Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Komplette Säuberung (Entfernen von Viren usw)

Komplette Säuberung (Entfernen von Viren usw)


Plagegeister aller Art und deren Bekämpfung: Komplette Säuberung (Entfernen von Viren usw)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 05.06.2014, 19:55   #16
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


1)
Bitte folgendes tun: Systemdateien reparieren




2)
Danach die folgende Datei auf den Desktop abspeichern und ausführen (ggf. Sicherheitsabfrage bestätigen/erlauben):
vss.reg

Rechner neu starten!




3)
Dann noch die folgende Batch-Datei ausführen und die Logdatei posten:

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
set Log=%temp%\fix.txt
if exist "%log%" del "%log%"

sc start WinDefend >> "%log%" 2>&1
sc config WinDefend start= auto >> "%log%" 2>&1

sc start wuauserv >> "%log%" 2>&1
sc config wuauserv start= auto >> "%log%" 2>&1

sc start wscsvc >> "%log%" 2>&1
sc config wscsvc start= auto >> "%log%" 2>&1

notepad "%log%"
del %0
  • Wähle Datei --> Speichern unter
  • Dateiname: fix.bat
  • Dateityp: Wähle Alle Dateien (*.*)
  • Speichere die Datei auf deinem Desktop.

    Es sollte nun ungefähr so aussehen
  • Starte die fix.bat.
Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Rechner neu starten!





4)
Abschließend nochmal FSS ausführen und Logdatei posten bitte.

Alt 06.06.2014, 12:49   #17
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Schritt 2: C:\User\Lieselotte\Desktop\VSS.reg kann nicht importiert werden. Fehler beim Zugriff auf die Registrierung.

Kann ich es manuell einfügen.?
__________________
Alt 06.06.2014, 16:41   #18
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Zitat:
Zitat von DerTK Beitrag anzeigen
Schritt 2: C:\User\Lieselotte\Desktop\VSS.reg kann nicht importiert werden. Fehler beim Zugriff auf die Registrierung.

Kann ich es manuell einfügen.?
Versuch mal folgendes:


