Emsisoft fund Application.Win32.InstallAd (A) und lässt sich nicht quarantäne schieben oder löschen

bozz1983 · 02.01.2014, 20:09

hi,
ich hab emsisoft laufen lassen und hatte das hier gefunden HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP gefunden: Application.Win32.InstallAd (A) und es läst sich nicht löschen oder in quarantäne verschieben, hier ist der log.

Code:

ATTFilter

 Emsisoft Anti-Malware - Version 8.1
Letztes Update: 02.01.2014 17:59:20
Benutzerkonto: ajin-PC\ajin

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	02.01.2014 18:13:51
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP 	gefunden: Application.Win32.InstallAd (A)

Gescannt	433070
Gefunden	1

Scan Ende:	02.01.2014 18:39:38
Scan Zeit:	0:25:47

schrauber · 03.01.2014, 09:02

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

bozz1983 · 03.01.2014, 21:20

hi,

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by ajin (administrator) on AJIN-PC on 03-01-2014 21:11:31
Running from C:\Users\ajin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
( ) C:\Windows\System32\lxbfcoms.exe
( ) C:\Windows\System32\lxducoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\32\SbieSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2013-02-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2013-02-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [765200 2012-12-16] (SANDBOXIE L.T.D)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60344C09F00CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Chrome: 
=======

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 lxbf_device; C:\Windows\system32\lxbfcoms.exe [566704 2007-04-24] ( )
R2 lxbf_device; C:\Windows\SysWow64\lxbfcoms.exe [537520 2007-04-24] ( )
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 21:11 - 2014-01-03 21:14 - 00006559 _____ C:\Users\ajin\Desktop\FRST.txt
2014-01-03 21:11 - 2014-01-03 21:11 - 00000000 ____D C:\FRST
2014-01-03 21:09 - 2014-01-03 21:09 - 01931750 _____ (Farbar) C:\Users\ajin\Desktop\FRST64.exe
2014-01-01 01:19 - 2014-01-01 01:19 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-01 01:18 - 2014-01-03 21:07 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-01 01:18 - 2014-01-01 01:18 - 00000000 ____D C:\Users\ajin\Documents\Anti-Malware
2014-01-01 01:08 - 2014-01-01 01:08 - 00077908 _____ C:\Windows\PFRO.log
2014-01-01 01:02 - 2014-01-01 01:05 - 234971656 _____ (Emsisoft GmbH                                               ) C:\Users\ajin\Downloads\EmsisoftAntiMalwareSetup_5987352.exe
2013-12-31 13:52 - 2013-12-31 13:52 - 00000000 _____ C:\Users\ajin\HELP
2013-12-30 21:50 - 2013-12-30 21:50 - 00891200 _____ C:\Users\ajin\Desktop\SecurityCheck.exe
2013-12-26 22:37 - 2013-12-26 22:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-26 22:35 - 2013-12-26 22:36 - 02347384 _____ (ESET) C:\Users\ajin\Downloads\esetsmartinstaller_enu.exe
2013-12-26 18:11 - 2013-12-31 16:52 - 00000000 ___RD C:\Users\ajin\Desktop\Neuer Ordner (2)
2013-12-26 09:16 - 2013-12-26 09:16 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 09:16 - 2013-12-26 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 09:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-26 09:09 - 2013-12-26 09:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ajin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-24 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-24 03:00 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-24 03:00 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-24 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-24 03:00 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-24 03:00 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-24 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-24 03:00 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-24 03:00 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-24 03:00 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-24 03:00 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-24 03:00 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-24 03:00 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-24 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-24 03:00 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-24 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-24 03:00 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-24 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-24 03:00 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-24 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-24 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-24 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-24 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-24 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-24 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-24 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-24 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-24 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-24 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-24 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-24 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 22:49 - 2014-01-03 11:04 - 00006328 _____ C:\Windows\setupact.log
2013-12-23 22:49 - 2013-12-23 22:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 19:29 - 2013-12-23 19:29 - 00000517 _____ C:\DelFix.txt
2013-12-23 10:16 - 2013-12-23 10:16 - 00000000 ____D C:\Users\ajin\AppData\Roaming\Malwarebytes
2013-12-23 08:33 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-23 08:33 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-23 08:33 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-23 08:33 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-23 08:32 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-23 08:22 - 2013-12-23 08:22 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-22 01:53 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-22 01:53 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-22 01:53 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-22 01:48 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-22 01:48 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-22 01:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-22 01:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-22 01:48 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-22 01:48 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-22 01:48 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-22 01:48 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-22 01:48 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-22 01:48 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-22 01:48 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-22 01:48 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-22 01:48 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-22 01:48 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-22 01:48 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-22 01:48 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-22 01:48 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-22 01:48 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-22 01:48 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-22 01:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-22 01:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-22 01:48 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-22 01:48 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-22 01:48 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-22 01:48 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-22 01:48 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-22 01:48 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-22 01:48 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-22 01:48 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 01:48 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-22 01:48 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-22 01:48 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-22 01:48 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-22 01:48 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-22 01:48 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-22 01:48 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-22 01:48 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-22 01:48 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-22 01:48 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-22 01:48 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-22 01:48 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-22 01:48 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-22 01:48 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-22 01:48 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-22 01:48 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-22 01:48 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-21 20:54 - 2013-12-21 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 01:40 - 2013-12-22 14:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 01:40 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 20:50 - 2013-12-30 11:17 - 00000000 ____D C:\bootmedium
2013-12-20 13:53 - 2013-12-20 13:53 - 00002773 _____ C:\Users\ajin\Desktop\G Data Protokoll ID 4199.html
2013-12-19 13:03 - 2014-01-01 14:26 - 00000000 ____D C:\Users\ajin\AppData\Roaming\MD5 File Hasher
2013-12-19 13:03 - 2013-12-19 13:03 - 00001051 _____ C:\Users\Public\Desktop\MD5 File Hasher.lnk
2013-12-19 13:03 - 2013-12-19 13:03 - 00000000 ____D C:\Program Files (x86)\MD5 File Hasher
2013-12-19 13:03 - 2013-09-23 14:56 - 01138688 ____S (Digital-Tronic) C:\Windows\SysWOW64\HashControls.ocx
2013-12-19 13:03 - 2005-07-17 08:21 - 00128736 ____S (Karen Kenworthy) C:\Windows\SysWOW64\PTHash.dll
2013-12-19 13:03 - 2002-12-20 14:02 - 01077336 ____S (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-12-19 13:03 - 2000-05-22 16:58 - 00140488 ____S (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2013-12-19 13:03 - 1998-06-09 00:00 - 00137216 ____S (Microsoft Corporation) C:\Windows\SysWOW64\MSDERUN.DLL
2013-12-19 13:01 - 2013-12-19 13:02 - 10999302 _____ C:\Users\ajin\Downloads\PC Schutz Windows Systemdateien auf Manipulationen pruefen - Trojaner Virus erkennen.mp4
2013-12-19 13:00 - 2013-12-19 13:00 - 02439433 _____ (Digital-Tronic                                              ) C:\Users\ajin\Downloads\MD5FileHasher_Setup.exe
2013-12-19 09:26 - 2014-01-03 21:08 - 01520365 _____ C:\Windows\WindowsUpdate.log
2013-12-18 22:28 - 2013-12-18 22:28 - 00000000 ___RD C:\Users\ajin\Documents\Notes
2013-12-08 21:50 - 2013-12-08 21:50 - 25833558 _____ C:\Users\ajin\Downloads\EMinem - freestyle on Tim Westwood Radio1.mp4
2013-12-08 21:47 - 2013-12-08 21:49 - 131366148 _____ C:\Users\ajin\Downloads\Westwood - EXCLUSIVE Eminem freestyle Radio 1.mp4
2013-12-06 20:35 - 2013-12-06 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef2ba505718b8.job
2013-12-04 09:51 - 2013-12-04 09:51 - 65568842 _____ C:\Users\ajin\Downloads\Eminem Top 10 Diss Tracks.mp4

