|
Plagegeister aller Art und deren Bekämpfung: Komplette Säuberung (Entfernen von Viren usw)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.06.2014, 19:55 | #16 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) 1) Bitte folgendes tun: Systemdateien reparieren 2) Danach die folgende Datei auf den Desktop abspeichern und ausführen (ggf. Sicherheitsabfrage bestätigen/erlauben): vss.reg Rechner neu starten! 3) Dann noch die folgende Batch-Datei ausführen und die Logdatei posten: Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter set Log=%temp%\fix.txt if exist "%log%" del "%log%" sc start WinDefend >> "%log%" 2>&1 sc config WinDefend start= auto >> "%log%" 2>&1 sc start wuauserv >> "%log%" 2>&1 sc config wuauserv start= auto >> "%log%" 2>&1 sc start wscsvc >> "%log%" 2>&1 sc config wscsvc start= auto >> "%log%" 2>&1 notepad "%log%" del %0
Rechner neu starten! 4) Abschließend nochmal FSS ausführen und Logdatei posten bitte. |
06.06.2014, 12:49 | #17 |
| Komplette Säuberung (Entfernen von Viren usw) Schritt 2: C:\User\Lieselotte\Desktop\VSS.reg kann nicht importiert werden. Fehler beim Zugriff auf die Registrierung.
__________________Kann ich es manuell einfügen.? |
06.06.2014, 16:41 | #18 | |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw)Zitat:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS] "DisplayName"="@%systemroot%\\system32\\vssvc.exe,-102" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\ 00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 "Description"="@%systemroot%\\system32\\vssvc.exe,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000010 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "ServiceSidType"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP] "SppGetSnapshots (Enter)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,\ 60,0f,00,00,90,0f,00,00,d2,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppGetSnapshots (Leave)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,\ 60,0f,00,00,90,0f,00,00,d2,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppEnumGroups (Enter)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,\ 0f,00,00,90,0f,00,00,d1,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppEnumGroups (Leave)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,\ 0f,00,00,90,0f,00,00,d1,07,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppCreate (Enter)"=hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,\ 00,00,04,0c,00,00,d0,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SppGatherWriterMetadata (Enter)"=hex:40,00,00,00,00,00,00,00,60,6a,ae,48,b8,\ d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00 "SppGatherWriterMetadata (Leave)"=hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,\ d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,01,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00 "SppAddInterestingComponents (Enter)"=hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,\ b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00 "SppAddInterestingComponents (Leave)"=hex:40,00,00,00,00,00,00,00,c0,b3,14,4b,\ b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,01,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00 "SppCreate (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\ 00,00,04,0c,00,00,d0,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore] "SrCreateRp (Enter)"=hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,\ 00,00,04,0c,00,00,d5,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SrCreateRp (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\ 00,00,04,0c,00,00,d5,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\ 00,00,18,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,e0,16,d3,48,b8,d7,cc,01,0c,0c,\ 00,00,18,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\BITS Writer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\ 0c,00,00,18,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,\ 0c,00,00,18,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,\ d7,cc,01,0c,0c,00,00,18,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\ 00,00,1c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\ 00,00,1c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\ 0c,0c,00,00,bc,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,\ 0c,0c,00,00,bc,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\ de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,\ 00,c0,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,\ 00,c0,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,30,b6,\ d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,\ 01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\ 01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\ 0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\ 0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,\ 0c,0c,00,00,b8,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,\ 0c,0c,00,00,b8,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace] "OPEN_VOLUME_HANDLE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "OPEN_VOLUME_HANDLE (Leave)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_FLUSH_AND_HOLD (Enter)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,\ cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_FLUSH_AND_HOLD (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,\ cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_RELEASE (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IOCTL_RELEASE (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)] "OPEN_VOLUME_HANDLE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\ 01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "OPEN_VOLUME_HANDLE (Leave)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,\ 01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_FLUSH_AND_HOLD (Enter)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,\ cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_FLUSH_AND_HOLD (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,\ cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_RELEASE (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\ 0c,00,00,f8,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IOCTL_RELEASE (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\ 0c,00,00,f8,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,28,03,\ 00,00,70,0b,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,c0,eb,c9,48,b8,d7,cc,01,28,03,\ 00,00,70,0b,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,28,\ 03,00,00,70,0b,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,\ 03,00,00,70,0b,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,\ d7,cc,01,28,03,00,00,70,0b,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,\ 00,00,70,0b,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,\ 00,00,70,0b,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,\ 28,03,00,00,70,0b,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,\ 28,03,00,00,70,0b,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,50,\ fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,\ 00,70,0b,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,\ 00,70,0b,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,30,b6,\ d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,\ 01,28,03,00,00,e0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,\ 70,0b,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\ 01,28,03,00,00,e0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,\ 70,0b,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,28,\ 03,00,00,70,0b,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,\ 03,00,00,70,0b,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 28,03,00,00,58,08,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 28,03,00,00,58,08,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\ 0c,00,00,1c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,\ 0c,00,00,1c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,\ d7,cc,01,0c,0c,00,00,1c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\ 0c,0c,00,00,b8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,\ 0c,0c,00,00,b8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,\ ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,20,5a,db,4b,b8,d7,cc,01,0c,0c,00,\ 00,c4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,\ 00,c4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,11,\ 54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\ 01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c0,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\ 