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS]
"DisplayName"="@%systemroot%\\system32\\vssvc.exe,-102"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\
  00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00
"Description"="@%systemroot%\\system32\\vssvc.exe,-101"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP]
"SppGetSnapshots (Enter)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,\
  60,0f,00,00,90,0f,00,00,d2,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SppGetSnapshots (Leave)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,\
  60,0f,00,00,90,0f,00,00,d2,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SppEnumGroups (Enter)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,\
  0f,00,00,90,0f,00,00,d1,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SppEnumGroups (Leave)"=hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,\
  0f,00,00,90,0f,00,00,d1,07,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SppCreate (Enter)"=hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,\
  00,00,04,0c,00,00,d0,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SppGatherWriterMetadata (Enter)"=hex:40,00,00,00,00,00,00,00,60,6a,ae,48,b8,\
  d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00
"SppGatherWriterMetadata (Leave)"=hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,\
  d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,01,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00
"SppAddInterestingComponents (Enter)"=hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,\
  b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00
"SppAddInterestingComponents (Leave)"=hex:40,00,00,00,00,00,00,00,c0,b3,14,4b,\
  b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,01,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00
"SppCreate (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\
  00,00,04,0c,00,00,d0,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore]
"SrCreateRp (Enter)"=hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,\
  00,00,04,0c,00,00,d5,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SrCreateRp (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\
  00,00,04,0c,00,00,d5,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\
  00,00,18,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,e0,16,d3,48,b8,d7,cc,01,0c,0c,\
  00,00,18,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\BITS Writer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\
  0c,00,00,18,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,\
  0c,00,00,18,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,\
  d7,cc,01,0c,0c,00,00,18,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\
  00,00,1c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\
  00,00,1c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\
  0c,0c,00,00,bc,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,\
  0c,0c,00,00,bc,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\
  de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,\
  00,c0,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,\
  00,c0,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,30,b6,\
  d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,\
  01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\
  01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\
  0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\
  0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,\
  0c,0c,00,00,b8,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,\
  0c,0c,00,00,b8,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace]
"OPEN_VOLUME_HANDLE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"OPEN_VOLUME_HANDLE (Leave)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_FLUSH_AND_HOLD (Enter)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,\
  cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_FLUSH_AND_HOLD (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,\
  cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_RELEASE (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IOCTL_RELEASE (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)]
"OPEN_VOLUME_HANDLE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\
  01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"OPEN_VOLUME_HANDLE (Leave)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,\
  01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_FLUSH_AND_HOLD (Enter)"=hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,\
  cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_FLUSH_AND_HOLD (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,\
  cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_RELEASE (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\
  0c,00,00,f8,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IOCTL_RELEASE (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,\
  0c,00,00,f8,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,28,03,\
  00,00,70,0b,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,c0,eb,c9,48,b8,d7,cc,01,28,03,\
  00,00,70,0b,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,28,\
  03,00,00,70,0b,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,\
  03,00,00,70,0b,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,\
  d7,cc,01,28,03,00,00,70,0b,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,\
  00,00,70,0b,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,\
  00,00,70,0b,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,\
  28,03,00,00,70,0b,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,\
  28,03,00,00,70,0b,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,50,\
  fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,\
  00,70,0b,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,\
  00,70,0b,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,30,b6,\
  d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,\
  01,28,03,00,00,e0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,\
  70,0b,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\
  01,28,03,00,00,e0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,\
  70,0b,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,28,\
  03,00,00,70,0b,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,\
  03,00,00,70,0b,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  28,03,00,00,58,08,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  28,03,00,00,58,08,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\
  0c,00,00,1c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,\
  0c,00,00,1c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,\
  d7,cc,01,0c,0c,00,00,1c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\
  0c,0c,00,00,b8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,\
  0c,0c,00,00,b8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,\
  ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,20,5a,db,4b,b8,d7,cc,01,0c,0c,00,\
  00,c4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,\
  00,c4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,11,\
  54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\
  01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c0,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\
  01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c0,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,\
  0c,00,00,b4,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,\
  0c,00,00,b4,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,\
  0c,0c,00,00,c0,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,\
  0c,0c,00,00,c0,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,\