==================== One Month Modified Files and Folders =======

2014-01-03 21:14 - 2014-01-03 21:11 - 00006559 _____ C:\Users\ajin\Desktop\FRST.txt
2014-01-03 21:11 - 2014-01-03 21:11 - 00000000 ____D C:\FRST
2014-01-03 21:09 - 2014-01-03 21:09 - 01931750 _____ (Farbar) C:\Users\ajin\Desktop\FRST64.exe
2014-01-03 21:08 - 2013-12-19 09:26 - 01520365 _____ C:\Windows\WindowsUpdate.log
2014-01-03 21:07 - 2014-01-01 01:18 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-03 21:03 - 2013-02-01 18:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 21:03 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 21:03 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:09 - 2011-03-20 10:08 - 00654400 _____ C:\Windows\system32\perfh007.dat
2014-01-03 11:09 - 2011-03-20 10:08 - 00130240 _____ C:\Windows\system32\perfc007.dat
2014-01-03 11:09 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 11:04 - 2013-12-23 22:49 - 00006328 _____ C:\Windows\setupact.log
2014-01-03 11:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 19:31 - 2013-11-11 14:05 - 00000000 ____D C:\Users\ajin\AppData\Roaming\vlc
2014-01-01 22:49 - 2013-02-01 18:44 - 00004142 _____ C:\Windows\Sandboxie.ini
2014-01-01 14:26 - 2013-12-19 13:03 - 00000000 ____D C:\Users\ajin\AppData\Roaming\MD5 File Hasher
2014-01-01 01:19 - 2014-01-01 01:19 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-01 01:18 - 2014-01-01 01:18 - 00000000 ____D C:\Users\ajin\Documents\Anti-Malware
2014-01-01 01:08 - 2014-01-01 01:08 - 00077908 _____ C:\Windows\PFRO.log
2014-01-01 01:08 - 2013-02-01 17:35 - 00000000 ____D C:\ProgramData\G DATA
2014-01-01 01:08 - 2013-02-01 17:35 - 00000000 ____D C:\Program Files (x86)\G Data
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2014-01-01 01:05 - 2014-01-01 01:02 - 234971656 _____ (Emsisoft GmbH                                               ) C:\Users\ajin\Downloads\EmsisoftAntiMalwareSetup_5987352.exe
2013-12-31 16:52 - 2013-12-26 18:11 - 00000000 ___RD C:\Users\ajin\Desktop\Neuer Ordner (2)
2013-12-31 13:52 - 2013-12-31 13:52 - 00000000 _____ C:\Users\ajin\HELP
2013-12-31 13:52 - 2013-02-01 14:55 - 00000000 ____D C:\Users\ajin
2013-12-30 22:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-12-30 21:50 - 2013-12-30 21:50 - 00891200 _____ C:\Users\ajin\Desktop\SecurityCheck.exe
2013-12-30 11:17 - 2013-12-20 20:50 - 00000000 ____D C:\bootmedium
2013-12-27 19:35 - 2013-02-01 20:43 - 00000000 ____D C:\Users\ajin\AppData\Local\PokerStars.EU
2013-12-26 22:37 - 2013-12-26 22:37 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-26 22:36 - 2013-12-26 22:35 - 02347384 _____ (ESET) C:\Users\ajin\Downloads\esetsmartinstaller_enu.exe
2013-12-26 09:16 - 2013-12-26 09:16 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 09:16 - 2013-12-26 09:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 09:13 - 2013-12-26 09:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ajin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 22:49 - 2013-12-23 22:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 20:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 19:47 - 2013-02-01 06:48 - 00000000 ____D C:\Windows\Panther
2013-12-23 19:29 - 2013-12-23 19:29 - 00000517 _____ C:\DelFix.txt
2013-12-23 16:22 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-23 10:16 - 2013-12-23 10:16 - 00000000 ____D C:\Users\ajin\AppData\Roaming\Malwarebytes
2013-12-23 08:44 - 2013-02-01 14:56 - 00001421 _____ C:\Users\ajin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 08:42 - 2009-07-14 05:45 - 00312912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 08:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-23 08:22 - 2013-12-23 08:22 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-23 08:13 - 2013-07-12 19:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-22 14:10 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 20:54 - 2013-12-21 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 01:40 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 13:53 - 2013-12-20 13:53 - 00002773 _____ C:\Users\ajin\Desktop\G Data Protokoll ID 4199.html
2013-12-19 22:02 - 2013-05-13 19:29 - 00007631 _____ C:\Users\ajin\AppData\Local\Resmon.ResmonCfg
2013-12-19 13:03 - 2013-12-19 13:03 - 00001051 _____ C:\Users\Public\Desktop\MD5 File Hasher.lnk
2013-12-19 13:03 - 2013-12-19 13:03 - 00000000 ____D C:\Program Files (x86)\MD5 File Hasher
2013-12-19 13:02 - 2013-12-19 13:01 - 10999302 _____ C:\Users\ajin\Downloads\PC Schutz Windows Systemdateien auf Manipulationen pruefen - Trojaner Virus erkennen.mp4
2013-12-19 13:00 - 2013-12-19 13:00 - 02439433 _____ (Digital-Tronic                                              ) C:\Users\ajin\Downloads\MD5FileHasher_Setup.exe
2013-12-19 09:30 - 2013-11-23 13:25 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-18 22:28 - 2013-12-18 22:28 - 00000000 ___RD C:\Users\ajin\Documents\Notes
2013-12-11 08:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 21:50 - 2013-12-08 21:50 - 25833558 _____ C:\Users\ajin\Downloads\EMinem - freestyle on Tim Westwood Radio1.mp4
2013-12-08 21:49 - 2013-12-08 21:47 - 131366148 _____ C:\Users\ajin\Downloads\Westwood - EXCLUSIVE Eminem freestyle Radio 1.mp4
2013-12-07 17:12 - 2013-08-31 21:59 - 00000000 ____D C:\Users\ajin\Desktop\VIDEO
2013-12-06 20:35 - 2013-12-06 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef2ba505718b8.job
2013-12-04 09:51 - 2013-12-04 09:51 - 65568842 _____ C:\Users\ajin\Downloads\Eminem Top 10 Diss Tracks.mp4
2013-12-04 03:22 - 2013-02-01 20:42 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 09:42