01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c0,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,\ 0c,00,00,b4,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,\ 0c,00,00,b4,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,\ 0c,0c,00,00,c0,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,\ 0c,0c,00,00,c0,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\ 00,00,1c,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,\ 00,00,1c,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\ 0c,00,00,90,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,\ 0c,00,00,90,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,\ d7,cc,01,0c,0c,00,00,90,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,\ 00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\ 0c,0c,00,00,c8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,\ 0c,0c,00,00,c8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\ de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,\ 00,b4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,\ 00,b4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,5f,\ c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,\ 01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\ 01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\ c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\ 0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,\ 0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,\ 0c,0c,00,00,b4,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,\ 0c,0c,00,00,b4,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}] "PROVIDER_BEGINPREPARE (Enter)"=hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,\ cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_BEGINPREPARE (Leave)"=hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,\ cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_ENDPREPARE (Enter)"=hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_ENDPREPARE (Leave)"=hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_PRECOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_PRECOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_COMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,\ 0c,0c,00,00,f4,0c,00,00,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_COMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,\ 0c,0c,00,00,f4,0c,00,00,04,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_POSTCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_POSTCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,\ 01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PROVIDER_PREFINALCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,\ d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,01,00,00,00,00,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "PROVIDER_PREFINALCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,\ d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "PROVIDER_POSTFINALCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,\ d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,01,00,00,00,00,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "PROVIDER_POSTFINALCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,b0,0c,d0,68,b8,\ d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,4c,04,\ 00,00,60,06,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,b0,f3,f6,49,b8,d7,cc,01,4c,04,\ 00,00,60,06,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,4c,\ 04,00,00,60,06,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,\ 04,00,00,60,06,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,\ d7,cc,01,4c,04,00,00,60,06,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,4c,04,\ 00,00,9c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,4c,04,\ 00,00,9c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,\ 4c,04,00,00,9c,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,\ 4c,04,00,00,9c,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\ 51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,4c,04,00,\ 00,9c,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,\ 00,9c,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,c0,4b,\ d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,\ 01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,\ 9c,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\ 01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,\ 9c,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,4c,\ 04,00,00,9c,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,\ 04,00,00,9c,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 4c,04,00,00,9c,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 4c,04,00,00,9c,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap] "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Enter)"=hex:40,\ 00,00,00,00,00,00,00,00,b2,ce,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,20,00,\ 00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Enter)"=hex:40,00,00,00,\ 00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,08,00,00,00,01,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Enter)"=hex:40,00,\ 00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1a,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Leave)"=hex:40,00,\ 00,00,00,00,00,00,50,64,d9,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1b,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Enter)"=hex:\ 40,00,00,00,00,00,00,00,50,71,e5,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0c,\ 00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Leave)"=hex:\ 40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0d,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Enter)"=hex:40,00,\ 00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,12,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Leave)"=hex:40,00,00,00,\ 00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,09,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Leave)"=hex:40,\ 00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,21,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Enter)"=hex:40,00,\ 00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0a,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Leave)"=hex:40,00,\ 00,00,00,00,00,00,d0,b2,ac,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0b,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Enter)"=hex:40,00,\ 00,00,00,00,00,00,40,2f,bc,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,04,00,00,\ 00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Enter)"=hex:\ 40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1c,\ 00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "VolumesSafeForWrite (Enter)"=hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,\ 01,00,00,00,00,00,00,00,00,1e,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "VolumesSafeForWrite (Leave)"=hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,\ 01,00,00,00,00,00,00,00,00,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Leave)"=hex:\ 40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1d,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Leave)"=hex:40,00,\ 00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,13,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Leave)"=hex:40,00,\ 00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,05,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Enter)"=hex:\ 40,00,00,00,00,00,00,00,40,46,6a,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,00,\ 00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Enter)"=hex:40,00,00,\ 00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,02,00,00,00,\ 01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Leave)"=hex:40,00,00,\ 00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,03,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Leave)"=hex:\ 40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,01,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Enter)"=hex:40,00,00,\ 00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,06,00,00,00,\ 01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00 "Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Leave)"=hex:40,00,00,\ 00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,07,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,f0,ff,b2,48,b8,d7,cc,01,38,03,\ 00,00,68,0c,00,00,e8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,10,02,fa,49,b8,d7,cc,01,38,03,\ 00,00,68,0c,00,00,e8,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,30,91,28,4b,b8,d7,cc,01,38,\ 03,00,00,a4,0c,00,00,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,38,\ 