  00,00,1c,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,\
  00,00,1c,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,\
  0c,00,00,90,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,\
  0c,00,00,90,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,\
  d7,cc,01,0c,0c,00,00,90,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,\
  00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,\
  0c,0c,00,00,c8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,\
  0c,0c,00,00,c8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\
  de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,\
  00,b4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,\
  00,b4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,f0,5f,\
  c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,\
  01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,\
  01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,\
  c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,\
  0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,\
  0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,\
  0c,0c,00,00,b4,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,\
  0c,0c,00,00,b4,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}]
"PROVIDER_BEGINPREPARE (Enter)"=hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,\
  cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_BEGINPREPARE (Leave)"=hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,\
  cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_ENDPREPARE (Enter)"=hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_ENDPREPARE (Leave)"=hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_PRECOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_PRECOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_COMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,\
  0c,0c,00,00,f4,0c,00,00,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_COMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,\
  0c,0c,00,00,f4,0c,00,00,04,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_POSTCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_POSTCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,\
  01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PROVIDER_PREFINALCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,\
  d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,01,00,00,00,00,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"PROVIDER_PREFINALCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,\
  d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"PROVIDER_POSTFINALCOMMIT (Enter)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,\
  d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,01,00,00,00,00,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"PROVIDER_POSTFINALCOMMIT (Leave)"=hex:40,00,00,00,00,00,00,00,b0,0c,d0,68,b8,\
  d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,4c,04,\
  00,00,60,06,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,b0,f3,f6,49,b8,d7,cc,01,4c,04,\
  00,00,60,06,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,4c,\
  04,00,00,60,06,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,\
  04,00,00,60,06,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,\
  d7,cc,01,4c,04,00,00,60,06,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,4c,04,\
  00,00,9c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,4c,04,\
  00,00,9c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,\
  4c,04,00,00,9c,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,\
  4c,04,00,00,9c,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,90,\
  51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,4c,04,00,\
  00,9c,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,\
  00,9c,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,c0,4b,\
  d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,\
  01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,\
  9c,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\
  01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,\
  9c,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,4c,\
  04,00,00,9c,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,\
  04,00,00,9c,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  4c,04,00,00,9c,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  4c,04,00,00,9c,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap]
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Enter)"=hex:40,\
  00,00,00,00,00,00,00,00,b2,ce,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,20,00,\
  00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Enter)"=hex:40,00,00,00,\
  00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,08,00,00,00,01,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Enter)"=hex:40,00,\
  00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1a,00,00,\
  00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Leave)"=hex:40,00,\
  00,00,00,00,00,00,50,64,d9,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1b,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Enter)"=hex:\
  40,00,00,00,00,00,00,00,50,71,e5,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0c,\
  00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Leave)"=hex:\
  40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0d,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Enter)"=hex:40,00,\
  00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,12,00,00,\
  00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Leave)"=hex:40,00,00,00,\
  00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,09,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Leave)"=hex:40,\
  00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,21,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Enter)"=hex:40,00,\
  00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0a,00,00,\
  00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Leave)"=hex:40,00,\
  00,00,00,00,00,00,d0,b2,ac,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0b,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Enter)"=hex:40,00,\
  00,00,00,00,00,00,40,2f,bc,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,04,00,00,\
  00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Enter)"=hex:\
  40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1c,\
  00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"VolumesSafeForWrite (Enter)"=hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,\
  01,00,00,00,00,00,00,00,00,1e,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"VolumesSafeForWrite (Leave)"=hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,\
  01,00,00,00,00,00,00,00,00,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Leave)"=hex:\
  40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1d,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Leave)"=hex:40,00,\
  00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,13,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Leave)"=hex:40,00,\
  00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,05,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Enter)"=hex:\
  40,00,00,00,00,00,00,00,40,46,6a,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,00,\
  00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Enter)"=hex:40,00,00,\
  00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,02,00,00,00,\
  01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Leave)"=hex:40,00,00,\
  00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,03,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Leave)"=hex:\
  40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,01,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Enter)"=hex:40,00,00,\