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by ajin at 2014-01-03 21:15:45
Running from C:\Users\ajin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
CCleaner (Version: 4.07 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (x32 Version: 8.1 - Emsisoft GmbH)
ESET Online Scanner v3 (x32 Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (x32 Version: 8.15.10.2266 - Intel Corporation)
Lexmark  (x32 Version: 1.0.0.0 - )
Lexmark 5600-6600 Series (Version:  - Lexmark International, Inc.)
Lexmark Symbolleiste (x32 Version: 4.0.53.0 - )
Lexmark X6100 Series (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MD5 File Hasher 1.4 (x32 Version:  - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movavi Video Editor (x32 Version: 8.3.0 - Movavi)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 5.4.0 (x32 Version:  - PDF24.org)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayChess  (x32 Version:  - ChessBase GmbH)
PokerStars.eu (x32 Version:  - PokerStars.eu)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6318 - Realtek Semiconductor Corp.)
Sandboxie 3.76 (64-bit) (Version: 3.76 - SANDBOXIE L.T.D)
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.1.0 (x32 Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0909BA06-59E5-40D8-A771-F5D493C431FC} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: {1BE68120-37B5-462B-B221-EB24C7E0C18B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {593152BE-0C7B-4076-8D11-BD09834A8987} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\ajin\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {8E94571D-505A-4E0E-B8E4-1081D249E3DB} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
Task: {D7B029FD-65F0-4D76-A1CE-84230A296FAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {F678144B-655F-497A-9A8B-13DD475BC6D7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1748017642-652846318-1303095136-1003
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1748017642-652846318-1303095136-1000Core.job => C:\Users\ajin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef2ba505718b8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-01 16:51 - 2013-02-02 01:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-04 19:33 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-04 19:33 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-04 19:33 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 19:33 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 19:33 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2014 09:10:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/03/2014 11:05:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 01:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 01:24:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2014 01:06:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 00:45:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 09:04:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 11:06:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 10:57:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 10:38:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/03/2014 11:04:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/03/2014 11:04:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.

Error: (01/02/2014 01:32:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/02/2014 01:32:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.

Error: (01/02/2014 01:32:52 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎01.‎2014 um 13:30:10 unerwartet heruntergefahren.

Error: (01/02/2014 01:04:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/02/2014 01:04:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.

Error: (01/02/2014 00:44:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/02/2014 00:44:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxduCATSCustConnectService erreicht.

Error: (01/02/2014 00:44:00 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎02.‎01.‎2014 um 12:43:11 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (01/03/2014 09:10:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ajin\Downloads\esetsmartinstaller_enu.exe

Error: (01/03/2014 11:05:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 01:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 01:24:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/02/2014 01:06:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 00:45:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 09:04:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 11:06:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 10:57:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2014 10:38:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 4009.55 MB
Available physical RAM: 2312.51 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5588.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:245.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C5D3BC32)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 04.01.2014, 15:47

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

bozz1983 · 04.01.2014, 22:58

hi,

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
ajin :: AJIN-PC [Administrator]

Schutz: Deaktiviert

04.01.2014 21:13:49
mbam-log-2014-01-04 (21-13-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325840
Laufzeit: 54 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 04/01/2014 um 22:12:33
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ajin - AJIN-PC
# Gestartet von : C:\Users\ajin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\ajin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [791 octets] - [04/01/2014 22:10:49]
AdwCleaner[S0].txt - [713 octets] - [04/01/2014 22:12:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [772 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by ajin on 04.01.2014 at 22:19:52,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2014 at 22:47:59,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 05.01.2014, 16:37

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

bozz1983 · 05.01.2014, 23:27

hi,
was ist mit HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP gefunden: Application.Win32.InstallAd (A), Emsisoft findet es bei jeder suchlauf wieder?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=206cedd6090cc94b9a48c8510681b1da
# engine=16532
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-05 09:55:48
# local_time=2014-01-05 10:55:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 12125 140588798 0 0
# scanned=114932
# found=0
# cleaned=0
# scan_time=4946

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by ajin (administrator) on AJIN-PC on 05-01-2014 23:15:55
Running from C:\Users\ajin\Desktop\Neuer Ordner (3)
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
( ) C:\Windows\System32\lxbfcoms.exe
( ) C:\Windows\System32\lxducoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\32\SbieSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2013-02-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2013-02-02] (Synaptics Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [765200 2012-12-16] (SANDBOXIE L.T.D)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF60344C09F00CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Chrome: 
=======