03,00,00,a4,0c,00,00,e9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,d0,68,56,4b,b8,d7,cc,01,38,03,\ 00,00,a8,0c,00,00,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,38,03,\ 00,00,a8,0c,00,00,f9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "DOSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,38,03,\ 00,00,04,0c,00,00,0a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "DOSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\ 00,00,b0,0c,00,00,0a,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher] "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,30,ea,71,4b,b8,d7,cc,01,\ 0c,0c,00,00,ac,0c,00,00,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,\ 0c,0c,00,00,ac,0c,00,00,ea,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,\ 00,ac,0c,00,00,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_FRONT (Enter)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_FRONT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ec,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_BACK (Enter)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_BACK (Leave)"=hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ed,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_SYSTEM (Enter)"=hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_SYSTEM (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,ee,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_KTM (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_KTM (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,f0,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_RM (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE_RM (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,ef,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,\ 00,ac,0c,00,00,eb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW_KTM (Enter)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW_KTM (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,\ 00,00,ac,0c,00,00,f4,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,\ ac,0c,00,00,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,\ ac,0c,00,00,f2,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,\ 0c,00,00,ac,0c,00,00,f5,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,40,a2,d4,68,b8,d7,cc,01,\ 0c,0c,00,00,ac,0c,00,00,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,c0,1a,5b,69,b8,d7,cc,01,\ 0c,0c,00,00,ac,0c,00,00,fb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer] "IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,40,b2,bd,48,b8,d7,cc,01,38,03,\ 00,00,74,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,38,03,\ 00,00,74,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,f0,ad,2e,4b,b8,d7,cc,01,38,\ 03,00,00,6c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,\ 03,00,00,6c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,\ d7,cc,01,38,03,00,00,6c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\ 00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\ 00 "GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,\ 00,00,84,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,\ 00,00,84,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\ b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,80,9c,7c,4b,b8,d7,cc,01,\ 38,03,00,00,e8,03,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,\ 38,03,00,00,e8,03,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,20,\ 74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,02,00,00,00,01,00,00,00,01,00,\ 00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\ 00,00,00,00,00 "FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,38,03,00,\ 00,fc,0a,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,\ 00,fc,0a,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\ b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,a0,20,\ cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,03,00,00,00,01,00,00,00,02,00,00,\ 00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\ 00,00,00,00 "BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,\ 01,38,03,00,00,d8,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,\ fc,0a,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\ 01,38,03,00,00,d8,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\ a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,\ fc,0a,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\ 11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\ 00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,04,00,00,00,01,00,00,00,\ 03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\ 00,00,00,00,00,00,00 "POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,38,\ 03,00,00,e8,03,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,\ 03,00,00,e8,03,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\ da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\ 00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,05,00,00,00,01,00,00,\ 00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\ 00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 38,03,00,00,e8,03,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 "BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\ 38,03,00,00,e8,03,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\ 1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}] @="Microsoft Software Shadow Copy provider 1.0" "Type"=dword:00000001 "Version"="1.0.0.7" "VersionId"="{00000001-0000-0000-0007-000000000001}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID] @="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert] "{2707761B-2324-473D-88EB-EB007A359533}"="DFS-R Writer" "{D76F5A28-3092-4589-BA48-2958FB88CE29}"="FRS Writer" "{B2014C9E-8711-4C5C-A5A9-3CF384484757}"="AD Writer" "{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"="ADAM Writer" "TornComponentsBlockRevert"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl] "NT Authority\NetworkService"=dword:00000001 :Commands [reboot]
|
06.06.2014, 17:14 | #19 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"DisplayName"|"@%systemroot%\\system32\\vssvc.exe,-102" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Description"|"@%systemroot%\\system32\\vssvc.exe,-101" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ObjectName"|"LocalSystem" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ErrorControl"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Start"|dword:00000003 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Type"|dword:00000010 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"DependOnService"|hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ServiceSidType"|dword:00000001 /E : value set successfully! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGetSnapshots (Enter)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d2,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGetSnapshots (Leave)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d2,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppEnumGroups (Enter)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d1,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppEnumGroups (Leave)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d1,07,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppCreate (Enter)"|hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d0,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGatherWriterMetadata (Enter)"|hex:40,00,00,00,00,00,00,00,60,6a,ae,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGatherWriterMetadata (Leave)"|hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppAddInterestingComponents (Enter)"|hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppAddInterestingComponents (Leave)"|hex:40,00,00,00,00,00,00,00,c0,b3,14,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppCreate (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d0,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore\\"SrCreateRp (Enter)"|hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d5,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore\\"SrCreateRp (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d5,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,e0,16,d3,48,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"OPEN_VOLUME_HANDLE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"OPEN_VOLUME_HANDLE (Leave)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_FLUSH_AND_HOLD (Enter)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_FLUSH_AND_HOLD (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_RELEASE (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_RELEASE (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"OPEN_VOLUME_HANDLE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"OPEN_VOLUME_HANDLE (Leave)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_FLUSH_AND_HOLD (Enter)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_FLUSH_AND_HOLD (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_RELEASE (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_RELEASE (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,c0,eb,c9,48,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,e0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,e0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,28,03,00,00,58,08,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,28,03,00,00,58,08,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,20,5a,db,4b,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_BEGINPREPARE (Enter)"|hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_BEGINPREPARE (Leave)"|hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_ENDPREPARE (Enter)"|hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_ENDPREPARE (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PRECOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PRECOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_COMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f4,0c,00,00,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_COMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f4,0c,00,00,04,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PREFINALCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PREFINALCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTFINALCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTFINALCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,b0,0c,d0,68,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,b0,f3,f6,49,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Enter)"|hex:40,00,00,00,00,00,00,00,00,b2,ce,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,20,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Enter)"|hex:40,00,00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Enter)"|hex:40,00,00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Leave)"|hex:40,00,00,00,00,00,00,00,50,64,d9,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Enter)"|hex:40,00,00,00,00,00,00,00,50,71,e5,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Leave)"|hex:40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Enter)"|hex:40,00,00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,12,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Leave)"|hex:40,00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,09,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Leave)"|hex:40,00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Leave)"|hex:40,00,00,00,00,00,00,00,d0,b2,ac,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Enter)"|hex:40,00,00,00,00,00,00,00,40,2f,bc,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Enter)"|hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1c,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"VolumesSafeForWrite (Enter)"|hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1e,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"VolumesSafeForWrite (Leave)"|hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Leave)"|hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Leave)"|hex:40,00,00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,13,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Leave)"|hex:40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Enter)"|hex:40,00,00,00,00,00,00,00,40,46,6a,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Enter)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,02,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,f0,ff,b2,48,b8,d7,cc,01,38,03,00,00,68,0c,00,00,e8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,10,02,fa,49,b8,d7,cc,01,38,03,00,00,68,0c,00,00,e8,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,30,91,28,4b,b8,d7,cc,01,38,03,00,00,a4,0c,00,00,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,38,03,00,00,a4,0c,00,00,e9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,d0,68,56,4b,b8,d7,cc,01,38,03,00,00,a8,0c,00,00,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,38,03,00,00,a8,0c,00,00,f9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"DOSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,0a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"DOSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,b0,0c,00,00,0a,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,30,ea,71,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ea,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_FRONT (Enter)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_FRONT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ec,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_BACK (Enter)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_BACK (Leave)"|hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ed,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_SYSTEM (Enter)"|hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_SYSTEM (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ee,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_KTM (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_KTM (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f0,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_RM (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_RM (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ef,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,eb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW_KTM (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW_KTM (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f4,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f2,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f5,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,40,a2,d4,68,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,c0,1a,5b,69,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,40,b2,bd,48,b8,d7,cc,01,38,03,00,00,74,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,38,03,00,00,74,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,f0,ad,2e,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,00,00,84,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,00,00,84,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,80,9c,7c,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,d8,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,d8,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,38,03,00,00,e8,03,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,38,03,00,00,e8,03,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\@|"Microsoft Software Shadow Copy provider 1.0" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"Type"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"Version"|"1.0.0.7" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"VersionId"|"{00000001-0000-0000-0007-000000000001}" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID\\@|"{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{2707761B-2324-473D-88EB-EB007A359533}"|"DFS-R Writer" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{D76F5A28-3092-4589-BA48-2958FB88CE29}"|"FRS Writer" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{B2014C9E-8711-4C5C-A5A9-3CF384484757}"|"AD Writer" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"|"ADAM Writer" /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"TornComponentsBlockRevert"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl\\"NT Authority\NetworkService"|dword:00000001 /E : value set successfully! ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 06062014_180929 |
06.06.2014, 17:22 | #20 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) Gut. Weiter mit 3) und 4) bitte. |
07.06.2014, 00:12 | #21 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter Farbar Service Scanner Version: 21-05-2014 Ran by Lieselotte (administrator) on 07-06-2014 at 01:11:38 Running from "C:\Users\Lieselotte\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Disabled. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Disabled. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit ATTENTION!=====> C:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED. C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
07.06.2014, 15:07 | #22 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) Downloade dir bitte ESET services repair und speichere es auf den Desktop.
