| |
| |||||||
Log-Analyse und Auswertung: System auf Malware überprüfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
23.06.2025, 13:30
| #1 |
 |  System auf Malware überprüfen Guten Tag, ich möchte gerne mein System analysiert bekommen. Hier die FRST-Logfiles dazu. Vielen Dank schonmal Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-06-2025
durchgeführt von Carst (Administrator) auf CARSTENSGALAXYB (SAMSUNG ELECTRONICS CO., LTD. 960QFG) (23-06-2025 14:03:55)
Gestartet von C:\Users\Carst\Desktop\FRST64.exe
Geladene Profile: Carst
Plattform: Microsoft Windows 11 Home Version 24H2 26100.4351 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(520D4CDF-A287-4423-AB88-D88CCF7E866D -> ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungSettings1.5_7.0.14.0_x64__3c1yjt4zspk6g\Extensions\ScreenMode.exe
(520D4CDF-A287-4423-AB88-D88CCF7E866D -> Samsung Electronics Co., Ltd.) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungSettings1.5_7.0.14.0_x64__3c1yjt4zspk6g\SamsungSettingsHost.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\Samsung\SamsungUpdate\SUService.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungUpdate\SUEngine.exe
(C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2506.143.0_x64__8wekyb3d8bbwe\dotnet\PAD.AutomationServer.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2506.143.0_x64__8wekyb3d8bbwe\dotnet\PAD.BridgeToUIAutomation2.exe
(C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2506.143.0_x64__8wekyb3d8bbwe\dotnet\PAD.Console.Host.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2506.143.0_x64__8wekyb3d8bbwe\dotnet\PAD.AutomationServer.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25042.96.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25042.96.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WSACrashUploader\WSACrashUploader.exe
(C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy\LoopbackExemptionManager\LoopbackExemptionManager.exe ->) (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy\WindowsMCFCore\WindowsMCFCore.exe
(drivers\Intel\ICPS\IDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWM.exe
(drivers\Intel\ICPS\IntelConnectService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnect.exe
(DriverStore\FileRepository\aircommandcomp.inf_amd64_c976f913f5087b0a\AircommandService.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\aircommandcomp.inf_amd64_c976f913f5087b0a\AircommandEngine.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_9f9e22715f56ef60\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_helper.exe
(DriverStore\FileRepository\sfourswcomp15.inf_amd64_5f385966251a7373\SamsungSystemSupportService.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\sfourswcomp15.inf_amd64_5f385966251a7373\SamsungSystemSupportEngine.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Maxim Integrated) C:\Windows\System32\MaximAudioService64.exe
(services.exe ->) (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.MultiControl_2.3.1400.0_x64__wyx1vj98g3asy\MultiControlService\SamsungMultiControlService.exe
(services.exe ->) (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\QuickShareService\QuickShareService.exe
(services.exe ->) (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy\LoopbackExemptionManager\LoopbackExemptionManager.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D -> ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.25.5230.0_x64__3c1yjt4zspk6g\SAService\SAService.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D -> Samsung Electronics Co., Ltd.) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAnalyticsAgent_2.2.12.0_x64__3c1yjt4zspk6g\SamsungAnalyticsService\SamsungAnalyticsService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_9f9e22715f56ef60\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_eb09d8513be92967\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e330adaf63434ca3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_ef0d92102be8d7c5\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_6f0a892deb241071\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWMService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectService.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\GoodixWOTService_0.0.0.4.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\MaximServiceShell64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9f05190a2befb920\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Studiomode\StudiomodeSvc.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Live Wallpaper Service\LiveWallpaperWindowsService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Quick Search Service\QuickSearchService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Recovery\BulletService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungUpdate\SUService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SmartSwitch\qvWindowsService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\aircommandcomp.inf_amd64_c976f913f5087b0a\AircommandService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\samsungwificomponent.inf_amd64_f3df7fbf3f46d6fd\SamsungWiFi_UHB_Setting_Service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\sfourswcomp15.inf_amd64_5f385966251a7373\SamsungSystemSupportService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\systemplatformenginecomp.inf_amd64_264ff885c2d28710\SystemPlatformEngine.exe
(sihost.exe ->) (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> SamsungNotesSysTray) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.418.0_x64__wyx1vj98g3asy\SamsungNotesSysTray\SamsungNotesSysTray.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teams.exe <3>
(sihost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2506.143.0_x64__8wekyb3d8bbwe\dotnet\PAD.Console.Host.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25042.38.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D -> ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.25.5230.0_x64__3c1yjt4zspk6g\SAClient.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.25.390.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.41.3.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\ColorEngine\ColorEngine.exe
(svchost.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\ColorEngine\DisplaySupporter.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Quick Search Service\QuickSearchIndexer.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungUpdate\SUUserModeWorker.exe
(vmcompute.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe
konnte nicht auf den Prozess zugreifen -> vmmemWSA
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MaximAudioSvc] => C:\Windows\System32\MaximAudioService64.exe [556544 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Maxim Integrated)
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\Run: [UninstallT20] => ms-teamsupdate.exe -UninstallT20 (Keine Datei)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\137.0.7151.104\Installer\chrmstp.exe [2025-06-12] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2FEEFA07-2AF0-4077-951C-2E222D935C3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {150F91E1-F622-4440-80F7-C2B0872E5AEF} - System32\Tasks\ColorEngine => C:\Program Files\Samsung\ColorEngine\ColorEngine.exe [648512 2023-02-15] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {B1CDC9FC-F590-454E-8848-48CB32AD4F9A} - System32\Tasks\DisplaySupporter => C:\Program Files\Samsung\ColorEngine\DisplaySupporter.exe [231784 2023-02-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {74D9B975-A6DA-4093-B80C-EA93FB722969} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{A2953121-460F-446A-94E0-A338F5245D7D} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {16EABBCB-06C9-4077-90B2-C48239C94FA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955352 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {53809F5C-787C-453B-B82A-A21993B3B769} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68368 2025-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A26CFA7-41B5-4DC8-B2D8-FDAC806D00B8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955352 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {53524DC4-19FD-4199-8CC3-042E58FE8E3D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AD133AC-AAD3-44EF-B8D7-C9A39E4CA729} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CCEFF05-1915-4CD3-BFA3-AC53FAACD6E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [225992 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F9BC0F4-43FA-43DB-8E90-0F7442D3A427} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECA4E8EE-8247-4403-A724-531A5528FA61} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A792F61-0B3B-4A78-883B-085ACC3E14CF} - System32\Tasks\Microsoft\Windows\Hotpatch\Monitoring => C:\WINDOWS\system32\cmd.exe [376832 2025-05-30] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\hpatchmonTask.cmd
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {D07911E3-B824-4284-8C18-CD904C5A6379} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63C976E8-B651-4C73-8071-81B94F245E27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ACFA4484-CF4D-4D1E-B5E5-FD8AC2EF3ABC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DAEE6426-1A08-4F3A-96F0-998C96E0CB3B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7BAFA32E-48FB-4AA2-875C-25098B48610F} - System32\Tasks\OneDrive Startup Task-S-1-5-21-5337926-3735871574-4012841875-1001 => C:\Users\Carst\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\OneDriveLauncher.exe [684880 2025-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {41071A11-7DC6-409C-BCF1-F6D056492005} - System32\Tasks\QuickSearchIndexer_Idle_S-1-5-21-5337926-3735871574-4012841875-1001 => C:\Program Files\Samsung\Quick Search Service\IndexerRunner.exe [17720 2025-02-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files\Samsung\Quick Search Service\runIdleMode
Task: {7D9D3A99-1194-4B5D-B6F4-77A5A5EF28D4} - System32\Tasks\QuickSearchIndexer_S-1-5-21-5337926-3735871574-4012841875-1001 => C:\Program Files\Samsung\Quick Search Service\QuickSearchIndexer.exe [132408 2025-02-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files\Samsung\Quick Search Service\runByTaskScheduler
Task: {931A88D3-AC42-4DFF-9FEE-6060F8E6C7DE} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9f05190a2befb920\RtkAudUService64.exe [2150760 2024-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {32959F0A-8EDF-4742-8838-82F5595ECCD4} - System32\Tasks\Samsung\Recovery8\BulletUserModeWorker => C:\Program Files\Samsung\Recovery\BulletUserModeWorker.exe [620944 2022-11-07] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {A00F3C4F-7645-4BF2-8B68-2D27504B6939} - System32\Tasks\Samsung\SamsungUpdate\UserModeWorker => C:\Program Files\Samsung\SamsungUpdate\SUUserModeWorker.exe [682840 2024-12-02] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {C7EFDF05-CFBE-4BBA-8F5E-810DE39E0E10} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [1971048 2021-04-29] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{41c20d41-79f0-4167-bf80-adc03b3b3030}: [DhcpNameServer] 192.168.49.1
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}: [DhcpNameServer] 192.168.179.1
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\64259445A51224F687023484: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\64259445A51224F687023484: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\75C414E4D2538313135353: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\75C414E4D2538313135353: [DhcpDomain] Speedport_W_724V_09011603_06_010
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\C4965626C696E67637865696D6: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f47108da-4381-45ab-b24b-97e675c0d6d2}\C4965626C696E67637865696D6: [DhcpDomain] local
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default [2025-06-11]
Edge Notifications: Default -> hxxps://drive.google.com
Edge HomePage: Default -> hxxp://www.google.de/
Edge Extension: (ProxFlow) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2023-11-10]
Edge Extension: (WEB.DE MailCheck) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dklkaimkejnkhbhiahnhlndmkjijofjj [2023-12-26]
Edge Extension: (Google Docs Offline) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-07]
Edge Extension: (Edge relevant text changes) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge Extension: (Microsoft Power Automate) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kagpabjoboikccfdghpdlaaopmgpgfdc [2025-05-04]
Edge Extension: (AVG Online Security) - C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nbmoafcmbajniiapeidgficgifbfmjfo [2025-04-13]
Edge HKU\S-1-5-21-5337926-3735871574-4012841875-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Edge HKLM-x32\...\Edge\Extension: [fphgeikpdcdcheaochkhldmnfblfogla]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-06-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default [2025-06-23]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.instagram.com; hxxps://www.netflix.com; hxxps://www.ticketmaster.de; hxxps://www.waz.de
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321557&octid=EB_ORIGINAL_CTID&ISID=MAD461719-FCEC-4165-B7E5-84A6366152BE&SearchSource=55&CUI=&UM=6&UP=SP9D1E4C60-0D59-4491-BECA-20D7E6F88308&SSPV=","hxxp://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-30]
CHR Extension: (Klarna | Jetzt einkaufen, später bezahlen) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2025-06-16]
CHR Extension: (Microsoft Power Automate) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljglajjnnkapghbckkcmodicjhacbfhk [2025-04-13]
CHR Extension: (Morpheon Dark) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2024-03-15]
CHR Extension: (Google Mail-Checker) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2025-02-10]
CHR Extension: (AVG Online Security) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmoafcmbajniiapeidgficgifbfmjfo [2025-03-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-06]
CHR Profile: C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-06-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-03]
CHR Extension: (Microsoft Power Automate) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljglajjnnkapghbckkcmodicjhacbfhk [2025-06-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-06-03]
CHR Profile: C:\Users\Carst\AppData\Local\Google\Chrome\User Data\System Profile [2025-06-19]
CHR HKU\S-1-5-21-5337926-3735871574-4012841875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-5337926-3735871574-4012841875-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13724344 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_9f9e22715f56ef60\DAX3API.exe [2361864 2023-02-15] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_d6f52e3fdecf287d\ipfsvc.exe [546416 2022-11-15] (Intel Corporation -> Intel Corporation)
S2 GBExperience; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungWelcome_3.5.1.0_x64__3c1yjt4zspk6g\WindowsService\GBExperience.exe [1516392 2025-02-20] (520D4CDF-A287-4423-AB88-D88CCF7E866D -> Samsung Electronics Co., Ltd.)