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 lxbf_device; C:\Windows\system32\lxbfcoms.exe [566704 2007-04-24] ( )
R2 lxbf_device; C:\Windows\SysWow64\lxbfcoms.exe [537520 2007-04-24] ( )
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWow64\lxducoms.exe [589824 2009-10-16] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 23:14 - 2014-01-05 23:14 - 00000781 _____ C:\Users\ajin\Desktop\checkup.txt
2014-01-05 23:03 - 2014-01-05 23:03 - 00987410 _____ C:\Users\ajin\Desktop\SecurityCheck.exe
2014-01-05 21:20 - 2014-01-05 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 21:15 - 2014-01-05 21:15 - 02347384 _____ (ESET) C:\Users\ajin\Desktop\esetsmartinstaller_enu (1).exe
2014-01-05 20:51 - 2014-01-05 23:15 - 00000000 ____D C:\Users\ajin\Desktop\Neuer Ordner (3)
2014-01-04 22:10 - 2014-01-04 22:13 - 00000000 ____D C:\AdwCleaner
2014-01-04 21:12 - 2014-01-04 21:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 21:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-03 21:11 - 2014-01-03 21:11 - 00000000 ____D C:\FRST
2014-01-01 01:19 - 2014-01-01 01:19 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-01 01:18 - 2014-01-05 23:04 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-01 01:18 - 2014-01-01 01:18 - 00000000 ____D C:\Users\ajin\Documents\Anti-Malware
2014-01-01 01:08 - 2014-01-01 01:08 - 00077908 _____ C:\Windows\PFRO.log
2014-01-01 01:02 - 2014-01-01 01:05 - 234971656 _____ (Emsisoft GmbH                                               ) C:\Users\ajin\Downloads\EmsisoftAntiMalwareSetup_5987352.exe
2013-12-31 13:52 - 2013-12-31 13:52 - 00000000 _____ C:\Users\ajin\HELP
2013-12-26 22:35 - 2013-12-26 22:36 - 02347384 _____ (ESET) C:\Users\ajin\Downloads\esetsmartinstaller_enu.exe
2013-12-26 18:11 - 2013-12-31 16:52 - 00000000 ___RD C:\Users\ajin\Desktop\Neuer Ordner (2)
2013-12-26 09:09 - 2013-12-26 09:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ajin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-24 03:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-24 03:00 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-24 03:00 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-24 03:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-24 03:00 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-24 03:00 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-24 03:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-24 03:00 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-24 03:00 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-24 03:00 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-24 03:00 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-24 03:00 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-24 03:00 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-24 03:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-24 03:00 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-24 03:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-24 03:00 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-24 03:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-24 03:00 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-24 03:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-24 03:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-24 03:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-24 03:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-24 03:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-24 03:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-24 03:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-24 03:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-24 03:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-24 03:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-24 03:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-24 03:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-23 22:49 - 2014-01-05 21:28 - 00008568 _____ C:\Windows\setupact.log
2013-12-23 22:49 - 2013-12-23 22:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 19:29 - 2013-12-23 19:29 - 00000517 _____ C:\DelFix.txt
2013-12-23 10:16 - 2013-12-23 10:16 - 00000000 ____D C:\Users\ajin\AppData\Roaming\Malwarebytes
2013-12-23 08:33 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-23 08:33 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-23 08:33 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-23 08:33 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-23 08:32 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-23 08:22 - 2013-12-23 08:22 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-22 01:53 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-22 01:53 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-22 01:53 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-22 01:48 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-22 01:48 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-22 01:48 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-22 01:48 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-22 01:48 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-22 01:48 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-22 01:48 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-22 01:48 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-22 01:48 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-22 01:48 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-22 01:48 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-22 01:48 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-22 01:48 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-22 01:48 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-22 01:48 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-22 01:48 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-22 01:48 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-22 01:48 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-22 01:48 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-22 01:48 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-22 01:48 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-22 01:48 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-22 01:48 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-22 01:48 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-22 01:48 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-22 01:48 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-22 01:48 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-22 01:48 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-22 01:48 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 01:48 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-22 01:48 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-22 01:48 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-22 01:48 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-22 01:48 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-22 01:48 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-22 01:48 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-22 01:48 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-22 01:48 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-22 01:48 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-22 01:48 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-22 01:48 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-22 01:48 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-22 01:48 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-22 01:48 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-22 01:48 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-22 01:48 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-21 20:54 - 2013-12-21 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 01:40 - 2013-12-22 14:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 01:40 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 20:50 - 2013-12-30 11:17 - 00000000 ____D C:\bootmedium
2013-12-20 13:53 - 2013-12-20 13:53 - 00002773 _____ C:\Users\ajin\Desktop\G Data Protokoll ID 4199.html
2013-12-19 13:03 - 2014-01-01 14:26 - 00000000 ____D C:\Users\ajin\AppData\Roaming\MD5 File Hasher
2013-12-19 13:03 - 2013-12-19 13:03 - 00001051 _____ C:\Users\Public\Desktop\MD5 File Hasher.lnk
2013-12-19 13:03 - 2013-12-19 13:03 - 00000000 ____D C:\Program Files (x86)\MD5 File Hasher
2013-12-19 13:03 - 2013-09-23 14:56 - 01138688 ____S (Digital-Tronic) C:\Windows\SysWOW64\HashControls.ocx
2013-12-19 13:03 - 2005-07-17 08:21 - 00128736 ____S (Karen Kenworthy) C:\Windows\SysWOW64\PTHash.dll
2013-12-19 13:03 - 2002-12-20 14:02 - 01077336 ____S (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2013-12-19 13:03 - 2000-05-22 16:58 - 00140488 ____S (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2013-12-19 13:03 - 1998-06-09 00:00 - 00137216 ____S (Microsoft Corporation) C:\Windows\SysWOW64\MSDERUN.DLL
2013-12-19 13:01 - 2013-12-19 13:02 - 10999302 _____ C:\Users\ajin\Downloads\PC Schutz Windows Systemdateien auf Manipulationen pruefen - Trojaner Virus erkennen.mp4
2013-12-19 13:00 - 2013-12-19 13:00 - 02439433 _____ (Digital-Tronic                                              ) C:\Users\ajin\Downloads\MD5FileHasher_Setup.exe
2013-12-19 09:26 - 2014-01-05 23:04 - 01650530 _____ C:\Windows\WindowsUpdate.log
2013-12-18 22:28 - 2013-12-18 22:28 - 00000000 ___RD C:\Users\ajin\Documents\Notes
2013-12-08 21:50 - 2013-12-08 21:50 - 25833558 _____ C:\Users\ajin\Downloads\EMinem - freestyle on Tim Westwood Radio1.mp4
2013-12-08 21:47 - 2013-12-08 21:49 - 131366148 _____ C:\Users\ajin\Downloads\Westwood - EXCLUSIVE Eminem freestyle Radio 1.mp4
2013-12-06 20:35 - 2013-12-06 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef2ba505718b8.job