  00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,06,00,00,00,\
  01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00
"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Leave)"=hex:40,00,00,\
  00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,07,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,f0,ff,b2,48,b8,d7,cc,01,38,03,\
  00,00,68,0c,00,00,e8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,10,02,fa,49,b8,d7,cc,01,38,03,\
  00,00,68,0c,00,00,e8,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,30,91,28,4b,b8,d7,cc,01,38,\
  03,00,00,a4,0c,00,00,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,38,\
  03,00,00,a4,0c,00,00,e9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,d0,68,56,4b,b8,d7,cc,01,38,03,\
  00,00,a8,0c,00,00,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,38,03,\
  00,00,a8,0c,00,00,f9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"DOSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,38,03,\
  00,00,04,0c,00,00,0a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"DOSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,\
  00,00,b0,0c,00,00,0a,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher]
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,30,ea,71,4b,b8,d7,cc,01,\
  0c,0c,00,00,ac,0c,00,00,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,\
  0c,0c,00,00,ac,0c,00,00,ea,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,\
  00,ac,0c,00,00,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_FRONT (Enter)"=hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_FRONT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ec,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_BACK (Enter)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_BACK (Leave)"=hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ed,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_SYSTEM (Enter)"=hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_SYSTEM (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,ee,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_KTM (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_KTM (Leave)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,f0,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_RM (Enter)"=hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE_RM (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,ef,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,\
  00,ac,0c,00,00,eb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW_KTM (Enter)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW_KTM (Leave)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,\
  00,00,ac,0c,00,00,f4,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,\
  ac,0c,00,00,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,\
  ac,0c,00,00,f2,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,\
  0c,00,00,ac,0c,00,00,f5,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,40,a2,d4,68,b8,d7,cc,01,\
  0c,0c,00,00,ac,0c,00,00,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,c0,1a,5b,69,b8,d7,cc,01,\
  0c,0c,00,00,ac,0c,00,00,fb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer]
"IDENTIFY (Enter)"=hex:40,00,00,00,00,00,00,00,40,b2,bd,48,b8,d7,cc,01,38,03,\
  00,00,74,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IDENTIFY (Leave)"=hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,38,03,\
  00,00,74,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Enter)"=hex:40,00,00,00,00,00,00,00,f0,ad,2e,4b,b8,d7,cc,01,38,\
  03,00,00,6c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPAREBACKUP (Leave)"=hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,\
  03,00,00,6c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_STABLE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,\
  d7,cc,01,38,03,00,00,6c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,\
  00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,\
  00
"GETSTATE (Enter)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,\
  00,00,84,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"GETSTATE (Leave)"=hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,\
  00,00,84,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,\
  b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,80,9c,7c,4b,b8,d7,cc,01,\
  38,03,00,00,e8,03,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"PREPARESNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,\
  38,03,00,00,e8,03,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,20,\
  74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,02,00,00,00,01,00,00,00,01,00,\
  00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,\
  00,00,00,00,00
"FREEZE (Enter)"=hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,38,03,00,\
  00,fc,0a,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"FREEZE (Leave)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,\
  00,fc,0a,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,\
  b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"=hex:40,00,00,00,00,00,00,00,a0,20,\
  cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,03,00,00,00,01,00,00,00,02,00,00,\
  00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,\
  00,00,00,00
"BKGND_FREEZE_THREAD (Enter)"=hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,\
  01,38,03,00,00,d8,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Enter)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,\
  fc,0a,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BKGND_FREEZE_THREAD (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,\
  01,38,03,00,00,d8,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,\
  a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"THAW (Leave)"=hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,\
  fc,0a,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,\
  11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"=hex:40,00,00,00,00,00,00,\
  00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,04,00,00,00,01,00,00,00,\
  03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,\
  00,00,00,00,00,00,00
"POSTSNAPSHOT (Enter)"=hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,38,\
  03,00,00,e8,03,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"POSTSNAPSHOT (Leave)"=hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,\
  03,00,00,e8,03,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,\
  da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"=hex:40,00,00,00,00,00,\
  00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,05,00,00,00,01,00,00,\
  00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,\
  00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Enter)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  38,03,00,00,e8,03,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00
"BACKUPSHUTDOWN (Leave)"=hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,\
  38,03,00,00,e8,03,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,\
  1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}]
@="Microsoft Software Shadow Copy provider 1.0"
"Type"=dword:00000001
"Version"="1.0.0.7"
"VersionId"="{00000001-0000-0000-0007-000000000001}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID]
@="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert]
"{2707761B-2324-473D-88EB-EB007A359533}"="DFS-R Writer"
"{D76F5A28-3092-4589-BA48-2958FB88CE29}"="FRS Writer"
"{B2014C9E-8711-4C5C-A5A9-3CF384484757}"="AD Writer"
"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"="ADAM Writer"
"TornComponentsBlockRevert"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl]
"NT Authority\NetworkService"=dword:00000001