R2 GoodixWOTService; C:\WINDOWS\System32\drivers\GoodixWOTService_0.0.0.4.exe [43016 2022-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 hpatchmon; C:\WINDOWS\system32\hpatchmon.dll [173472 2025-05-30] (Microsoft Windows -> Microsoft Corporation)
R3 IDBWM; C:\WINDOWS\System32\drivers\Intel\ICPS\IDBWMService.exe [78656 2024-05-08] (Intel Corporation -> Intel® Corporation)
R2 Intel Analytics Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [1962416 2024-05-08] (Intel Corporation -> Intel)
R2 Intel Connectivity Network Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [2225576 2024-05-08] (Intel Corporation -> Intel)
S2 Intel Provider Data Helper Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [824232 2024-05-08] (Intel Corporation -> Intel)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_6f0a892deb241071\AS\IAS\IntelAudioService.exe [530424 2023-08-31] (Intel Corporation -> Intel)
R3 IntelConnectService; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectService.exe [78760 2024-05-08] (Intel Corporation -> Intel® Corporation)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_uf.exe [2781336 2022-11-14] (Intel Corporation -> Intel Corporation)
R2 LiveWallpaperService; C:\Program Files\Samsung\Live Wallpaper Service\LiveWallpaperWindowsService.exe [482144 2023-04-03] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MaximAudioService; C:\WINDOWS\System32\MaximServiceShell64.exe [217600 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpDefenderCoreService.exe [2071592 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.5.1\ProtonVPNService.exe [464608 2024-12-11] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.5.1\ProtonVPN.WireGuardService.exe [464104 2024-12-11] (Proton AG -> ProtonVPN)
R2 Quick Search Service; C:\Program Files\Samsung\Quick Search Service\QuickSearchService.exe [173064 2025-02-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 Quick Share Service; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\QuickShareService\QuickShareService.exe [51200 2025-05-30] (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
R2 Samsung Analytics Agent; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAnalyticsAgent_2.2.12.0_x64__3c1yjt4zspk6g\SamsungAnalyticsService\SamsungAnalyticsService.exe [98087814 2024-11-28] (520D4CDF-A287-4423-AB88-D88CCF7E866D -> Samsung Electronics Co., Ltd.)
R2 Samsung Multi Control Service; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.MultiControl_2.3.1400.0_x64__wyx1vj98g3asy\MultiControlService\SamsungMultiControlService.exe [703848 2025-04-19] (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
R2 Samsung WiFi UHB Setting Service; C:\WINDOWS\System32\DriverStore\FileRepository\samsungwificomponent.inf_amd64_f3df7fbf3f46d6fd\SamsungWiFi_UHB_Setting_Service.exe [271280 2024-10-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungAccountService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.25.5230.0_x64__3c1yjt4zspk6g\SAService\SAService.exe [7680 2025-03-19] (520D4CDF-A287-4423-AB88-D88CCF7E866D -> )
R2 SamsungContinuityWindowsService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy\LoopbackExemptionManager\LoopbackExemptionManager.exe [452408 2025-04-19] (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
R2 SamsungPenService; C:\WINDOWS\System32\DriverStore\FileRepository\aircommandcomp.inf_amd64_c976f913f5087b0a\AircommandService.exe [585176 2023-11-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungPlatformEngine; C:\WINDOWS\System32\DriverStore\FileRepository\systemplatformenginecomp.inf_amd64_264ff885c2d28710\SystemPlatformEngine.exe [1643344 2023-11-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungRecoveryService; C:\Program Files\Samsung\Recovery\BulletService.exe [816016 2022-11-07] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 SamsungSystemSupportService; C:\WINDOWS\System32\DriverStore\FileRepository\sfourswcomp15.inf_amd64_5f385966251a7373\SamsungSystemSupportService.exe [176976 2025-03-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SamsungUpdateService; C:\Program Files\Samsung\SamsungUpdate\SUService.exe [407896 2024-12-02] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 SecondScreenService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.12.3.0_x64__wyx1vj98g3asy\SecondScreenService\SecondScreenService.exe [19800 2025-05-07] (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
R2 SmartSwitchService; C:\Program Files\Samsung\SmartSwitch\qvWindowsService.exe [293280 2023-01-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 StudiomodeSvc; C:\Program Files (x86)\Samsung\Studiomode\StudiomodeSvc.exe [292712 2022-12-19] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\NisSrv.exe [4513624 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MsMpEng.exe [278328 2025-06-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [320512 2024-12-19] (Microsoft Corporation -> )
S2 ET05A1EvtSvc; %SystemRoot%\System32\Rundll32.exe C:\WINDOWS\System32\drivers\UMDF\EgisTouchFPEventLog05A1.dll,Rundll32EntryPointW [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [581632 2024-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2024-10-12] (Microsoft Windows -> Microsoft Corporation)
R3 iaisp64; C:\WINDOWS\System32\drivers\iaisp64.sys [50352 2023-07-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_774a66f35d00ad3d\iaLPSS2_GPIO2_ADL.sys [140960 2022-06-22] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_1ebed6f33a1c1014\iaLPSS2_I2C_ADL.sys [210600 2022-06-22] (Intel Corporation -> Intel Corporation)
R3 IntcBtLE; C:\WINDOWS\System32\DriverStore\FileRepository\intcbtle.inf_amd64_0c9aadaff32d0209\IntcBtLE.sys [140280 2023-08-31] (Intel Corporation -> Intel(R) Corporation)
R3 INTCCoSvc; C:\WINDOWS\System32\drivers\Intel\ICPS\IntcCo11X64.sys [216488 2024-05-08] (Intel Corporation -> Intel Corporation)
S3 IntcSdwBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_d3d4da2eb15364e3\IntcSdwBus.sys [516672 2022-12-08] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-10-04] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_f2084be6bb835256\ipf_acpi.sys [87192 2022-11-14] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_cpu.sys [80536 2022-11-14] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7218f3b363a821fe\ipf_lf.sys [445080 2022-11-14] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [330112 2025-06-02] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [140728 2025-05-30] (Microsoft Windows -> Microsoft Corporation)
S3 LT6911Au; C:\WINDOWS\System32\DriverStore\FileRepository\lt6911au.inf_amd64_2f08ac6e600a0ba1\LT6911Au.sys [63520 2022-12-08] (Intel Corporation -> Intel(R) Corporation)
R3 OV02C10; C:\WINDOWS\System32\drivers\OV02C10.sys [192632 2023-01-08] (Intel Corporation -> Intel Corporation)
R3 PenS2Helper; C:\WINDOWS\System32\drivers\PenS2Helper.sys [79264 2022-08-17] (Samsung Electronics CO., LTD. -> )
S3 PlutonHeci; C:\WINDOWS\System32\DriverStore\FileRepository\pluton-heci.inf_amd64_f74945e2fcb1d3d7\pluton-heci.sys [75168 2025-05-30] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.5.1\Resources\ProtonVPN.CalloutDriver.sys [40360 2024-12-11] (Proton AG -> Proton AG)
R3 SamsungEventController; C:\WINDOWS\System32\drivers\SamsungEventController.sys [72248 2022-08-28] (Samsung Electronics CO., LTD. -> Samsung)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2023-09-29] (nordvpn s.a. -> The OpenVPN Project)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-30] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2025-05-30] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20032 2025-06-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [612768 2025-06-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-06-02] (Microsoft Windows -> Microsoft Corporation)
R3 WiManHu; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_367f6ef053419fd6\WiManHu\WiManHu.sys [212040 2022-09-13] (Intel Corporation -> Intel Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-10-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2024-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2024-10-12] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-06-23 14:03 - 2025-06-23 14:04 - 000040878 _____ C:\Users\Carst\Desktop\FRST.txt
2025-06-23 14:03 - 2025-06-23 14:04 - 000000000 ____D C:\FRST
2025-06-23 13:37 - 2025-06-23 13:37 - 002406912 _____ (Farbar) C:\Users\Carst\Desktop\FRST64.exe
2025-06-16 02:07 - 2025-06-16 02:07 - 000152897 _____ C:\Users\Carst\Desktop\20250522_151142_ARBEITSBESCHEINIGUNG.pdf
2025-06-16 02:05 - 2025-06-16 02:05 - 000161171 _____ C:\Users\Carst\Desktop\20250612_155027_ARBEITSBESCHEINIGUNG.pdf
2025-06-13 01:23 - 2025-06-13 01:23 - 000016893 _____ C:\Users\Carst\Desktop\application-2.2.octet-stream
2025-06-13 01:04 - 2025-06-13 01:04 - 000748376 _____ C:\WINDOWS\system32\perfh007.dat
2025-06-13 01:04 - 2025-06-13 01:04 - 000159426 _____ C:\WINDOWS\system32\perfc007.dat
2025-06-10 00:14 - 2025-06-10 23:56 - 000014381 _____ C:\Users\Carst\Desktop\Wohnungs Gesuch.odt
2025-06-05 19:29 - 2025-06-05 19:29 - 000694139 _____ C:\Users\Carst\Desktop\Schalke Tickets.pdf
2025-06-04 01:19 - 2025-06-04 01:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-05-30 10:32 - 2025-06-20 01:46 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-30 10:16 - 2025-05-30 10:16 - 000001555 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-05-30 10:15 - 2025-05-30 10:15 - 000033224 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-30 10:15 - 2025-05-30 10:15 - 000033224 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-06-23 14:01 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-23 14:00 - 2023-07-15 16:16 - 000000000 ____D C:\Users\Carst\AppData\Local\D3DSCache