==================== One Month Modified Files and Folders =======

2014-01-05 23:15 - 2014-01-05 20:51 - 00000000 ____D C:\Users\ajin\Desktop\Neuer Ordner (3)
2014-01-05 23:14 - 2014-01-05 23:14 - 00000781 _____ C:\Users\ajin\Desktop\checkup.txt
2014-01-05 23:04 - 2014-01-01 01:18 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-05 23:04 - 2013-12-19 09:26 - 01650530 _____ C:\Windows\WindowsUpdate.log
2014-01-05 23:03 - 2014-01-05 23:03 - 00987410 _____ C:\Users\ajin\Desktop\SecurityCheck.exe
2014-01-05 22:30 - 2013-02-01 18:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 21:35 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 21:35 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 21:33 - 2011-03-20 10:08 - 00654400 _____ C:\Windows\system32\perfh007.dat
2014-01-05 21:33 - 2011-03-20 10:08 - 00130240 _____ C:\Windows\system32\perfc007.dat
2014-01-05 21:33 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 21:28 - 2013-12-23 22:49 - 00008568 _____ C:\Windows\setupact.log
2014-01-05 21:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 21:20 - 2014-01-05 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-05 21:15 - 2014-01-05 21:15 - 02347384 _____ (ESET) C:\Users\ajin\Desktop\esetsmartinstaller_enu (1).exe
2014-01-05 21:00 - 2013-07-28 17:36 - 00000000 ____D C:\Users\ajin\AppData\Roaming\Skype
2014-01-04 22:13 - 2014-01-04 22:10 - 00000000 ____D C:\AdwCleaner
2014-01-04 21:12 - 2014-01-04 21:12 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 12:53 - 2013-07-28 17:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-04 12:53 - 2013-07-28 17:35 - 00000000 ____D C:\ProgramData\Skype
2014-01-03 21:11 - 2014-01-03 21:11 - 00000000 ____D C:\FRST
2014-01-02 19:31 - 2013-11-11 14:05 - 00000000 ____D C:\Users\ajin\AppData\Roaming\vlc
2014-01-01 22:49 - 2013-02-01 18:44 - 00004142 _____ C:\Windows\Sandboxie.ini
2014-01-01 14:26 - 2013-12-19 13:03 - 00000000 ____D C:\Users\ajin\AppData\Roaming\MD5 File Hasher
2014-01-01 01:19 - 2014-01-01 01:19 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-01 01:18 - 2014-01-01 01:18 - 00000000 ____D C:\Users\ajin\Documents\Anti-Malware
2014-01-01 01:08 - 2014-01-01 01:08 - 00077908 _____ C:\Windows\PFRO.log
2014-01-01 01:08 - 2013-02-01 17:35 - 00000000 ____D C:\ProgramData\G DATA
2014-01-01 01:08 - 2013-02-01 17:35 - 00000000 ____D C:\Program Files (x86)\G Data
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2014-01-01 01:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
2014-01-01 01:05 - 2014-01-01 01:02 - 234971656 _____ (Emsisoft GmbH                                               ) C:\Users\ajin\Downloads\EmsisoftAntiMalwareSetup_5987352.exe
2013-12-31 16:52 - 2013-12-26 18:11 - 00000000 ___RD C:\Users\ajin\Desktop\Neuer Ordner (2)
2013-12-31 13:52 - 2013-12-31 13:52 - 00000000 _____ C:\Users\ajin\HELP
2013-12-31 13:52 - 2013-02-01 14:55 - 00000000 ____D C:\Users\ajin
2013-12-30 22:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-12-30 11:17 - 2013-12-20 20:50 - 00000000 ____D C:\bootmedium
2013-12-27 19:35 - 2013-02-01 20:43 - 00000000 ____D C:\Users\ajin\AppData\Local\PokerStars.EU
2013-12-26 22:36 - 2013-12-26 22:35 - 02347384 _____ (ESET) C:\Users\ajin\Downloads\esetsmartinstaller_enu.exe
2013-12-26 09:13 - 2013-12-26 09:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ajin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-23 22:49 - 2013-12-23 22:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 20:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-23 19:47 - 2013-02-01 06:48 - 00000000 ____D C:\Windows\Panther
2013-12-23 19:29 - 2013-12-23 19:29 - 00000517 _____ C:\DelFix.txt
2013-12-23 16:22 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-23 10:16 - 2013-12-23 10:16 - 00000000 ____D C:\Users\ajin\AppData\Roaming\Malwarebytes
2013-12-23 08:44 - 2013-02-01 14:56 - 00001421 _____ C:\Users\ajin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 08:42 - 2009-07-14 05:45 - 00312912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-23 08:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-23 08:22 - 2013-12-23 08:22 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-23 08:22 - 2013-12-23 08:22 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-23 08:22 - 2013-12-23 08:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-23 08:22 - 2013-12-23 08:22 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-23 08:22 - 2013-12-23 08:22 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-23 08:22 - 2013-12-23 08:22 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-23 08:13 - 2013-07-12 19:29 - 00000000 ____D C:\Windows\system32\MRT
2013-12-22 14:10 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 20:54 - 2013-12-21 20:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 01:40 - 2013-12-21 01:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-20 13:53 - 2013-12-20 13:53 - 00002773 _____ C:\Users\ajin\Desktop\G Data Protokoll ID 4199.html
2013-12-19 22:02 - 2013-05-13 19:29 - 00007631 _____ C:\Users\ajin\AppData\Local\Resmon.ResmonCfg
2013-12-19 13:03 - 2013-12-19 13:03 - 00001051 _____ C:\Users\Public\Desktop\MD5 File Hasher.lnk
2013-12-19 13:03 - 2013-12-19 13:03 - 00000000 ____D C:\Program Files (x86)\MD5 File Hasher
2013-12-19 13:02 - 2013-12-19 13:01 - 10999302 _____ C:\Users\ajin\Downloads\PC Schutz Windows Systemdateien auf Manipulationen pruefen - Trojaner Virus erkennen.mp4
2013-12-19 13:00 - 2013-12-19 13:00 - 02439433 _____ (Digital-Tronic                                              ) C:\Users\ajin\Downloads\MD5FileHasher_Setup.exe
2013-12-19 09:30 - 2013-11-23 13:25 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-18 22:28 - 2013-12-18 22:28 - 00000000 ___RD C:\Users\ajin\Documents\Notes
2013-12-11 08:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 21:50 - 2013-12-08 21:50 - 25833558 _____ C:\Users\ajin\Downloads\EMinem - freestyle on Tim Westwood Radio1.mp4
2013-12-08 21:49 - 2013-12-08 21:47 - 131366148 _____ C:\Users\ajin\Downloads\Westwood - EXCLUSIVE Eminem freestyle Radio 1.mp4
2013-12-07 17:12 - 2013-08-31 21:59 - 00000000 ____D C:\Users\ajin\Desktop\VIDEO
2013-12-06 20:35 - 2013-12-06 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef2ba505718b8.job

