 GB GPT Healthy Serial: CVCV3105053K180EGN
|
||||
Disk 1 INTEL SSDSC2BW180A3L SATA 167.68 GB GPT Healthy Serial: CVCV311302TH180EGN
|
||||
Disk 2 Samsung SSD 980 PRO 1TB NVMe 931.51 GB GPT Healthy
|
||||
Disk 3 WDC WDS100T2B0C NVMe 931.51 GB GPT Healthy
|
||||
Disk 4 asmedia ASM235 USB 7.28 TB GPT Healthy
|
||||
|
||||
### PARTITIONS ###
|
||||
Disk 0: [Reserved 16MB] [C: 166.87 GB Basic] [Recovery 809 MB]
|
||||
Disk 1: [Reserved 15.98 MB] [D: 167.66 GB Basic]
|
||||
Disk 2: [Reserved 15.98 MB] [E: 930.63 GB Basic] [Recovery 885 MB] <- F: ist weg
|
||||
Disk 3: [System 100 MB] [Reserved 16 MB] [G: 930.89 GB Basic] [Recovery 524 MB]
|
||||
Disk 4: [Reserved 15.98 MB] [H: 7.28 TB Basic]
|
||||
@@ -0,0 +1,52 @@
|
||||
### D:\ TOP-LEVEL ###
|
||||
00_Inbox Directory 2026-06-04
|
||||
10_Dokumente Directory 2026-06-04
|
||||
11_Bilder Directory 2026-06-04 [ReadOnly-Attribut gesetzt]
|
||||
12_Videos Directory 2026-06-04
|
||||
13_Musik Directory 2026-06-04
|
||||
14_Downloads Directory 2026-06-04
|
||||
20_Projekte Directory 2026-06-04
|
||||
30_Finanzen Directory 2026-06-04
|
||||
90_Archiv Directory 2026-06-04
|
||||
Micha Directory 2026-06-05 [Altquelle, noch vorhanden]
|
||||
WSL Directory 2026-06-04 [nicht in Soll-Doku]
|
||||
DumpStack.log File
|
||||
|
||||
### D:\Micha INHALT ###
|
||||
Videos Directory 2026-06-05 [1 Datei, 0 MB - fast leer]
|
||||
(alle anderen Unterordner weg)
|
||||
|
||||
### D:\00_Inbox INHALT ###
|
||||
Desktop Directory 2026-06-05 [ReadOnly - das ist das Known-Folder-Ziel!]
|
||||
|
||||
### E:\ TOP-LEVEL ###
|
||||
BattleNet Directory 2026-06-04 [SOLL]
|
||||
EA Directory 2026-06-04 [SOLL]
|
||||
EpicGames Directory 2026-06-04 [SOLL]
|
||||
Riot Directory 2026-06-04 [SOLL]
|
||||
Steam Directory 2026-06-05 [SOLL]
|
||||
Ubisoft Directory 2026-06-04 [SOLL]
|
||||
_Standalone FEHLT! [SOLL laut Doku]
|
||||
|
||||
### G:\ TOP-LEVEL ###
|
||||
Apps Directory 2026-06-04 [nicht in Soll-Doku]
|
||||
Gitea_Clone Directory 2026-04-15 [nicht in Soll-Doku - bewusst, homelab-infra]
|
||||
repos Directory 2026-06-05 [SOLL]
|
||||
Tools Directory 2026-06-05 [SOLL - Doku schreibt 'tools' lowercase, NTFS case-insensitive]
|
||||
Workspace Directory 2026-06-04 [nicht in Soll-Doku]
|
||||
|
||||
### KNOWN FOLDER REDIRECTS (Ist) ###
|
||||
Desktop -> D:\00_Inbox\Desktop [ABWEICHUNG! Soll: D:\Micha\Desktop]
|
||||
Documents -> D:\10_Dokumente [OK]
|
||||
Downloads -> D:\14_Downloads [OK]
|
||||
Pictures -> D:\11_Bilder [OK]
|
||||
Music -> D:\13_Musik [OK]
|
||||