2025-06-23 13:55 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-23 13:55 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-06-23 13:54 - 2023-07-15 16:36 - 000000000 ____D C:\ProgramData\SamsungAnalytics
2025-06-23 13:48 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-06-23 13:36 - 2025-03-12 01:53 - 000000000 ____D C:\Users\Carst\Desktop\Brand
2025-06-23 12:37 - 2025-05-10 22:44 - 000003720 _____ C:\WINDOWS\system32\Tasks\QuickSearchIndexer_Idle_S-1-5-21-5337926-3735871574-4012841875-1001
2025-06-23 12:34 - 2023-07-20 08:08 - 000000524 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2025-06-20 02:30 - 2024-10-13 00:40 - 000000000 ____D C:\Users\Carst
2025-06-17 15:22 - 2023-04-21 04:07 - 000000000 ____D C:\Program Files\Microsoft Office
2025-06-16 00:21 - 2024-10-13 23:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-06-13 01:04 - 2024-10-13 23:35 - 001729504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-06-13 01:04 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-06-13 00:59 - 2024-10-13 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-06-13 00:59 - 2024-10-13 23:32 - 000007300 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-06-13 00:59 - 2024-10-13 23:31 - 000000485 _____ C:\WINDOWS\system32\config\VSMHBK
2025-06-13 00:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-06-13 00:59 - 2024-04-01 09:21 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2025-06-13 00:59 - 2023-04-21 11:39 - 000012288 ___SH C:\DumpStack.log.tmp
2025-06-13 00:58 - 2025-04-11 01:11 - 000001445 _____ C:\WINDOWS\system32\config\VsmDrtmEncLkeyPkg
2025-06-13 00:58 - 2024-10-13 23:31 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2025-06-13 00:58 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-06-12 23:00 - 2024-10-13 23:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-06-12 23:00 - 2023-10-23 13:18 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-06-12 22:46 - 2023-10-06 22:33 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-06-12 16:18 - 2023-09-13 22:35 - 000000000 ____D C:\Users\Carst\AppData\Local\CrashDumps
2025-06-12 00:26 - 2023-07-15 16:16 - 000000000 ____D C:\Users\Carst\AppData\Local\Packages
2025-06-12 00:16 - 2024-10-13 23:31 - 000505904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-06-12 00:16 - 2024-04-01 18:35 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-06-12 00:16 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-06-12 00:16 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-06-11 23:05 - 2023-07-15 22:33 - 000000000 ____D C:\Users\Carst\Downloads\Quick Share
2025-06-11 10:25 - 2023-07-15 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-06-11 10:21 - 2024-10-13 23:33 - 003383808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-06-11 03:00 - 2025-02-11 02:39 - 000003558 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-5337926-3735871574-4012841875-1001
2025-06-11 03:00 - 2024-10-13 23:34 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-5337926-3735871574-4012841875-1001
2025-06-11 03:00 - 2024-10-13 23:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-5337926-3735871574-4012841875-1001
2025-06-11 03:00 - 2023-07-15 16:18 - 000002391 _____ C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-11 02:53 - 2023-07-15 22:19 - 216824056 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-06-03 01:40 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-06-03 01:39 - 2023-04-21 11:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-30 17:47 - 2023-04-21 11:43 - 000000000 ____D C:\ProgramData\Packages
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Com
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-05-30 17:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2025-05-30 10:45 - 2024-04-01 09:26 - 001384944 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-05-30 10:45 - 2024-04-01 09:26 - 001240024 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-05-27 19:11 - 2023-04-21 04:00 - 000000000 ____D C:\ProgramData\ColorMode
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2025-03-12 00:07 - 2025-04-22 20:54 - 000003974 _____ () C:\Users\Carst\AppData\Local\GetHelp.msalcacheconsumers.bin
2024-07-30 03:45 - 2024-07-30 03:45 - 000007629 _____ () C:\Users\Carst\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-06-2025
durchgeführt von Carst (23-06-2025 14:05:07)
Gestartet von C:\Users\Carst\Desktop
Microsoft Windows 11 Home Version 24H2 26100.4351 (X64) (2024-10-13 21:34:44)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-5337926-3735871574-4012841875-500 - Administrator - Disabled)
Carst (S-1-5-21-5337926-3735871574-4012841875-1001 - Administrator - Enabled) => C:\Users\Carst
DefaultAccount (S-1-5-21-5337926-3735871574-4012841875-503 - Limited - Disabled)
Gast (S-1-5-21-5337926-3735871574-4012841875-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-5337926-3735871574-4012841875-504 - Limited - Disabled)
WsiAccount (S-1-5-21-5337926-3735871574-4012841875-1006 - Limited - Disabled) => C:\Users\WsiAccount
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4 Gewinnt (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\com.dunjegame.andrecastany.fourinarow) (Version: 4.2 - andrecastany.dunjegame.com)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20531 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Appstore (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\com.amazon.venezia) (Version: release-60.25.1.0.210698.0_736410 - amazon.com)
AusweisApp (HKLM\...\{76BCD646-0551-41D7-B2B2-F379C874CB98}) (Version: 2.3.1 - Governikus GmbH & Co. KG)
ColorEngine (HKLM\...\{0B48E952-494A-408B-8D9D-5F3331F96659}) (Version: 5.5 - Samsung Electronics Co., Ltd.)
ContinuityMSOfficeAddIn (HKLM-x32\...\{66145599-9668-4022-9DC4-114302699E1D}) (Version: 1.0.18 - Samsung)
Display Profile (HKLM\...\{97CE6D18-8335-4420-A7C7-A72B8AFAFFFD}) (Version: 5.3 - Samsung Electronics Co., Ltd.)
Dynamic Application Loader Host Interface Service (HKLM\...\{44C1F557-6E04-460A-B692-A8F2DEE66A66}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Galaxy Book Smart Switch service (HKLM\...\{C1465FF4-4B1B-4D40-945D-472C8FD3FFC0}) (Version: 1.3.8 - Samsung Electronics Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 137.0.7151.104 - Google LLC)
Intel Software Package (HKLM-x32\...\{a5966d05-b019-44f6-b94f-f49ebdd19b58}) (Version: 1.0.11200.30652 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM\...\{E6CC1C02-638D-44F5-8BAE-E455453F80BA}) (Version: 10.1.19468.8385 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{8af15a1a-f70d-4968-84c0-97df0607c3e6}) (Version: 10.1.19468.8385 - Intel(R) Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{DDD0E7BA-1023-44F1-B2E0-2297B9ED42B5}) (Version: 9.0.11200.30652 - Intel Corporation)
Intel(R) Icls (HKLM\...\{62A12FCC-E419-42BA-A2A0-AC94ED0A538E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Innovation Platform Framework (HKLM-x32\...\{1F2F557C-7559-4376-9347-1C6ACFAD35C2}) (Version: 2.0.10300.12 - Intel Corporation)
Intel(R) LMS (HKLM\...\{DB7601FB-39F1-47BF-A18D-63EFDF4FD6D9}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2249.3.39.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{75780158-7F08-4C4A-AA61-CA12EE86CB13}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A5084E56-1B7B-4A7F-BC66-D2ACC4BD0428}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{82A51A61-6619-4215-879A-FC9C18855989}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{F9D05AD5-D6A7-4586-A565-8CE565286351}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{8BB1B6E6-25C3-4B53-A8C4-4EB25E1FD1AB}) (Version: 30.100.2221.20 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2221.20 - Intel Corporation)
Intel(R) SOL LMS Extension (HKLM\...\{7D1E0451-4755-4DDD-B666-7C7FA76ADD38}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000210-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.210.0.3 - Intel Corporation)
Intel(R) Wireless Manageability Driver (HKLM\...\{C5F25593-A0DC-478A-BD3D-A6839102F1DB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Wireless Manageability Driver Extension (HKLM\...\{3C53E369-8847-47AE-88AB-25DC4AB330B6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Integrated Sensor Solution (HKLM-x32\...\{d4503da1-928a-409a-a52e-bdbb49f7df37}) (Version: 3.10.100.4586 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{04AEF55C-E06C-4BF3-BCE6-A84E7D5236A5}) (Version: 3.10.100.4586 - Intel Corporation) Hidden
Live Wallpaper Service (HKLM\...\{2FE1B5C4-2C7A-4DE6-9EB7-4A7AB435145E}) (Version: 3.2.8 - Samsung Electronics Co., Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18827.20150 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 137.0.3296.83 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\OneDriveSetup.exe) (Version: 25.091.0512.0001 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18827.20150 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.13006 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
OpenOffice 4.1.15 (HKLM-x32\...\{D8DD7A6F-CB70-43AF-9A0C-9A5A4C195068}) (Version: 4.115.9813 - Apache Software Foundation)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.5.1 - Proton AG)
Quick Search Service (HKLM\...\{5536CC89-01C4-4120-B4ED-AFDBC6626A48}) (Version: 4.1.58 - Samsung Electronics Co., Ltd.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9496.1 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 11.8.0608.2022 - Realtek)
Samsung Recovery Service (HKLM\...\{A942FE64-54BE-4787-A336-C0674F50A118}) (Version: 8.1.46 - Samsung Electronics Co., Ltd.)