Some content of TEMP:
====================
C:\Users\ajin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 09:42

==================== End Of Log ============================

--- --- ---

schrauber · 06.01.2014, 16:53

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
SDP
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

bozz1983 · 06.01.2014, 17:29

SystemLook 30.07.11 by jpshortstuff
Log created at 17:25 on 06/01/2014 by ajin
Administrator - Elevation successful

========== regfind ==========

Searching for "SDP"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ProtocolExecute\sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp]
@="VLC.sdp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\vlc.exe\SupportedTypes]
".sdp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\system32\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\system32\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CCA6768-8373-4d28-8876-83E8B4E3A969}]
@="SDPWmiJob Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\InprocServer32]
@="%SystemRoot%\System32\WSDPrintProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\ProgID]
@="FunctionDiscovery.WSDPrintProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\VersionIndependentProgID]
@="FunctionDiscovery.WSDPrintProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy\CurVer]
@="FunctionDiscovery.WSDPrintProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
@="URL:SDP Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.sdp]
@="VLC media file (.sdp)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\VLC\Capabilities\FileAssociations]
".sdp"="VLC.sdp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Provider\Microsoft.Networking.SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDE\Support\Microsoft]
"URL"="https://dcodews.partners.extranet.microsoft.com/sdpservice/diagnosticux/service.svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs"="%windir%\system32\wbem\cimwin32.mof %windir%\system32\wbem\ncprov.mof %windir%\system32\wbem\wmipcima.mof %windir%\system32\wbem\secrcw32.mof %windir%\system32\wbem\subscrpt.mof %windir%\system32\wbem\scm.mof %windir%\system32\wbem\system.mof %windir%\system32\wbem\interop.mof %windir%\system32\wbem\scrcons.mof %windir%\system32\wbem\smtpcons.mof %windir%\system32\wbem\wbemcons.mof %windir%\system32\wbem\wmi.mof %windir%\system32\wbem\wmi_tracing.mof %windir%\system32\wbem\win32_printer.mof %windir%\system32\wbem\tcpip.mof %windir%\system32\wbem\services.mof %windir%\system32\wbem\mmc.mof %windir%\system32\wbem\newdev.mof %windir%\system32\restartmanager.mof %windir%\system32\wbem\wsdapi.mof %windir%\system32\wbem\qmgr.mof %windir%\system32\wbem\schannel.mof %windir%\system32\wbem\ncsi.mof %windir%\system32\wbem\nlasvc.mof %windir%\system32\wbem\mpssvc.mof %windir%\system32\wbem\mpsdrv.mof %windir%\system32\wbem\firewallapi.mof %windir%\s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514]
"InstallName"="Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_fdssdp_31bf3856ad364e35_none_46ad94cf341375c7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_none_777079927d7b2401]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-printing-wsdprintproxy_31bf3856ad364e35_none_856f264cf9d532f7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_de-de_e473666b5811e7f5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_none_333e3b487f142313]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf-languagepack_31bf3856ad364e35_de-de_4dcd12a1fb5d2786]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf.resources_31bf3856ad364e35_de-de_aeee67472d7fdce7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf_31bf3856ad364e35_none_f0d9aba69f12826e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-upnpssdp_31bf3856ad364e35_none_3d92e59ab374e50e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_fdssdp_31bf3856ad364e35_none_ea8ef94b7bb60491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_de-de_8854cae79fb476bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\sdp:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\DeviceShims\D-Link Systems, Inc\Wireless Media Player\DSM-520]
"SinkProtocolInfo"="http-get:*:audio/x-ms-wma:themediamall.com.trick=seek;AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/x-aiff:*,http-get:*:audio/mpeg:*,http-get:*:audio/mp3:*,http-get:*:audio/x-wav:*,http-get:*:audio/lpcm:*,http-get:*:audio/x-mpegurl:*,http-get:*:audio/x-ms-asx:AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/vnd.dlna.adts:*,http-get:*:audio/ac3:*,http-get:*:audio/mp4:AUDIO_CODEC=AAC,http-get:*:audio/vnd.dlna.adts:AUDIO_CODEC=AAC,http-get:*:application/ogg:*,http-get:*:video/mpeg:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG1L3;AUDIO_CODEC=MPEG2L 1;AUDIO_CODEC=MPEG2L2;AUDIO_CODEC=MPEG2L3;AUDIO_CODEC=AC3;AUDIO_CODEC=DTS;AUDIO_CODEC=LPCM,http-get:*:video/mpeg2:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1DD2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1E2E]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Provider\Microsoft.Networking.SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSDE\Support\Microsoft]
"URL"="https://dcodews.partners.extranet.microsoft.com/sdpservice/diagnosticux/service.svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Foundation\SchemeHandlers\sdp:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\DeviceShims\D-Link Systems, Inc\Wireless Media Player\DSM-520]
"SinkProtocolInfo"="http-get:*:audio/x-ms-wma:themediamall.com.trick=seek;AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/x-aiff:*,http-get:*:audio/mpeg:*,http-get:*:audio/mp3:*,http-get:*:audio/x-wav:*,http-get:*:audio/lpcm:*,http-get:*:audio/x-mpegurl:*,http-get:*:audio/x-ms-asx:AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/vnd.dlna.adts:*,http-get:*:audio/ac3:*,http-get:*:audio/mp4:AUDIO_CODEC=AAC,http-get:*:audio/vnd.dlna.adts:AUDIO_CODEC=AAC,http-get:*:application/ogg:*,http-get:*:video/mpeg:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG1L3;AUDIO_CODEC=MPEG2L 1;AUDIO_CODEC=MPEG2L2;AUDIO_CODEC=MPEG2L3;AUDIO_CODEC=AC3;AUDIO_CODEC=DTS;AUDIO_CODEC=LPCM,http-get:*:video/mpeg2:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDI
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1DD2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1E2E]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Media\VLC\Capabilities\FileAssociations]
".sdp"="VLC.sdp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\s ystem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\sv chost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\s vchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot %\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\s ystem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\sv chost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\s vchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot %\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\s ystem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\sv chost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\s vchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot %\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot% \system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sy stem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\sys tem32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svcho st.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchos t.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv |Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv| Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv| Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv |Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\3D\46693477]
"@%systemroot%\system32\ssdpsrv.dll,-100"="SSDP-Suche"
[HKEY_USERS\S-1-5-21-1748017642-652846318-1303095136-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\sdp]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\3D\46693477]
"@%systemroot%\system32\ssdpsrv.dll,-100"="SSDP-Suche"