Videos -> D:\12_Videos [OK]
|
||||
|
||||
### DOPPELBESTAND D:\Micha\* vs D:\NN_* ###
|
||||
D:\Micha\Dokumente : NICHT VORHANDEN | D:\10_Dokumente : 4011 Dateien, 595 MB
|
||||
D:\Micha\Bilder : NICHT VORHANDEN | D:\11_Bilder : 7789 Dateien, 12367 MB
|
||||
D:\Micha\Videos : 1 Datei, 0 MB | D:\12_Videos : 1 Datei, 0 MB
|
||||
D:\Micha\Musik : NICHT VORHANDEN | D:\13_Musik : 0 Dateien
|
||||
D:\Micha\Downloads : NICHT VORHANDEN | D:\14_Downloads : 2186 Dateien, 2211 MB
|
||||
D:\Micha\Finanzen : NICHT VORHANDEN | D:\30_Finanzen : 126 Dateien, 123 MB
|
||||
@@ -0,0 +1,63 @@
|
||||
### OS BASELINE ###
|
||||
Caption: Microsoft Windows 11 Pro
|
||||
Build: 26200
|
||||
Version: 10.0.26200
|
||||
Architecture: 64-Bit
|
||||
InstallDate: 2026-05-10 13:11:27
|
||||
LastBoot: 2026-06-05 07:57:08
|
||||
Uptime: 0.04 Tage (~1 Stunde zum Audit-Zeitpunkt)
|
||||
Manufacturer: Micro-Star International Co., Ltd.
|
||||
Model: MS-7D32
|
||||
RAM: 31.79 GB
|
||||
CPU: Intel Core i5-14600KF, 14 Cores, 20 Threads, 3500 MHz
|
||||
|
||||
### AKTIVIERUNG ###
|
||||
Name: Windows(R), Professional edition
|
||||
LicenseStatus: 1 (Aktiv)
|
||||
Channel: OEM_DM
|
||||
|
||||
### AUSSTEHENDE UPDATES ###
|
||||
Windows Update pending: 0
|
||||
Reboot pending: Nein
|
||||
|
||||
### DEFENDER ###
|
||||
AMProductVersion: 4.18.26040.7
|
||||
AMServiceEnabled: True
|
||||
AntivirusEnabled: True
|
||||
AntispywareEnabled: True
|
||||
RealTimeProtection: True
|
||||
TamperProtection: True
|
||||
SignatureAge: 0 Tage (aktuell)
|
||||
Exclusions: KEIN ADMIN -> nicht lesbar
|
||||
ASR Rules: KEIN ADMIN -> nicht lesbar (Get-MpPreference liefert leer)
|
||||
|
||||
### FIREWALL ###
|
||||
Domain: Enabled, DefaultInboundAction: NotConfigured, DefaultOutboundAction: NotConfigured
|
||||
Private: Enabled, DefaultInboundAction: NotConfigured, DefaultOutboundAction: NotConfigured
|
||||
Public: Enabled, DefaultInboundAction: NotConfigured, DefaultOutboundAction: NotConfigured
|
||||
HINWEIS: NotConfigured = Windows-Default (eingehend blockieren, ausgehend erlauben)
|
||||
|
||||
### BITLOCKER ###
|
||||
KEIN ADMIN -> Get-BitLockerVolume verweigert (Access Denied). Status unbekannt.
|
||||
|
||||
### SECURE BOOT ###
|
||||
KEIN ADMIN -> Confirm-SecureBootUEFI verweigert. Status unbekannt.
|
||||
|
||||
### TPM ###
|
||||
KEIN ADMIN -> Get-Tpm liefert alle Felder leer. Status unbekannt.
|
||||
|
||||
### UAC ###
|
||||
EnableLUA: 1 (aktiv)
|
||||
ConsentPromptBehaviorAdmin: 5 (Nachfrage mit UI, ohne Secure Desktop laut Wert, aber...)