Samsung Update Service (HKLM\...\{1DF1988D-9E7B-463F-9769-7C53E5F590BE}) (Version: 3.0.108.0 - Samsung Electronics Co., Ltd.)
Studio mode (HKLM\...\{3F610C12-D47B-4051-93CE-D7FC21C2F8CD}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
tagesschau (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\de.tagesschau) (Version: 3.4.0 - Unknown)
tiptoi® Manager 5.1 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.1 - Ravensburger AG)
Chrome apps:
============
Dokumente (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\a623785e323463be51e0b045734052c5) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\572465dcbae68f13e5102e925e0f9b82) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\9cf36aa536c2eef1e23720b0e337ee95) (Version: 1.0 - Google\Chrome)
Präsentationen (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\53856c2175adf341f256d946f77b0717) (Version: 1.0 - Google\Chrome)
Tabellen (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\d81dd285d849416659075da30ff05a13) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\066ede3feee57feafc3f4c7ccc4ea819) (Version: 1.0 - Google\Chrome)
Packages:
=========
@{MicrosoftWindows.54792954.Filons_1000.26100.4202.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.54792954.Filons/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.54792954.Filons_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.54792954.Filons/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-30] ()
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-30] ()
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3912.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-30] ()
@{MicrosoftWindows.56978801.Voiess_1000.26100.4202.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.56978801.Voiess/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.56978801.Voiess_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.56978801.Voiess/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.57058570.Speion_1000.26100.4202.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57058570.Speion/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.57058570.Speion_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57058570.Speion/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.57074914.Livtop_1000.26100.4202.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57074914.Livtop/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.57074914.Livtop_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57074914.Livtop/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.3912.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.4061.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.4202.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
100 Doors Game - Escape from School -> C:\Program Files\WindowsApps\Peaksel.100DoorsGame-EscapefromSchool_2.1.18.0_x64__tyntx30xb5zhp [2024-02-01] (PEAKSEL D.O.O. NIŠ)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2025-05-30] ()
Air Command 2 -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.AirCommand2_2.4.8.0_x64__3c1yjt4zspk6g [2025-06-23] (Samsung Electronics Co. Ltd.)
Aktion per Mausklick (Vorschau) -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2023-07-15] (Amazon.com)
Amazon Music -> C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0 [2023-12-13] (AMZN Mobile LLC)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-12] (INTEL CORP) [Startup Task]
CLIP STUDIO PAINT START for SC -> C:\Program Files\WindowsApps\B0A091E8.CLIPSTUDIOPAINTSTARTforSC_1.0.12.0_x64__2vfvh2vszw3jw [2023-07-15] (CELSYS, Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-08-03] (Disney)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.27.2900.0_x64__rz1tebttyb220 [2025-06-13] (Dolby Laboratories)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-10-04] (Meta)
Galaxy Book Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungWelcome_3.5.1.0_x64__3c1yjt4zspk6g [2025-02-20] (Samsung Electronics Co. Ltd.)
Galaxy Book Smart Switch -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SmartSwitchforGalaxyBook_1.7.4.0_x64__3c1yjt4zspk6g [2025-05-16] (Samsung Electronics Co. Ltd.)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-09-26] (Instagram)
Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\AppUp.IntelConnectivityPerformanceSuite_3.1024.505.0_x64__8j3eq9eme6ctt [2024-12-05] (INTEL CORP) [Startup Task]
Intel® Unison™ -> C:\Program Files\WindowsApps\AppUp.IntelTechnologyMDE_20.31.11890.0_x64__8j3eq9eme6ctt [2025-06-03] (INTEL CORP)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.25150.49.0_x64__8wekyb3d8bbwe [2025-06-05] (Microsoft Corporation)
Live Wallpaper -> C:\Program Files\WindowsApps\Sidia.LiveWallpaper_3.3.42.0_x64__wkpx6gdq8qyz8 [2025-06-19] (Samsung Electronics Co. Ltd.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2505.23002.0_x64__8wekyb3d8bbwe [2025-06-19] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-23] (Microsoft Corp.)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.7.4221.0_x64__8wekyb3d8bbwe [2025-05-05] (Microsoft Studios)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20331.573.0_x64__8wekyb3d8bbwe [2025-04-08] (Microsoft Corporation)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2505.8.0_x64__8wekyb3d8bbwe [2025-06-04] (Microsoft Corporation)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.41.3.0_x64__8wekyb3d8bbwe [2025-06-07] (Microsoft Corporation)
Multi Control -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.MultiControl_2.3.1400.0_x64__wyx1vj98g3asy [2025-04-19] (Samsung Electronics Co, Ltd.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
Noteshelf Samsung -> C:\Program Files\WindowsApps\FluidTouchPteLtd.NoteshelfSamsung_4.5.6.0_x64__b23vtfmgdrt7e [2025-04-21] (Fluid Touch Pvt Ltd)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-06-17] ()
PENUP -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PENUP_2.15.9.0_x64__3c1yjt4zspk6g [2025-06-15] (Samsung Electronics Co. Ltd.)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.174.0_x64__pwbj9vvecjh7j [2025-04-23] (Amazon Development Centre (London) Ltd)
Private Share -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PrivateShare_1.2.22.0_x64__3c1yjt4zspk6g [2024-10-12] (Samsung Electronics Co. Ltd.)
Quick Share -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy [2025-05-30] (Samsung Electronics Co, Ltd.) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.331.0_x64__dt26b99r8h8gj [2024-07-23] (Realtek Semiconductor Corp)
RubenGerlach.Mau-Mau-Palast -> C:\Program Files\WindowsApps\RubenGerlach.Mau-Mau-Palast_1.49.382.0_x86__0kgzq02j3b4w8 [2023-12-13] (<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="hxxp://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:uap="hxxp://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap2="hxxp://schemas.microsoft.com/appx/manifest/uap/windows10/2" xmlns:uap3="hxxp://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:uap4="hxxp://schemas.microsoft.com/appx/manifest/uap/windows10/4" xmlns:rescap="hxxp://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:rescap3="hxxp://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3" xmlns:desktop="hxxp://schemas.microsoft.com/appx/manifest/desktop/windows10" xmlns:desktop2="hxxp://schemas.microsoft.com/appx/manifest/desktop/windows10/2" xmlns:desktop3="hxxp://schemas.microsoft.com/appx/manifest/desktop/windows10/3" xmlns:com="hxxp://schemas.microsoft.com/appx/manifest/com/windows10" xmlns:wincap3="hxxp://schemas.microsoft.com/appx/manifest/foundation/windows10/windowscapabilities/3" IgnorableNamespaces="uap4 wincap3 rescap3 desktop2 desktop3 com" xmlns:mp="hxxp://schemas.microsoft.com/appx/2014/phone/manifest">
<Identity Name="RubenGerlach.Mau-Mau-Palast" ProcessorArchitecture="x86" Publisher="CN=545F4CB0-739D-4B07-A9DA-C97C94EFE557" Version="1.49.382.0" />
<Properties>
<DisplayName>ms-resource:Resources/PackageDisplayName</DisplayName>
<PublisherDisplayName>ms-resource:Resources/PublisherDisplayName</PublisherDisplayName>
<Logo>Assets\StoreLogo.png</Logo>
</Properties>
<Resources>
<Resource Language="en-us" />
<Resource Language="de-de" />
<Resource Language="fr-fr" />
<Resource Language="es-es" />
<Resource Language="pl-pl" />
<Resource Language="ru-ru" />
<Resource uap:Scale="100" />
<Resource uap:Scale="125" />
<Resource uap:Scale="150" />
<Resource uap:Scale="200" />
<Resource uap:Scale="400" />
</Resources>
<Dependencies>
<TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.14393.0" MaxVersionTested="10.0.19041.0" />
</Dependencies>
<Capabilities>
<rescap:Capability Name="runFullTrust" />
<Capability Name="internetClient" />
</Capabilities>
<Applications>
<Application Id="de.rgerlach.maumaupalast" Executable="mau-mau-palast.exe" EntryPoint="Windows.FullTrustApplication">
<uap:VisualElements DisplayName="ms-resource:Resources/ApplicationDisplayName" Description="ms-resource:Resources/ApplicationDescription" BackgroundColor="transparent" Square150x150Logo="Assets\Square150x150Logo.png" Square44x44Logo="Assets\Square44x44Logo.png">
<uap:DefaultTile ShortName="ms-resource:Resources/TileShortName" Wide310x150Logo="Assets\Wide310x150Logo.png" Square310x310Logo="Assets\Square310x310Logo.png" Square71x71Logo="Assets\Square71x71Logo.png">
<uap:ShowNameOnTiles>
<uap:ShowOn Tile="square150x150Logo" />
<uap:ShowOn Tile="wide310x150Logo" />
<uap:ShowOn Tile="square310x310Logo" />
</uap:ShowNameOnTiles>
</uap:DefaultTile>
</uap:VisualElements>
<Extensions>
<uap3:Extension Category="windows.appUriHandler">
<uap3:AppUriHandler>
<uap3:Host Name="www.mau-mau-palast.de" />
</uap3:AppUriHandler>
</uap3:Extension>
<uap:Extension Category="windows.protocol">
<uap:Protocol Name="mau-mau-palast">
<uap:Logo>Assets\Square310x310Logo.png</uap:Logo>
<uap:DisplayName>ms-resource:Resources/ApplicationDisplayName</uap:DisplayName>
</uap:Protocol>
</uap:Extension>
</Extensions>
</Application>
</Applications>
<mp:PhoneIdentity PhoneProductId="114af784-d1b1-4f8e-8414-d5e184be9460" PhonePublisherId="8e4f0cf8-d0b0-486c-baaa-fcf5062d8856" />
</Package>)
Samsung Account -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.25.5230.0_x64__3c1yjt4zspk6g [2025-06-02] (Samsung Electronics Co. Ltd.)
Samsung Analytics Agent -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAnalyticsAgent_2.2.12.0_x64__3c1yjt4zspk6g [2024-11-28] (Samsung Electronics Co. Ltd.)
Samsung Cloud -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungCloudPlatformManag_1.8.5.0_x64__3c1yjt4zspk6g [2025-05-30] (Samsung Electronics Co. Ltd.)