-= EOF =-

bozz1983 · 06.01.2014, 17:31

sorry hab vergessen in code feld einzutragen, hab es nochmal gesendet aber richtig

bozz1983 · 06.01.2014, 17:32

Code:

ATTFilter

 SystemLook 30.07.11 by jpshortstuff
Log created at 17:25 on 06/01/2014 by ajin
Administrator - Elevation successful

========== regfind ==========

Searching for "SDP"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ProtocolExecute\sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp]
@="VLC.sdp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\vlc.exe\SupportedTypes]
".sdp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\system32\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\system32\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CCA6768-8373-4d28-8876-83E8B4E3A969}]
@="SDPWmiJob Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\InprocServer32]
@="%SystemRoot%\System32\WSDPrintProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\ProgID]
@="FunctionDiscovery.WSDPrintProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5ED6B03-EDA3-4cbc-9FF1-60182438C8F6}\VersionIndependentProgID]
@="FunctionDiscovery.WSDPrintProxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy\CurVer]
@="FunctionDiscovery.WSDPrintProxy.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunctionDiscovery.WSDPrintProxy.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
@="URL:SDP Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.sdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.sdp]
@="VLC media file (.sdp)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\VLC\Capabilities\FileAssociations]
".sdp"="VLC.sdp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Function Discovery\Categories\Provider\Microsoft.Networking.SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDE\Support\Microsoft]
"URL"="https://dcodews.partners.extranet.microsoft.com/sdpservice/diagnosticux/service.svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs"="%windir%\system32\wbem\cimwin32.mof %windir%\system32\wbem\ncprov.mof %windir%\system32\wbem\wmipcima.mof %windir%\system32\wbem\secrcw32.mof %windir%\system32\wbem\subscrpt.mof %windir%\system32\wbem\scm.mof %windir%\system32\wbem\system.mof %windir%\system32\wbem\interop.mof %windir%\system32\wbem\scrcons.mof %windir%\system32\wbem\smtpcons.mof %windir%\system32\wbem\wbemcons.mof %windir%\system32\wbem\wmi.mof %windir%\system32\wbem\wmi_tracing.mof %windir%\system32\wbem\win32_printer.mof %windir%\system32\wbem\tcpip.mof %windir%\system32\wbem\services.mof %windir%\system32\wbem\mmc.mof %windir%\system32\wbem\newdev.mof %windir%\system32\restartmanager.mof %windir%\system32\wbem\wsdapi.mof %windir%\system32\wbem\qmgr.mof %windir%\system32\wbem\schannel.mof %windir%\system32\wbem\ncsi.mof %windir%\system32\wbem\nlasvc.mof %windir%\system32\wbem\mpssvc.mof %windir%\system32\wbem\mpsdrv.mof %windir%\system32\wbem\firewallapi.mof %windir%\s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514]
"InstallName"="Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_fdssdp_31bf3856ad364e35_none_46ad94cf341375c7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_none_777079927d7b2401]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-printing-wsdprintproxy_31bf3856ad364e35_none_856f264cf9d532f7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_de-de_e473666b5811e7f5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_none_333e3b487f142313]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf-languagepack_31bf3856ad364e35_de-de_4dcd12a1fb5d2786]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf.resources_31bf3856ad364e35_de-de_aeee67472d7fdce7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_wsdprint.inf_31bf3856ad364e35_none_f0d9aba69f12826e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_microsoft-windows-upnpssdp_31bf3856ad364e35_none_3d92e59ab374e50e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_fdssdp_31bf3856ad364e35_none_ea8ef94b7bb60491]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_de-de_8854cae79fb476bf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\SchemeHandlers\sdp:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\DeviceShims\D-Link Systems, Inc\Wireless Media Player\DSM-520]
"SinkProtocolInfo"="http-get:*:audio/x-ms-wma:themediamall.com.trick=seek;AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/x-aiff:*,http-get:*:audio/mpeg:*,http-get:*:audio/mp3:*,http-get:*:audio/x-wav:*,http-get:*:audio/lpcm:*,http-get:*:audio/x-mpegurl:*,http-get:*:audio/x-ms-asx:AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/vnd.dlna.adts:*,http-get:*:audio/ac3:*,http-get:*:audio/mp4:AUDIO_CODEC=AAC,http-get:*:audio/vnd.dlna.adts:AUDIO_CODEC=AAC,http-get:*:application/ogg:*,http-get:*:video/mpeg:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG1L3;AUDIO_CODEC=MPEG2L1;AUDIO_CODEC=MPEG2L2;AUDIO_CODEC=MPEG2L3;AUDIO_CODEC=AC3;AUDIO_CODEC=DTS;AUDIO_CODEC=LPCM,http-get:*:video/mpeg2:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1DD2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1E2E]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Base.DevicePairing\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.Networking.Devices\SSDP]