|
||||
PromptOnSecureDesktop: 1 (Secure Desktop ist AN - Standard-Konfiguration korrekt)
|
||||
|
||||
### LOKALE ADMINS ###
|
||||
Gruppe Administratoren: Administrator, michi
|
||||
|
||||
### BCD ###
|
||||
KEIN ADMIN -> bcdedit /enum verweigert.
|
||||
Letzte bekannte Aussage (Doku boot-cleanup-plan): Keine partition=F: Referenz nach Cleanup + Neustarttest.
|
||||
|
||||
### WinRE ###
|
||||
KEIN ADMIN -> reagentc /info verweigert.
|
||||
Letzte bekannte Aussage (Doku): WinRE Disabled.
|
||||
@@ -0,0 +1,58 @@
|
||||
### NETZWERK-ADAPTER (UP) ###
|
||||
Ethernet Intel I225-V MAC: 04-7C-16-53-04-E4 1 Gbps
|
||||
Tailscale Tunnel 100 Gbps (virtuell)
|
||||
vEthernet WSL (Hyper-V) MAC: 00-15-5D-F3-5F-C9 10 Gbps (virtuell)
|
||||
|
||||
### IP-ADRESSEN ###
|
||||
Ethernet: 192.168.178.103/24
|
||||
Tailscale: 100.78.133.37/32
|
||||
WSL bridge: 172.26.80.1/20
|
||||
(WLAN, Bluetooth etc.: APIPA 169.254.x.x - nicht konfiguriert/inaktiv)
|
||||
|
||||
### DNS ###
|
||||
Ethernet DNS: 192.168.178.58 (= Kallilabcore AdGuard Home)
|
||||
WLAN DNS: 192.168.178.58
|
||||
|
||||
### TAILSCALE STATUS ###
|
||||
100.78.133.37 baerchen-1 (dieser Rechner) online
|
||||
100.105.203.21 baerchen (alter Rechner) offline, last seen 20h ago
|
||||
100.73.83.55 iphone-14 iOS online
|
||||
100.112.0.90 kallilab-core linux online
|
||||
100.80.98.33 kallilabcore linux active; direct 192.168.178.58:49917
|
||||
|
||||
### LAUSCHENDE TCP-PORTS ###
|
||||
Port Adresse Prozess Bemerkung
|
||||
135 0.0.0.0/:: svchost RPC Endpoint Mapper
|
||||
139 192.168.178.103 System NetBIOS
|
||||
445 :: System SMB
|
||||
3000 ::1/:: wslrelay / docker Docker / WSL lokal
|
||||
5040 0.0.0.0 svchost WS-Discovery (WDAS)
|
||||
5357 :: System WSD HTTP
|
||||
7680 :: svchost WUDO (Delivery Optimization)
|
||||
11434 127.0.0.1 ollama Ollama API (lokal)
|
||||
22885 127.0.0.1 Battle.net lokal
|
||||
26822 127.0.0.1 MSI.TerminalServer MSI Center
|
||||
27036 0.0.0.0 steam Steam Remote Play (0.0.0.0 - offen!)
|
||||
27060 127.0.0.1 steam Steam lokal
|
||||
32683 127.0.0.1 MSI.CentralServer MSI Center
|
||||
33683 127.0.0.1 MSI.CentralServer MSI Center
|
||||
38810 fd7a:... tailscaled
|
||||
49553 100.78.133.37 tailscaled
|
||||
50123 127.0.0.1 iCUE Corsair lokal
|
||||
51037 127.0.0.1 RazerAppEngine
|
||||
55316 127.0.0.1 RazerAppEngine
|
||||
59686 127.0.0.1 steam
|
||||
60999 127.0.0.1 Agent Claude Code
|
||||
|
||||
### SSH ###
|
||||
~\.ssh\config: LEER (keine Host-Eintraege)
|
||||
~\.ssh\id_ed25519: vorhanden (411 Bytes, erstellt 2026-04-04)
|
||||
~\.ssh\id_ed25519.pub: vorhanden (97 Bytes)
|
||||
~\.ssh\known_hosts: vorhanden (4719 Bytes, zuletzt 2026-06-04)
|
||||
~\.ssh\known_hosts.old + .pre-port222-Backup: vorhanden
|
||||
|
||||
KEY PERMISSIONS id_ed25519:
|
||||
NT-AUTORITAET\SYSTEM FullControl Allow
|
||||
VORDEFINIERT\Administratoren FullControl Allow
|
||||
baerchen\michi FullControl Allow
|
||||
BEFUND: Zu viele Berechtigungen - Admins-Gruppe hat FullControl auf Private Key.