|
07.06.2014, 20:27 | #23 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter Log Opened: 2014-06-07 @ 21:23:39 21:23:39 - ----------------- 21:23:39 - | Begin Logging | 21:23:39 - ----------------- 21:23:39 - Fix started on a WIN_7 X64 computer 21:23:39 - Prep in progress. Please Wait. 21:23:41 - Prep complete 21:23:41 - Repairing Services Now. Please wait... INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters> ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Zugriff verweigert INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE> ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Zugriff verweigert SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 21:23:48 - Services Repair Complete. 21:23:52 - Reboot Initiated |
08.06.2014, 09:49 | #24 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) Jetzt bitte nochmal FSS ausführen. |
08.06.2014, 12:41 | #25 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter Farbar Service Scanner Version: 21-05-2014 Ran by Lieselotte (administrator) on 08-06-2014 at 13:30:53 Running from "C:\Users\Lieselotte\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit ATTENTION!=====> C:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED. C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
08.06.2014, 18:13 | #26 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) Es fehlt noch eine Systemdatei. Diese würde ich gerne wiederherstellen. Dazu müssen wir erst nach einer Kopie suchen: Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
08.06.2014, 21:24 | #27 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 22:19 on 08/06/2014 by Lieselotte Administrator - Elevation successful ========== filefind ========== Searching for "vssvc.exe" C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --a---- 1598976 bytes [23:39 13/07/2009] [01:39 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA -= EOF =- |
09.06.2014, 09:48 | #28 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) So, wir verschieben jetzt die fehlende Systemdatei mit ComboFix. Schritt 1 Combofix-Skript
Schritt 2 Poste bitte nochmal eine Logdatei von FSS. |
09.06.2014, 14:07 | #29 |
| Komplette Säuberung (Entfernen von Viren usw)Code:
ATTFilter ComboFix 14-06-09.01 - Lieselotte 09.06.2014 14:40:32.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1788.767 [GMT 2:00] ausgeführt von:: c:\users\Lieselotte\Downloads\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Lieselotte\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . Infizierte Kopie von c:\windows\System32\dllhost.exe wurde gefunden und desinfiziert Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!dllhost.exe wurde wiederhergestellt . Infizierte Kopie von c:\windows\System32\msiexec.exe wurde gefunden und desinfiziert Kopie von - c:\windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe wurde wiederhergestellt . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --> c:\windows\System32\vssvc.exe . ((((((((((((((((((((((( Dateien erstellt von 2014-05-09 bis 2014-06-09 )))))))))))))))))))))))))))))) . . 2014-06-09 12:58 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF0980E1-6BC5-4477-AEC8-B139BFE1D9C1}\mpengine.dll 2014-06-09 12:55 . 2014-06-09 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-09 12:40 . 2014-06-09 12:58 2199040 ----atw- c:\windows\system32\vssvc.exe 2014-06-06 16:09 . 2014-06-06 16:09 -------- d-----w- C:\_OTL 2014-06-06 11:37 . 2014-06-06 11:37 3524608 ----a-w- c:\windows\system32\sppsvc.exe 2014-06-06 11:37 . 2014-06-06 11:37 533504 ----a-w- c:\windows\system32\vds.exe 2014-06-06 11:37 . 2014-06-06 11:37 40960 ----a-w- c:\windows\system32\UI0Detect.exe 2014-06-05 15:22 . 2014-06-05 15:22 -------- d-----w- c:\program files (x86)\ESET 2014-06-05 12:03 . 2014-06-05 12:03 -------- d-----w- C:\zoek 2014-06-04 18:51 . 2014-06-04 18:51 -------- d-----w- c:\windows\ERUNT 2014-06-04 18:24 . 2014-06-04 18:41 -------- d-----w- C:\AdwCleaner 2014-06-03 12:00 . 2014-06-05 15:11 -------- d-----w- C:\FRST 2014-05-15 13:58 . 2014-05-15 13:58 -------- d-----w- c:\users\Lieselotte\AppData\Roaming\AVAST Software 2014-05-15 13:56 . 2014-05-15 13:57 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-05-15 13:56 . 