Samsung Cloud Bluetooth Sync -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungCloudBluetoothSync_1.0.49.0_x64__3c1yjt4zspk6g [2024-08-27] (Samsung Electronics Co. Ltd.)
Samsung Continuity Service -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy [2025-04-19] (Samsung Electronics Co, Ltd.)
Samsung Flow -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.9.1604.0_x64__wyx1vj98g3asy [2025-06-02] (Samsung Electronics Co, Ltd.)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_7.0.18.0_x64__3c1yjt4zspk6g [2025-03-31] (Samsung Electronics Co. Ltd.)
Samsung Notes -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.418.0_x64__wyx1vj98g3asy [2025-05-15] (Samsung Electronics Co, Ltd.) [Startup Task]
Samsung Pass -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPass_2.0.6.0_x64__3c1yjt4zspk6g [2025-02-20] (Samsung Electronics Co. Ltd.)
Samsung Quick Search -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungQuickSearch_4.1.58.0_x64__3c1yjt4zspk6g [2025-02-21] (Samsung Electronics Co. Ltd.)
Samsung Recovery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungRecovery_8.1.52.0_x64__3c1yjt4zspk6g [2024-10-12] (Samsung Electronics Co. Ltd.)
Samsung Screen Recorder -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungScreenRecording_2.2.36.0_x64__3c1yjt4zspk6g [2025-02-26] (Samsung Electronics Co. Ltd.)
Samsung Settings 1.5 -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungSettings1.5_7.0.14.0_x64__3c1yjt4zspk6g [2025-04-19] (Samsung Electronics Co. Ltd.)
Samsung Settings Runtime -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungSettingsRuntime_7.0.0.0_x64__3c1yjt4zspk6g [2025-02-08] (Samsung Electronics Co. Ltd.)
Samsung Update -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungUpdate_3.0.108.0_x64__3c1yjt4zspk6g [2024-12-19] (Samsung Electronics Co. Ltd.)
SamsungDeviceCare -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPCCleaner_4.0.42.0_x64__3c1yjt4zspk6g [2025-03-13] (Samsung Electronics Co. Ltd.)
SAMSUNGELECTRONICSCO.LTD.Bixby -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.Bixby_6.10.17.0_x64__3c1yjt4zspk6g [2025-06-19] (Samsung Electronics Co. Ltd.)
Second Screen -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.12.3.0_x64__wyx1vj98g3asy [2025-05-07] (Samsung Electronics Co, Ltd.)
SmartThings -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SmartThingsWindows_1.25087.3.0_x64__3c1yjt4zspk6g [2025-04-19] (Samsung Electronics Co. Ltd.) [Startup Task]
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0 [2025-06-19] (Spotify AB) [Startup Task]
Studio Plus -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.StudioPlus_5.6.0.0_x64__3c1yjt4zspk6g [2024-08-23] (Samsung Electronics Co. Ltd.)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_5.15.2.0_x64__t4vj0pshhgkwm [2025-06-15] (Telegram Messenger LLP) [Startup Task]
The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_2.9.0.0_x64__66n08swfvvka0 [2024-10-12] (UNBALANCE corp.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2524.4.0_x64__cv1g1gvanyjgm [2025-06-19] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-02] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe [2024-08-13] (Microsoft Corp.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_7000.498.2246.0_x64__8wekyb3d8bbwe [2025-06-04] (Microsoft Corp.)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2023-11-21] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2023-11-21] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-12] (Microsoft Windows)
Windows-Subsystem für Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe [2024-12-19] (Microsoft Corp.) [Startup Task]
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\Carst\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll (Microsoft Corporation -> )
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.5.1\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{a04f95c0-6183-7419-2316-954e331d0cbc}\localserver32 -> "C:\Program Files\Proton\VPN\v3.2.2\ProtonVPN.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-5337926-3735871574-4012841875-1001_Classes\CLSID\{D52F80D7-FF69-4E80-BD28-E635767B36F6} -> [S24+ von Carsten] => C:\Users\Carst\CrossDevice\S24+ von Carsten [2025-04-17 22:57]
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Dokumente.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Präsentationen.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Tabellen.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Carst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2024-12-19 23:12 - 2024-12-19 23:12 - 000026112 _____ () [Datei ist nicht signiert] C:\ProgramData\Microsoft\Windows\AppRepository\Packages\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\PackagedCom\WsaProxy\WsaProxy.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2022-05-07 07:24 - 2025-06-15 23:27 - 000000858 _____ C:\WINDOWS\system32\drivers\etc\hosts
2023-07-20 08:08 - 2025-06-23 12:34 - 000000524 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.19.96.1 CarstensGalaxyBook.mshome.net # 2030 3 3 20 2 46 41 330
172.23.224.1 CarstensGalaxyBook3Pro360.mshome.net # 2030 6 6 22 10 34 15 919
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\Control Panel\Desktop\\Wallpaper -> c:\users\carst\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\20161118_112853.jpg
HKU\S-1-5-21-5337926-3735871574-4012841875-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.179.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
WLAN: Intel(R) Wi-Fi 6E AX211 160MHz -> Netwtw14.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys
vEthernet (WSLCore): Hyper-V Virtual Ethernet Adapter ->
vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9AD818C197E12209B10DEDB8FB309C1E"
HKU\S-1-5-21-5337926-3735871574-4012841875-1001\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{F88F3659-14BF-499E-9C8D-1FD3C4817160}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [{C5F80D9C-DA5A-4CE1-9178-184DC33B3432}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [UDP Query User{A9554F87-07AA-4C9F-8AF8-3469A08337C8}C:\program files\windowsapps\samsungelectronicscoltd.samsungcontinuityservice_1.7.21.0_x64__wyx1vj98g3asy\windowsmcfcore\windowsmcfcore.exe] => (Allow) C:\program files\windowsapps\samsungelectronicscoltd.samsungcontinuityservice_1.7.21.0_x64__wyx1vj98g3asy\windowsmcfcore\windowsmcfcore.exe => Keine Datei
FirewallRules: [TCP Query User{DF079FEE-55D2-4EC9-9543-90EDB0C03303}C:\program files\windowsapps\samsungelectronicscoltd.samsungcontinuityservice_1.7.21.0_x64__wyx1vj98g3asy\windowsmcfcore\windowsmcfcore.exe] => (Allow) C:\program files\windowsapps\samsungelectronicscoltd.samsungcontinuityservice_1.7.21.0_x64__wyx1vj98g3asy\windowsmcfcore\windowsmcfcore.exe => Keine Datei
FirewallRules: [{F3697853-C6F0-44A9-AE58-FAFCCD4EFE0A}] => (Allow) C:\ProgramData\Samsung\SamsungMultiControl\Binary\SamsungMultiControl.exe => Keine Datei
FirewallRules: [{C64503A7-F7FA-4E88-86F6-123738FB95F1}] => (Allow) C:\MfgDiag\BFT\BoardFunctionTest.exe => Keine Datei
FirewallRules: [TCP Query User{ED8A87BC-E837-4121-8417-DF223F1770DF}C:\program files\windowsapps\spotifyab.spotifymusic_1.248.405.0_x64__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.248.405.0_x64__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [UDP Query User{08AE1E30-CA76-4BD9-A793-6F04E24047E9}C:\program files\windowsapps\spotifyab.spotifymusic_1.248.405.0_x64__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.248.405.0_x64__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [{B8E0F21A-6FD3-4494-B4EB-54F9CA382F1F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.4.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{73430E3A-A0A1-48E0-8012-667B7B2DB532}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungContinuityService_1.13.15.0_x64__wyx1vj98g3asy\WindowsMCFCore\WindowsMCFCore.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
FirewallRules: [{43A96985-AC44-4589-B4DC-B21F00233E5C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CA90EBB-5F48-490D-AB1A-2DBEE70A8A2C}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.12.3.0_x64__wyx1vj98g3asy\SecondScreenDesktop\SecondScreenDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{6285DD72-3FFF-4FFE-8D99-9E87FB21DD7C}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.12.3.0_x64__wyx1vj98g3asy\SecondScreenDesktop\SecondScreenDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{A2DD04C9-CBA2-4E18-AD95-BA7D0F8151E7}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [AusweisApp-Firewall-Rule] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{5F00F186-6689-4F71-B09A-F35F78B9B1ED}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
FirewallRules: [{3D7CF2B6-2BF7-40DB-8645-DF0AC781CDD9}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
FirewallRules: [{A518FEEA-936E-4D20-814D-BB0968AF5439}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
FirewallRules: [{ED3BC17E-3668-4BA9-8B08-1362F2C96A9F}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_2.0.71.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> Samsung Electronics Co., Ltd.)