|
||||
@@ -0,0 +1,66 @@
|
||||
### DEV TOOLCHAIN ###
|
||||
git: 2.54.0.windows.1
|
||||
python: 3.13.13
|
||||
node: 24.16.0 (LTS)
|
||||
go: 1.26.4 windows/amd64
|
||||
|
||||
### GIT CONFIG ###
|
||||
user.name: michaelkaleschke-spec
|
||||
user.email: michaelkaleschke@googlemail.com
|
||||
commit.gpgsign: nicht gesetzt (Commits nicht signiert)
|
||||
|
||||
### WSL ###
|
||||
Ubuntu Stopped Version 2
|
||||
docker-desktop Running Version 2
|
||||
|
||||
### DOCKER CONTEXTS ###
|
||||
default npipe:////./pipe/docker_engine (nicht aktiv)
|
||||
desktop-linux* npipe:////./pipe/dockerDesktopLinuxEngine (aktiv)
|
||||
|
||||
### KUBECTL ###
|
||||
Keine Contexts konfiguriert.
|
||||
|
||||
### WINGET INVENTAR (158 Pakete, Auswahl) ###
|
||||
CPUID CPU-Z MSI 2.20.1
|
||||
CPUID HWMonitor 1.63
|
||||
CrystalDiskInfo 9.9.1
|
||||
Docker Desktop 4.76.0
|
||||
Git 2.54.0
|
||||
AusweisApp 2.5.1
|
||||
Node.js LTS 24.16.0
|
||||
Corsair iCUE5 5.46.67
|
||||
NVIDIA App 11.0.7.247 / Treiber 610.47
|
||||
WISO Steuer 2026 33.07.3410
|
||||
Go 1.26.4
|
||||
Microsoft Edge 148.0.3967.96
|
||||
Microsoft OneDrive 23.038 (Update verfuegbar: 26.078)
|
||||
RivaTuner Statistics Server 7.3.7
|
||||
Razer Synapse 4.0.683
|
||||
Steam 2.10.91.91
|
||||
Banking4 Home
|
||||
Battle.net / Hearthstone / Overwatch / World of Warcraft
|
||||
Microsoft 365 16.0.20026.20140
|
||||
|
||||
### AUTOSTART ###
|
||||
HKCU\Run:
|
||||
BraveSoftware Update -> BraveUpdateCore.exe
|
||||
Steam -> E:\Steam\steam.exe -silent
|
||||
RazerAppEngine -> Synapse autoStart
|
||||
Docker Desktop -> Docker Desktop.exe
|
||||
|
||||
HKLM\Run:
|
||||
SecurityHealth -> SecurityHealthSystray.exe
|
||||
Corsair iCUE5 -> iCUE Launcher.exe --autorun
|
||||
RtkAudUService -> Realtek Audio Service
|
||||
|
||||
Startup-Ordner (User): Ollama.lnk
|
||||
Startup-Ordner (Alle): Tailscale.lnk
|
||||
|
||||
### GEPLANTE TASKS (nicht-Microsoft, aktiv) ###
|
||||
OneDrive Reporting Task
|
||||
OneDrive Startup Task
|
||||
OneDrive Per-Machine Standalone Update Task
|
||||
PostponeDeviceSetupToast
|
||||
BraveSoftwareUpdateTask (2x User-Varianten)
|
||||
NVIDIA App SelfUpdate
|
||||
SoftLanding\CreativeManagementTask [UNBEKANNT - pruefen]
|
||||
@@ -0,0 +1,45 @@
|
||||
### HARDWARE ###
|
||||
CPU: Intel Core i5-14600KF, 14 Cores / 20 Threads, 3500 MHz Base
|
||||
RAM: 31.79 GB
|
||||
MB: MSI MS-7D32
|
||||
Energieplan: Ausbalanciert (381b4222) - aktiv