"00000000"="<categoryMetadata name="SSDP"><queryDefinition><category identity="Provider\Microsoft.Networking.SSDP"/></queryDefinition></categoryMetadata>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Provider\Microsoft.Networking.SSDP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSDE\Support\Microsoft]
"URL"="https://dcodews.partners.extranet.microsoft.com/sdpservice/diagnosticux/service.svc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Foundation\SchemeHandlers\sdp:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Player NSS\3.0\DeviceShims\D-Link Systems, Inc\Wireless Media Player\DSM-520]
"SinkProtocolInfo"="http-get:*:audio/x-ms-wma:themediamall.com.trick=seek;AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/x-aiff:*,http-get:*:audio/mpeg:*,http-get:*:audio/mp3:*,http-get:*:audio/x-wav:*,http-get:*:audio/lpcm:*,http-get:*:audio/x-mpegurl:*,http-get:*:audio/x-ms-asx:AUDIO_CODEC=WMA2;AUDIO_CODEC=WMA3,http-get:*:audio/vnd.dlna.adts:*,http-get:*:audio/ac3:*,http-get:*:audio/mp4:AUDIO_CODEC=AAC,http-get:*:audio/vnd.dlna.adts:AUDIO_CODEC=AAC,http-get:*:application/ogg:*,http-get:*:video/mpeg:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDIO_CODEC=MPEG1L3;AUDIO_CODEC=MPEG2L1;AUDIO_CODEC=MPEG2L2;AUDIO_CODEC=MPEG2L3;AUDIO_CODEC=AC3;AUDIO_CODEC=DTS;AUDIO_CODEC=LPCM,http-get:*:video/mpeg2:VIDEO_CODEC=MPEG1;VIDEO_CODEC=MPEG2;VIDEO_CODEC=MPEG4;VIDEO_GMC=NO;AUDIO_CODEC=MPEG1L1;AUDIO_CODEC=MPEG1L2;AUDI
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1DD2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\PCMCIA#SunDisk-SDP-1E2E]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0D0D66EB-CF74-4164-B52F-08344672DD46}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}]
@="SSDP Provider Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32]
@="C:\Windows\SysWOW64\fdssdp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ad763fa6-3b90-41ab-bd44-4f832beee55f}\Properties]
"Source Type"="RTSP,XSDP,RTP,RTSPA,RTSPT,RTSPU,RTSPM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\MediaFoundation\MediaSources\Preferred]
"sdp:"="{E9F4EBAB-D97B-463e-A2B1-C54EE3F9414D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Media\VLC\Capabilities\FileAssociations]
".sdp"="VLC.sdp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{784e8451-c4b4-4a56-ac46-6dfeff773662}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\Repairs\{79678ce7-ba91-4b55-87f2-8f27d524975f}]
"Symbol"="ID_PNRP_REPAIR_SSDP_SERVICE_STOPPED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{1dc0a017-d56b-415b-bbad-f0ebce84a355}]
"Symbol"="RCG_SSDP_SERVICE_NOT_RUNNING"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\PnrpHelperClass\HelperClasses\PnrpHelperClass\RootCauses\{24182e1e-2c88-468c-96ee-7e338dc5685b}]
"Symbol"="RCG_SSDP_SERVICE_DISABLED"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Mcx2Svc]
"DependOnService"="SSDPSRV IPBusEnum TermService fdphost"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"WPDMTP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-PlayTo-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30820|Desc=@FirewallAPI.dll,-30821|EmbedCtxt=@FirewallAPI.dll,-30752|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E7012F48-3A18-4D17-A3D4-2CF460916B20}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
"DisplayName"="@%systemroot%\system32\ssdpsrv.dll,-100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV]
"Description"="@%systemroot%\system32\ssdpsrv.dll,-101"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV\Parameters]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\upnphost]
"DependOnService"="SSDPSRV HTTP"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\3D\46693477]
"@%systemroot%\system32\ssdpsrv.dll,-100"="SSDP-Suche"
[HKEY_USERS\S-1-5-21-1748017642-652846318-1303095136-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\sdp]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\3D\46693477]
"@%systemroot%\system32\ssdpsrv.dll,-100"="SSDP-Suche"

-= EOF =-

schrauber · 07.01.2014, 10:12

Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:

ATTFilter

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]

Starte die regfix.reg duch Doppelklick.

bozz1983 · 07.01.2014, 13:06

das habe ich gemacht.
was soll ich jetzt tun?

schrauber · 08.01.2014, 08:26

Bitte nochmal mit Emsisoft scannen

bozz1983 · 08.01.2014, 15:58

hab es mit emsisoft gescannt, und war alles sauber.
danke das du mir geholfen hast.
ein frage noch in mein computerverwaltung unter freigaben, steht ein ordner namen interfaces,
kannst du mir sagen was das ist?

Code:

ATTFilter

 Emsisoft Anti-Malware - Version 8.1
Letztes Update: 08.01.2014 15:12:05
Benutzerkonto: ajin-PC\ajin

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	08.01.2014 15:17:14

Gescannt	261304
Gefunden	0

Scan Ende:	08.01.2014 15:49:09
Scan Zeit:	0:31:55

08.01.2014, 08:26	#14
schrauber /// the machine /// TB-Ausbilder	Emsisoft fund Application.Win32.InstallAd (A) und lässt sich nicht quarantäne schieben oder löschen Bitte nochmal mit Emsisoft scannen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Emsisoft fund Application.Win32.InstallAd (A) und lässt sich nicht quarantäne schieben oder löschen

Plagegeister aller Art und deren Bekämpfung: Emsisoft fund Application.Win32.InstallAd (A) und lässt sich nicht quarantäne schieben oder löschen