FirewallRules: [{B55251DB-EB0B-47D6-864C-17BEA02413A0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25137.403.3671.1395_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E9B6DD5-7FBB-465D-9149-269F96569804}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25137.403.3671.1395_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC973BC4-67F1-434A-AA91-611D46B248D7}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{18417C4A-C9AF-407B-AAD1-A78D1E7D1AF4}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{85F5313D-7E3E-46DC-A4D6-C78A2AC358C4}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{40B8D577-30E5-4001-9EC7-F1D190877FB4}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9D568B32-0F5A-437E-8211-5CEB11111399}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F8049F2B-2CF7-43D5-B0DD-1D20B14FC736}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ACC354A-82D7-42C5-A79E-D7808EA8BF4B}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7DC20C65-3D4B-4245-BCBF-09530A3063DD}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1FDA8E73-8C86-4069-9326-C85A6BBB8756}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1187156A-1019-4B10-AE6E-73EF078BA76B}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D5481934-7419-44FA-AC3F-93B04ECC3DAC}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{963AE69D-F757-45B2-85B9-B3E19EB8FC90}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4359A2C9-BD0B-423D-A86C-6B5B53E7EF6F}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9C3E1AED-13AF-4341-8C05-FFFCE0045C75}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A569BDE0-4ABD-489F-AB71-FB39533B7DDE}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8AA64E3C-38F1-4A8A-9109-919B5B10F84B}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{79638FE0-1D51-46C4-BE34-38BF00E25DD4}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.9.1604.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{153EC40E-0FA2-409C-B95D-5AD87443DA2B}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.9.1604.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{EB96BC71-96F3-47A2-9C1C-AAE1B94A3D16}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.9.1604.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{BDC3CFB9-F786-46F2-B6A7-3A6F64CA200D}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.9.1604.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (14C847C8-791E-46EB-9C0D-7CADAF31C930 -> )
FirewallRules: [{83EE0819-5C5C-4A8B-95F6-1125D3737045}] => (Allow) C:\Program Files\WindowsApps\AppUp.IntelTechnologyMDE_20.31.11890.0_x64__8j3eq9eme6ctt\IntelUnison.exe (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation)
FirewallRules: [{2D63755D-D801-41CD-BCD6-8F8E27B9F522}] => (Allow) C:\Program Files\WindowsApps\AppUp.IntelTechnologyMDE_20.31.11890.0_x64__8j3eq9eme6ctt\IntelUnison.exe (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation)
FirewallRules: [{FD4C36B4-5908-49A6-BE22-55954932BE86}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FBD48255-60F0-44D3-81C3-5AC04351E2BB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\137.0.3296.83\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{861E599D-8775-430A-B598-F2FD9AA56AF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4C576862-93C5-4D64-A7CC-8A91C63AA4E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{25927496-9DF2-42FD-8C40-CB05BC3C0E73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EDBCE8A7-9819-4563-B347-45565ABB049F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3810F1FA-001B-4DF5-BD5E-DB34B48CA664}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9AE38419-C263-4EA2-A3C9-76C077996FB4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DA18E96F-8441-4BC9-ADE8-7E0A962194A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1F7BF417-D027-492E-83A4-A6EBE1D4E470}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3D162284-835B-48AA-865B-02B63DE4DCDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D29740C7-92E9-41B1-A0B5-986781A4239E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.266.447.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AFE1F408-3015-44E8-958C-C18043290BE0}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DC556844-CBF1-453A-BD72-B9151D551341}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25153.1010.3727.5483_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
20-06-2025 00:36:20 Windows Update
20-06-2025 00:36:20 Windows Update
23-06-2025 12:59:39 Windows Update
23-06-2025 12:59:42 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (06/13/2025 12:59:46 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehlerhafter Anwendungsname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Fehlerhafter Modulname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000006fab1
Fehlerhafte Prozess-ID: 0x130c
Fehlerhafte Anwendungsstartzeit: 0x1dbdbedb11c9af1
Fehlerhafter Anwendungspfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Fehlerhafter Modulpfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Berichts-ID: 6743a292-0010-4461-bf20-49d02a35e6ac
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (06/13/2025 12:58:55 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehlerhafter Anwendungsname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Fehlerhafter Modulname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000006fab1
Fehlerhafte Prozess-ID: 0x1344
Fehlerhafte Anwendungsstartzeit: 0x1dbdbed92b90ca7
Fehlerhafter Anwendungspfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Fehlerhafter Modulpfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Berichts-ID: 52cf81bd-3fcc-4697-a92f-7944f85c04ff
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (06/12/2025 04:18:28 PM) (Source: Application Error) (EventID: 1000) (User: CARSTENSGALAXYB)
Description: Fehlerhafter Anwendungsname: ColorEngine.exe, Version: 5.5.5.5, Zeitstempel: 0x63ec4070
Fehlerhafter Modulname: ColorEngine.exe, Version: 5.5.5.5, Zeitstempel: 0x63ec4070
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000000000021bea
Fehlerhafte Prozess-ID: 0x3c74
Fehlerhafte Anwendungsstartzeit: 0x1dbdba4c18b0a2a
Fehlerhafter Anwendungspfad: C:\Program Files\Samsung\ColorEngine\ColorEngine.exe
Fehlerhafter Modulpfad: C:\Program Files\Samsung\ColorEngine\ColorEngine.exe
Berichts-ID: 2feba121-1170-412f-946f-3b22aeaa2140
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (06/12/2025 03:08:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: SUEngine.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei SU3.SysMon.SysUWAMon+<Run>d__9.MoveNext()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (06/12/2025 12:17:51 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehlerhafter Anwendungsname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Fehlerhafter Modulname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000006fab1
Fehlerhafte Prozess-ID: 0x12e4
Fehlerhafte Anwendungsstartzeit: 0x1dbdb1eab77f337
Fehlerhafter Anwendungspfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Fehlerhafter Modulpfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Berichts-ID: 8a903f58-c07f-4d28-8a21-c9e510b8215f
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (06/12/2025 12:17:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\CARSTENSGALAXYB$ über https://INTC-KeyId-ba21136573c2c38a5be57cb6c68bfc23bb36ca58.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/12/2025 12:16:53 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehlerhafter Anwendungsname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Fehlerhafter Modulname: IntelProviderDataHelperService.exe, Version: 3.1024.505.1, Zeitstempel: 0x6637eb71
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000006fab1
Fehlerhafte Prozess-ID: 0x1278
Fehlerhafte Anwendungsstartzeit: 0x1dbdb1e888fe557
Fehlerhafter Anwendungspfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Fehlerhafter Modulpfad: C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe
Berichts-ID: 1764d5a9-85c0-43f0-8186-c613d3bcdcee
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (06/12/2025 12:16:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: SUEngine.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei SU3.SysMon.SysUWAMon+<Run>d__9.MoveNext()
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
Systemfehler:
=============
Error: (06/23/2025 01:00:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9P2TBWSHK6HJ-SAMSUNGELECTRONICSCO.LTD.SamsungSettings1.5
Error: (06/23/2025 12:37:24 PM) (Source: Microsoft-Windows-HAL) (EventID: 21) (User: CARSTENSGALAXYB)
Description: Die Hardware-Echtzeituhr wurde aufgrund eines Fehlers bei der Auswertung der ACPI-Zeit- und -Alarmgerätemethode nicht festgelegt. Status: 3221225659.
Error: (06/23/2025 12:37:24 PM) (Source: Microsoft-Windows-HAL) (EventID: 20) (User: CARSTENSGALAXYB)
Description: Die Hardware-Echtzeituhr wurde aufgrund eines Fehlers bei der Auswertung der ACPI-Zeit- und -Alarmgerätemethode nicht abgefragt. Status: 3221225659.
Error: (06/23/2025 12:36:41 PM) (Source: DCOM) (EventID: 10000) (User: CARSTENSGALAXYB)
Description: Ein DCOM-Server konnte nicht gestartet werden: {94269C4E-071A-4116-90E6-52E557067E4E}. Fehler:
"2147942402"
Aufgetreten beim Start dieses Befehls:
"C:\Users\Carst\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\FileCoAuth.exe" -Embedding
Error: (06/23/2025 12:36:41 PM) (Source: DCOM) (EventID: 10000) (User: CARSTENSGALAXYB)
Description: Ein DCOM-Server konnte nicht gestartet werden: {94269C4E-071A-4116-90E6-52E557067E4E}. Fehler:
"2147942402"
Aufgetreten beim Start dieses Befehls:
"C:\Users\Carst\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\FileCoAuth.exe" -Embedding
Error: (06/23/2025 12:36:41 PM) (Source: DCOM) (EventID: 10000) (User: CARSTENSGALAXYB)
Description: Ein DCOM-Server konnte nicht gestartet werden: {94269C4E-071A-4116-90E6-52E557067E4E}. Fehler:
"2147942402"
Aufgetreten beim Start dieses Befehls:
"C:\Users\Carst\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\FileCoAuth.exe" -Embedding
Error: (06/23/2025 12:36:41 PM) (Source: DCOM) (EventID: 10000) (User: CARSTENSGALAXYB)
Description: Ein DCOM-Server konnte nicht gestartet werden: {94269C4E-071A-4116-90E6-52E557067E4E}. Fehler:
"2147942402"
Aufgetreten beim Start dieses Befehls:
"C:\Users\Carst\AppData\Local\Microsoft\OneDrive\25.091.0512.0001\FileCoAuth.exe" -Embedding
Error: (06/23/2025 12:33:31 PM) (Source: Microsoft-Windows-HAL) (EventID: 21) (User: CARSTENSGALAXYB)
Description: Die Hardware-Echtzeituhr wurde aufgrund eines Fehlers bei der Auswertung der ACPI-Zeit- und -Alarmgerätemethode nicht festgelegt. Status: 3221225659.