|
||||
Verfuegbare Plaene: Ausbalanciert, Ultimative Leistung, Hoechstleistung, Energiesparmodus
|
||||
|
||||
### PHYSICAL DISKS (SMART) ###
|
||||
INTEL SSDSC2BW180A3L SSD Healthy OK (Disk 0, C:)
|
||||
INTEL SSDSC2BW180A3L SSD Healthy OK (Disk 1, D:)
|
||||
Samsung SSD 980 PRO 1TB SSD Healthy OK (Disk 2, E:)
|
||||
WDC WDS100T2B0C SSD Healthy OK (Disk 3, G:)
|
||||
asmedia ASM235 Unspecified Healthy OK (Disk 4, H:)
|
||||
Get-StorageReliabilityCounter: keine Ausgabe (Wear-Daten nicht via WMI verfuegbar - typisch fuer SATA SSDs und USB)
|
||||
|
||||
### GERAETE MIT STATUS "Unknown" (PnP) ###
|
||||
MyBookLiveDuo (SoftwareDevice) - Netzwerkgeraet, nicht angebunden - erwartet
|
||||
HID-Tastatur (Keyboard) - ghosted device - harmlos
|
||||
Dell S2722DGM (DP) (Monitor) - Display-Enumeration Artefakt
|
||||
Generic Monitor x2 - Display-Enumeration Artefakt
|
||||
[LG] webOS TV OLED65G48LW x2 - Netzwerkgeraet, nicht lokal - erwartet
|
||||
Standard-Volumeschattenkopie x3 - VSS Snapshots - erwartet
|
||||
KEINE echten Fehlercodes (kein gelbes Ausrufezeichen).
|
||||
|
||||
### EVENT LOG FEHLER seit Installation (2026-05-10) ###
|
||||
ID 20 (70x): Defender KB4052623 Installation fehlgeschlagen (0x80240016)
|
||||
-> Timing-Problem bei Update-Kaskade, harmlos wenn aktuell
|
||||
ID 10010 (15x): DCOM Server-Timeout {3E11DF0F-...}
|
||||
-> bekanntes Windows-Hintergrundrauschen, harmlos
|
||||
ID 7000 (3x): Steam Client Service Start fehlgeschlagen
|
||||
-> Steam war beim Boot noch nicht bereit, harmlos
|
||||
ID 7023 (3x): Windows Modules Installer beendet mit Fehler
|
||||
-> Update-Installationsabbrueche, pruefbar nach Analyse der Zeitstempel
|
||||
ID 6008 (2x): Unerwartetes Herunterfahren am 2026-05-19 13:56:56
|
||||
-> Einmaliger Vorfall (BSOD oder Stromausfall) kurz nach Installation
|
||||
ID 7034 (2x): MSI Center Service unerwartet beendet
|
||||
-> bekannte Instabilitaet MSI Center, harmlos wenn kein Datenverlust
|
||||
ID 7043 (1x): Dienst konnte nicht gestoppt werden
|
||||
ID 1012 (3x): unbekannte ID - weitere Analyse noetig
|
||||
ID 36 (2x): unbekannte ID - weitere Analyse noetig
|
||||
|
||||
### CRASH DUMPS ###
|
||||
C:\Windows\Minidump: nicht vorhanden
|
||||
C:\Windows\MEMORY.DMP: nicht vorhanden
|
||||
Bewertung: kein BSOD-Dump vorhanden (ggf. Dump-Einstellung "automatisch neu starten" ohne Dump-Schreiben)
|
||||
Reference in New Issue
Block a user