2014-05-15 13:55 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-15 13:56 . 2014-05-15 13:57 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-05-15 13:56 . 2014-05-15 13:57 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-05-15 13:56 . 2014-05-15 13:55 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-15 13:56 . 2014-05-15 13:55 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-15 13:56 . 2014-05-15 13:55 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-15 13:56 . 2014-05-15 13:55 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-05-15 13:55 . 2014-05-15 13:55 334648 ----a-w- c:\windows\system32\aswBoot.exe 2014-05-15 13:55 . 2014-05-15 13:55 43152 ----a-w- c:\windows\avastSS.scr 2014-05-15 13:53 . 2014-05-15 13:53 -------- d-----w- c:\program files\AVAST Software 2014-05-15 13:53 . 2014-06-04 19:04 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-15 13:52 . 2014-05-15 18:24 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-05-15 13:52 . 2014-05-15 13:52 -------- d-----w- c:\programdata\Malwarebytes 2014-05-15 13:52 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-15 13:52 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-15 13:52 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-11 00:07 . 2014-05-15 13:51 -------- d-----w- c:\programdata\AVAST Software . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-09 12:58 . 2011-06-24 07:57 727552 ----atw- c:\windows\system32\msiexec.exe 2014-05-17 16:47 . 2010-10-19 11:28 735744 ----atw- c:\windows\system32\TODDSrv.exe 2014-05-15 16:11 . 2011-06-24 07:57 73216 ----a-w- c:\windows\SysWow64\msiexec.exe 2014-04-17 03:31 . 2014-04-22 09:12 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B70722CB-1C44-4892-83EC-9A83FCF7D2DB}\mpengine.dll 2014-03-31 07:35 . 2011-09-02 12:09 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-31 01:51 . 2011-12-13 14:15 90655440 ----a-w- c:\windows\system32\MRT.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2014-05-11 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) "HideSCAHealth"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x] S2 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-05-15 13:55 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2014-05-11 18944] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\77C616E6: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\84352505: DhcpNameServer = 192.168.106.1 FF - ProfilePath - c:\users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) AddRemove-{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B} - c:\program files\Amazon\UninstallerAmazon.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-06-09 15:03:17 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-06-09 13:03 ComboFix2.txt 2014-06-03 20:30 . Vor Suchlauf: 2.408.153.088 Bytes frei Nach Suchlauf: 2.255.814.656 Bytes frei . - - End Of File - - 57F240097DE9242CCB554AFB957E1111 Code:
ATTFilter Farbar Service Scanner Version: 21-05-2014 Ran by Lieselotte (administrator) on 09-06-2014 at 15:06:00 Running from "C:\Users\Lieselotte\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2014-06-09 14:40] - [2014-06-09 14:58] - 2199040 ___AT (Microsoft Corporation) 2965C64AE72247809BA5FEB3AE368F34 C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
09.06.2014, 14:08 | #30 |
/// TB-Ausbilder | Komplette Säuberung (Entfernen von Viren usw) Leider habe ich schlechte Nachrichten für dich: Warnung: File Infector Dein Rechner wurde mit einem besonderen Schädling infiziert, der andere Dateien infiziert, wodurch er sich unkontrolliert vermehrt. Diese Art der Computerschädlinge ist mit die gefährlichste. Bereinigungsversuche sind möglich, die Erfolgsaussichten dein System wieder sauber zu bekommen liegen dabei allerdings zwischen gering und unmöglich. Wir empfehlen dringend die Formatierung und das Neuaufsetzen deines Systemes in folgenden Schritten:
|
Themen zu Komplette Säuberung (Entfernen von Viren usw) |
avast, bereinigt, bereinigung, bereits, brauch, community, datei, datein, entferne, entfernen, erfolgreich, erneut, freue, geholfen, komplett, komplette, konnte, laptop, liebe, maleware suchen, scan, säuberung, unbedingt, viren, viren bekämpfen, win, win7, würde |