Windows Defender:
================
Date: 2025-06-20 01:41:37
Description:
Microsoft Defender Antivirus ŝçäи ĥåš вėэй šţōрρěđ вёƒσŗę сŏмρľëŧïόʼn.%л %ťЅсăй ІĐ:%ъ{933AC9B0-B092-41AC-BB90-DB28D37544A9}%ⁿ %ŧŞċăπ Тýрё:%ъAntimalware%ή %τŚςâņ Рåřám℮ţĕŗş:%ъSchnellüberprüfung%ņ %ţÛšēґ:%ъNT-AUTORITÄT\SYSTEM%ŋ %ťŠţóρ Ŗєāśøή:%вŞçђєδůĺęδ ѕçãŋ щäş śкīρρέð ъέĉâυśē ŧћэ ľάšţ śůççеŝѕƒųŀ ѕċąñ щâѕ щіţħïń ťħė ŀáşť 7 ďάγş
Date: 2025-06-18 02:19:03
Description:
Microsoft Defender Antivirus ŝçäи ĥåš вėэй šţōрρěđ вёƒσŗę сŏмρľëŧïόʼn.%л %ťЅсăй ІĐ:%ъ{81CC5701-2707-4A69-89D1-8EA4175C2A13}%ⁿ %ŧŞċăπ Тýрё:%ъAntimalware%ή %τŚςâņ Рåřám℮ţĕŗş:%ъSchnellüberprüfung%ņ %ţÛšēґ:%ъNT-AUTORITÄT\SYSTEM%ŋ %ťŠţóρ Ŗєāśøή:%вŞçђєδůĺęδ ѕçãŋ щäş śкīρρέð ъέĉâυśē ŧћэ ľάšţ śůççеŝѕƒųŀ ѕċąñ щâѕ щіţħïń ťħė ŀáşť 7 ďάγş
Date: 2025-06-17 17:46:52
Description:
Microsoft Defender Antivirus ŝçäи ĥåš вėэй šţōрρěđ вёƒσŗę сŏмρľëŧïόʼn.%л %ťЅсăй ІĐ:%ъ{5A089B24-5B83-4FED-8D63-7B6795CA66C5}%ⁿ %ŧŞċăπ Тýрё:%ъAntimalware%ή %τŚςâņ Рåřám℮ţĕŗş:%ъSchnellüberprüfung%ņ %ţÛšēґ:%ъNT-AUTORITÄT\SYSTEM%ŋ %ťŠţóρ Ŗєāśøή:%вŞçђєδůĺęδ ѕçãŋ щäş śкīρρέð ъέĉâυśē ŧћэ ľάšţ śůççеŝѕƒųŀ ѕċąñ щâѕ щіţħïń ťħė ŀáşť 7 ďάγş
Date: 2025-06-16 01:59:30
Description:
Microsoft Defender Antivirus ŝçäи ĥåš вėэй šţōрρěđ вёƒσŗę сŏмρľëŧïόʼn.%л %ťЅсăй ІĐ:%ъ{0C446267-C7DB-485C-82BA-A34E9951D7AD}%ⁿ %ŧŞċăπ Тýрё:%ъAntimalware%ή %τŚςâņ Рåřám℮ţĕŗş:%ъSchnellüberprüfung%ņ %ţÛšēґ:%ъNT-AUTORITÄT\SYSTEM%ŋ %ťŠţóρ Ŗєāśøή:%вŞçђєδůĺęδ ѕçãŋ щäş śкīρρέð ъέĉâυśē ŧћэ ľάšţ śůççеŝѕƒųŀ ѕċąñ щâѕ щіţħïń ťħė ŀáşť 7 ďάγş
Date: 2025-06-16 00:03:58
Description:
Microsoft Defender Antivirus ŝçäи ĥåš вėэй šţōрρěđ вёƒσŗę сŏмρľëŧïόʼn.%л %ťЅсăй ІĐ:%ъ{337DE25F-D735-4877-870E-862445B35498}%ⁿ %ŧŞċăπ Тýрё:%ъAntimalware%ή %τŚςâņ Рåřám℮ţĕŗş:%ъSchnellüberprüfung%ņ %ţÛšēґ:%ъNT-AUTORITÄT\SYSTEM%ŋ %ťŠţóρ Ŗєāśøή:%вŔР€ ĉσпйëćтΐοй řúиðοωи
Event[0]
Date: 2025-01-15 22:02:18
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.421.1361.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24090.11
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2025-01-15 22:02:18
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.421.1361.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24090.11
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2024-12-29 00:55:38
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.421.1054.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24090.11
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2024-12-29 00:55:38
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.421.1054.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24090.11
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2024-10-13 23:34:48
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80070003
Fehlerbeschreibung: Das System kann den angegebenen Pfad nicht finden.
Security Intelligence-Version: 0.0.0.0;0.0.0.0
Modulversion: 0.0.0.0
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. P07ALN.260.240415.SH 04/15/2024
Hauptplatine: SAMSUNG ELECTRONICS CO., LTD. NP960QFG-KA4DE
Prozessor: 13th Gen Intel(R) Core(TM) i7-1360P
Prozentuale Nutzung des RAM: 68%
Installierter physikalischer RAM: 15943.93 MB
Verfügbarer physikalischer RAM: 5019.77 MB
Summe virtueller Speicher: 19527.93 MB
Verfügbarer virtueller Speicher: 6162.74 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:199.11 GB) (Free:55.25 GB) (Model: WDSN740-SDDPNQD-1T00-1004) NTFS
Drive d: (Volume) (Fixed) (Total:733.06 GB) (Free:486.29 GB) (Model: WDSN740-SDDPNQD-1T00-1004) NTFS
\\?\Volume{3da3504f-d14b-4b6a-853c-0c9db6f047ff}\ () (Fixed) (Total:0.89 GB) (Free:0.07 GB) NTFS
\\?\Volume{b207ec87-b9ee-4568-85c7-2b5e51af4aea}\ (SAMSUNG_REC2) (Fixed) (Total:18.7 GB) (Free:1.69 GB) NTFS
\\?\Volume{e42de93b-b707-429f-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.4 GB) FAT32
\\?\Volume{1c618e83-4e88-4ebe-a5e0-fb7d55ceca21}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 26EA9241)
Partition: GPT.
==================== Ende von Addition.txt =======================
Geändert von Wannekakki (23.06.2025 um 13:48 Uhr) |
|
23.06.2025, 13:57
| #2 | |
| /// TB-Ausbilder   | System auf Malware überprüfen Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Zitat:
|
|
23.06.2025, 14:36
| #3 |
| | System auf Malware überprüfen Hallo Matthias,
__________________die Arbeitsspeicher Auslastung liegt nach dem Hochfahren bei 60% obwohl keinerlei Programme geöffnet wurden. Im Task-Manager sind sehr viele aktive Prozesse zu beobachten. |
|
23.06.2025, 14:42
| #4 |
| /// TB-Ausbilder | System auf Malware überprüfen Ok. Wir lassen mal DNB, MB und ADW laufen. Schritt 1 Bitte downloade dir DoesNotBelong (DNB) auf deinen Desktop.
Falls der Smartscreenfilter oder der Windows Defender DNB blockieren sollte, kannst du den hier deaktivieren: Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > App- und Browsersteuerung > Zuverlässigkeitsbasierter Schutz bzw. Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > Viren- und Bedrohungsschutz > Einstellungen Schritt 2 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. |
|
23.06.2025, 23:40
| #5 |
| | System auf Malware überprüfen Schritt 1: Code:
ATTFilter # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# DoesNotBelong v8.3.5
# Furtivex Computer Solutions - https://furtivex.net
# OS: Microsoft Windows 11 Home x64 24H2 Deutsch (German) - 0407 - 1252 - 850
# Benutzername: Carst ()
# Datum: 2025_06_24__00_07_28
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Prozesse:
# Treiber:
# Dienste:
# Dateien:
C:\Users\Carst\AppData\Local\Resmon.ResmonCfg
Browser: Google Chrome – Push-Benachrichtigungen gefunden und gelöscht (Default)
Browser: Microsoft Edge – Push-Benachrichtigungen gefunden und gelöscht (Default)
C:\ProgramData\MakeMarkerFile.exe
C:\Users\Carst\AppData\Local\GetHelp.msalcacheconsumers.bin
C:\Users\Carst\AppData\Local\Microsoft\BGAHelperLib\BGAUpsell\BrowserSettings.dll
C:\Users\Carst\AppData\Local\Microsoft\BGAHelperLib\BingChatInstaller\BrowserSettings.dll
C:\WINDOWS\System32\perfc007.dat
C:\WINDOWS\System32\perfc009.dat
C:\WINDOWS\System32\perfh007.dat
C:\WINDOWS\System32\perfh009.dat
# Ordner:
C:\Users\Carst\AppData\Local\Microsoft\BGAHelperLib
C:\ProgramData\Anwendungsdaten
C:\WINDOWS\Installer\MSI4581.tmp-
C:\WINDOWS\Installer\MSI5B3E.tmp-
C:\WINDOWS\Installer\MSI6814.tmp-
C:\WINDOWS\Installer\MSIB68F.tmp-
C:\WINDOWS\Installer\MSIBA88.tmp-
C:\WINDOWS\Installer\MSIC5D4.tmp-
C:\WINDOWS\System32\Tasks\Agent Activation Runtime
C:\WINDOWS\System32\Tasks\GoogleSystem
C:\WINDOWS\System32\Tasks\Samsung
C:\WINDOWS\System32\Tasks\SecTimeSync
C:\WINDOWS\System32\Tasks_Migrated\Agent Activation Runtime
C:\WINDOWS\System32\Tasks_Migrated\GoogleSystem
C:\WINDOWS\System32\Tasks_Migrated\Samsung
C:\WINDOWS\System32\Tasks_Migrated\SecTimeSync
# Aufgaben:
Adobe Acrobat Update Task
Agent Activation Runtime\S-1-5-21-5337926-3735871574-4012841875-500
ColorEngine
DisplaySupporter
GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{A2953121-460F-446A-94E0-A338F5245D7D}
Microsoft\Office\Office Automatic Updates 2.0
Microsoft\Office\Office Background Push Maintenance
Microsoft\Office\Office ClickToRun Service Monitor
Microsoft\Office\Office Feature Updates
Microsoft\Office\Office Feature Updates Logon
Microsoft\Office\Office Performance Monitor
Microsoft\Office\Office Startup Boost
Microsoft\Office\Office Startup Boost Logon
Microsoft\Windows\AccountHealth\RecoverabilityToastTask
Microsoft\Windows\AppID\EDP Policy Manager
Microsoft\Windows\Application Experience\MareBackup
Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp
Microsoft\Windows\Application Experience\PcaPatchDbTask
Microsoft\Windows\Application Experience\SdbinstMergeDbTask
Microsoft\Windows\Application Experience\StartupAppTask
Microsoft\Windows\ApplicationData\appuriverifierdaily
Microsoft\Windows\ApplicationData\appuriverifierinstall
Microsoft\Windows\ApplicationData\DsSvcCleanup
Microsoft\Windows\Autochk\Proxy
Microsoft\Windows\capabilityaccessmanager\maintenancetasks
Microsoft\Windows\Chkdsk\ProactiveScan
Microsoft\Windows\CloudExperienceHost\CreateObjectTask
Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask
Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Microsoft\Windows\Defrag\ScheduledDefrag
Microsoft\Windows\Device Setup\Driver Recovery on Reboot
Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
Microsoft\Windows\Diagnosis\Scheduled
Microsoft\Windows\Diagnosis\UnexpectedCodepath
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Microsoft\Windows\DiskFootprint\Diagnostics
Microsoft\Windows\DiskFootprint\StorageSense
Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
Microsoft\Windows\Feedback\Siuf\DmClient
Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting
Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs
Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver
Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
Microsoft\Windows\Flighting\OneSettings\RefreshCache
Microsoft\Windows\Hotpatch\Monitoring
Microsoft\Windows\input\RemoteMouseSyncDataAvailable
Microsoft\Windows\input\RemotePenSyncDataAvailable
Microsoft\Windows\input\RemoteTouchpadSyncDataAvailable
Microsoft\Windows\InstallService\RestoreDevice
Microsoft\Windows\InstallService\ScanForUpdates
Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Microsoft\Windows\InstallService\SmartRetry
Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Microsoft\Windows\Location\Notifications
Microsoft\Windows\Maintenance\WinSAT
Microsoft\Windows\Maps\MapsToastTask
Microsoft\Windows\Maps\MapsUpdateTask
Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Microsoft\Windows\MUI\Mcbuilder
Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies
Microsoft\Windows\PerformanceTrace\RequestTrace
Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Microsoft\Windows\PushToInstall\LoginCheck
Microsoft\Windows\PushToInstall\Registration
Microsoft\Windows\ReFsDedupSvc\Initialization
Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Microsoft\Windows\Servicing\OOBEFodSetup
Microsoft\Windows\Shell\CreateObjectTask
Microsoft\Windows\Shell\FamilySafetyMonitor
Microsoft\Windows\Shell\FamilySafetyRefreshTask
Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Microsoft\Windows\Shell\ThemesSyncedImageDownload
Microsoft\Windows\Subscription\EnableLicenseAcquisition
Microsoft\Windows\Subscription\LicenseAcquisition
Microsoft\Windows\Sustainability\PowerGridForecastTask
Microsoft\Windows\Sustainability\SustainabilityTelemetry
Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck
Microsoft\Windows\User Profile Service\HiveUploadTask
Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Microsoft\Windows\WindowsAI\Recall\InitialConfiguration
Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration
Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache
Microsoft\Windows\WindowsUpdate\Scheduled Start
Microsoft\Windows\WlanSvc\CDSSync
Microsoft\Windows\WOF\WIM-Hash-Management
Microsoft\Windows\WOF\WIM-Hash-Validation
Microsoft\Windows\WwanSvc\NotificationTask
Microsoft\Windows\WwanSvc\OobeDiscovery
Microsoft\XblGameSave\XblGameSaveTask
MicrosoftEdgeUpdateTaskMachineCore
MicrosoftEdgeUpdateTaskMachineUA
OneDrive Reporting Task-S-1-5-21-5337926-3735871574-4012841875-1001
OneDrive Standalone Update Task-S-1-5-21-5337926-3735871574-4012841875-1001
OneDrive Standalone Update Task-S-1-5-21-5337926-3735871574-4012841875-500
OneDrive Startup Task-S-1-5-21-5337926-3735871574-4012841875-1001
QuickSearchIndexer_Idle_S-1-5-21-5337926-3735871574-4012841875-1001
QuickSearchIndexer_S-1-5-21-5337926-3735871574-4012841875-1001
RtkAudUService64_BG
Samsung\Recovery8\BulletUserModeWorker
Samsung\SamsungUpdate\UserModeWorker
SecTimeSync\TimeSyncInit
# Registrierung:
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338389Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-88000326Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SystemPaneSuggestionsEnabled [1] => [0]
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\MicrosoftEdgeAutoLaunch_9AD818C197E12209B10DEDB8FB309C1E
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OneDrive
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\MaximAudioSvc
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SecurityHealth
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\DiagDownload.lnk
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\DOW.lnk
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Startup.bat
HKLM\System\CurrentControlSet\Control\CrashControl\\AutoReboot [1] => [0]
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3810F1FA-001B-4DF5-BD5E-DB34B48CA664}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E387202-648F-4359-8B66-48ABBABF5FD0}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AE38419-C263-4EA2-A3C9-76C077996FB4}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2DD04C9-CBA2-4E18-AD95-BA7D0F8151E7}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA18E96F-8441-4BC9-ADE8-7E0A962194A2}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDBCE8A7-9819-4563-B347-45565ABB049F}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBD48255-60F0-44D3-81C3-5AC04351E2BB}
# Caches:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (592)
C:\Users\Carst\AppData\Local\D3DSCache (30)
C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data (1894)
C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js (5426)
C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Cache\Cache_Data (105)
C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Profile 1\Code Cache\js (141)
C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (2399)
C:\Users\Carst\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (8323)
C:\Users\Carst\AppData\Local\Microsoft\TokenBroker\Cache (42)
C:\Users\Carst\AppData\Local\Microsoft\Windows\INetCache\IE (4)
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts (1)
C:\WINDOWS\System32\config\systemprofile\AppData\Local (966)
C:\WINDOWS\System32\config\systemprofile\AppData\Local\D3DSCache (4)
# Verschiedenes:
[?] AntiVirus Software: Windows Defender
[?] Ereignisanzeige-Protokolle wurden gelöscht
[?] Wiederherstellungspunkt: Does Not Belong PRESCAN - Erstellt
HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
Enabled REG_DWORD 0x1
HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions
HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses
HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths
HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes
HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths
C:\Users\Carst\AppData\Local\CrashDumps\ColorEngine.exe.15476.dmp <1245652> <2025-06-12 14:18:28>
C:\Users\Carst\AppData\Local\CrashDumps\ColorEngine.exe.28984.dmp <1227326> <2025-05-28 14:28:55>
C:\Users\Carst\AppData\Local\CrashDumps\ColorEngine.exe.59376.dmp <1443278> <2025-06-02 23:17:15>
C:\Users\Carst\AppData\Local\CrashDumps\soffice.bin.4896.dmp <2724916> <2025-06-05 23:56:03>
C:\Users\Carst\AppData\Local\CrashDumps\soffice.bin.58344.dmp <2723774> <2025-06-03 22:20:12>
C:\Users\Carst\AppData\Local\CrashDumps\soffice.bin.60100.dmp <2723702> <2025-06-03 22:18:48>
C:\Users\Carst\AppData\Local\CrashDumps\WWAHost.exe.14132.dmp <7777593> <2025-05-22 00:24:09>
C:\Users\Carst\AppData\Local\CrashDumps\WWAHost.exe.21056.dmp <69824> <2025-06-06 01:25:42>
C:\Users\Carst\AppData\Local\CrashDumps\WWAHost.exe.24724.dmp <7754839> <2025-05-22 01:00:12>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe(1).4972.dmp <614472> <2025-05-30 15:17:52>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe(2).4972.dmp <624711> <2025-06-04 12:13:34>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4304.dmp <611096> <2025-06-04 00:07:06>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4728.dmp <626903> <2025-06-11 22:16:54>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4836.dmp <613768> <2025-06-11 22:17:52>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4876.dmp <613088> <2025-06-12 22:59:47>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4892.dmp <598425> <2025-05-30 15:16:35>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4932.dmp <595793> <2025-06-12 22:58:56>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.4944.dmp <607144> <2025-06-06 00:18:16>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\IntelProviderDataHelperService.exe.5044.dmp <582633> <2025-05-15 19:22:08>
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
Schritt 2: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 24.06.2025
Scan-Zeit: 00:22
Protokolldatei: 91419318-5080-11f0-a843-ac198e63e218.json
-Softwaredaten-
Version: 5.3.2.195
Komponentenversion: 134.1.5283
Version des Aktualisierungspakets: 1.0.100461
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 11 (Build 26100.4351)
CPU: x64
Dateisystem: NTFS
Benutzer: CarstensGalaxyBook3Pro360\Carst
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 208764
Erkannte Bedrohungen: 10
In die Quarantäne verschobene Bedrohungen: 10
Abgelaufene Zeit: 5 Min., 3 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 1
PUP.Optional.Trovi, C:\USERS\CARST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 795, 454808, 1.0.100461, , ame, , ,
Datei: 9
PUP.Optional.Trovi, C:\USERS\CARST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Ersetzt, 795, 454808, 1.0.100461, , ame, , FB096272CCA7F4E8045E2FC663EF2E09, 1B8AF1A6AE6DEED141D448158604D9501B9D0577C48C16B63512E3617FDF4567
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 795, 454808, 1.0.100461, , ame, , 45FD34DA35B973FD2B68058FDD1FF18D, CB5FB0BB8D22B35CBE016804B22A3B39866AF17956AB767123120A7457FA5556
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\004299.log, In Quarantäne, 795, 454808, 1.0.100461, , ame, , A2507001ACEBAF8C308388F0DD239F9A, 07FE44A127E85C5B4B69A00727B487025AE134CD4C72966A926AFD0618631748
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\004301.ldb, In Quarantäne, 795, 454808, 1.0.100461, , ame, , 1A3A1A4A3C9636D57F4FD7843D8EFFE2, F499B8520BEFE504A60CB0E379F87500BF7495AAEBE4A15CC332F3D3C32AA5BC
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 795, 454808, 1.0.100461, , ame, , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 795, 454808, 1.0.100461, , ame, , ,
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 795, 454808, 1.0.100461, , ame, , C546A3F4D1112635167E27BBE1605309, 0B538BF8CBBE850F2422E75240CDEBDDEF76716A8349CED731D5381D56023E79
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 795, 454808, 1.0.100461, , ame, , D3489D42729705BAA73964DD148F5F10, C7176F7FCD20C4B2A00B38942E50ED567E9F649D0F31B555BBC6E7DCAE43E050
PUP.Optional.Trovi, C:\Users\Carst\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 795, 454808, 1.0.100461, , ame, , 3EBACB93494361CB36161400652DE73A, 2E904E058C7FBDCF2388807F19288FB50EFF41DBEBACC380AAE086F12100BEB0
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Schritt 3: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-24-2025
# Duration: 00:00:01
# OS: Windows 11 (Build 26100.4351)
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.SamsungColorEngine Folder C:\Program Files\SAMSUNG\COLORENGINE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1471 octets] - [24/06/2025 00:34:19]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
24.06.2025, 13:42
| #6 |
| /// TB-Ausbilder | System auf Malware überprüfen Gut gemacht. Da wurde nur etwas PUP gefunden. Bitte nun KVRT und SC ausführen. Die Anleitung zu Schritt 1 bitte ausführlich lesen, da sonst die Logdatei verschlüsselt wird und nicht lesbar ist. Schritt 1 Führe das Kaspersky Virus Removal Tool (KVRT) gemäß der bebilderten Anleitung aus und poste abschließend die Logdateien. Schritt 2 Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. |
|
| Themen zu System auf Malware überprüfen |
| antivirus, avg, defender, desktop, google, home, homepage, internet, internet explorer, malware, monitor, performance, prozesse, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, system, updates, usb, windows |
Hybrid-Darstellung