:Commands
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Alt 06.06.2014, 17:14   #19
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"DisplayName"|"@%systemroot%\\system32\\vssvc.exe,-102" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Description"|"@%systemroot%\\system32\\vssvc.exe,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ObjectName"|"LocalSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Start"|dword:00000003 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"Type"|dword:00000010 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"DependOnService"|hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\\"ServiceSidType"|dword:00000001 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGetSnapshots (Enter)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d2,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGetSnapshots (Leave)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d2,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppEnumGroups (Enter)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d1,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppEnumGroups (Leave)"|hex:40,00,00,00,00,00,00,00,d0,3f,58,80,bc,d7,cc,01,60,0f,00,00,90,0f,00,00,d1,07,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppCreate (Enter)"|hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d0,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGatherWriterMetadata (Enter)"|hex:40,00,00,00,00,00,00,00,60,6a,ae,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppGatherWriterMetadata (Leave)"|hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d3,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppAddInterestingComponents (Enter)"|hex:40,00,00,00,00,00,00,00,e0,6b,05,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppAddInterestingComponents (Leave)"|hex:40,00,00,00,00,00,00,00,c0,b3,14,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d4,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SPP\\"SppCreate (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d0,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore\\"SrCreateRp (Enter)"|hex:40,00,00,00,00,00,00,00,50,42,54,48,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d5,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SystemRestore\\"SrCreateRp (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,04,0c,00,00,d5,07,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\ASR Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,e0,16,d3,48,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,40,d3,51,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,bc,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,dc,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\COM+ REGDB Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,50,57,16,69,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"OPEN_VOLUME_HANDLE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"OPEN_VOLUME_HANDLE (Leave)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_FLUSH_AND_HOLD (Enter)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_FLUSH_AND_HOLD (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_RELEASE (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace\\"IOCTL_RELEASE (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"OPEN_VOLUME_HANDLE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"OPEN_VOLUME_HANDLE (Leave)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fd,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_FLUSH_AND_HOLD (Enter)"|hex:40,00,00,00,00,00,00,00,40,c4,5e,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_FLUSH_AND_HOLD (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,fe,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_RELEASE (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Lovelace(__?_Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}_)\\"IOCTL_RELEASE (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f8,0c,00,00,ff,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,c0,eb,c9,48,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,e0,c4,4e,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,50,fb,ab,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,70,0b,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,28,03,00,00,e0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,e0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,28,03,00,00,70,0b,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,7b,e7,4d,b8,d7,cc,01,28,03,00,00,70,0b,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,28,03,00,00,58,08,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\MSSearch Service Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,28,03,00,00,58,08,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,d0,47,c2,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,93,5f,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,ec,a8,4b,b8,d7,cc,01,0c,0c,00,00,b8,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,20,5a,db,4b,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,f0,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Registry Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,a0,96,08,69,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,a0,c0,c0,48,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,30,56,c5,48,b8,d7,cc,01,0c,0c,00,00,1c,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,70,5a,53,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,0c,0c,00,00,90,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,c0,7f,76,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,de,a5,4b,b8,d7,cc,01,0c,0c,00,00,c8,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,d4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,e9,81,4c,b8,d7,cc,01,0c,0c,00,00,c4,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,02,61,4d,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,c0,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\Shadow Copy Optimization Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,00,18,24,69,b8,d7,cc,01,0c,0c,00,00,b4,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_BEGINPREPARE (Enter)"|hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_BEGINPREPARE (Leave)"|hex:40,00,00,00,00,00,00,00,00,0a,27,4b,b8,d7,cc,01,0c,0c,00,00,18,0c,00,00,01,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_ENDPREPARE (Enter)"|hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_ENDPREPARE (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,02,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PRECOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PRECOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,03,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_COMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f4,0c,00,00,04,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_COMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,f4,0c,00,00,04,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,05,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PREFINALCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_PREFINALCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,06,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTFINALCOMMIT (Enter)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}\\"PROVIDER_POSTFINALCOMMIT (Leave)"|hex:40,00,00,00,00,00,00,00,b0,0c,d0,68,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,07,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,b0,f3,f6,49,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,20,35,30,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,4c,04,00,00,60,06,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,0c,5e,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8e,79,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,30,b6,d3,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,e4,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,20,8a,62,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\System Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,4c,04,00,00,9c,0c,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Enter)"|hex:40,00,00,00,00,00,00,00,00,b2,ce,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,20,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Enter)"|hex:40,00,00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Enter)"|hex:40,00,00,00,00,00,00,00,30,39,d0,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ActivateLoop (Leave)"|hex:40,00,00,00,00,00,00,00,50,64,d9,b0,b7,d7,cc,01,00,00,00,00,00,00,00,00,1b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Enter)"|hex:40,00,00,00,00,00,00,00,50,71,e5,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ComputeIgnorableProduct (Leave)"|hex:40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,0d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Enter)"|hex:40,00,00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,12,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}Activate (Leave)"|hex:40,00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,09,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DiscoverSnapshots (Leave)"|hex:40,00,00,00,00,00,00,00,40,61,2a,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,21,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0a,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}SetIgnorable (Leave)"|hex:40,00,00,00,00,00,00,00,d0,b2,ac,4c,b8,d7,cc,01,00,00,00,00,00,00,00,00,0b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Enter)"|hex:40,00,00,00,00,00,00,00,40,2f,bc,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Enter)"|hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1c,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"VolumesSafeForWrite (Enter)"|hex:40,00,00,00,00,00,00,00,b0,3e,3e,b1,b7,d7,cc,01,00,00,00,00,00,00,00,00,1e,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"VolumesSafeForWrite (Leave)"|hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}ValidateDiffAreaFiles (Leave)"|hex:40,00,00,00,00,00,00,00,b0,49,1a,b2,b7,d7,cc,01,00,00,00,00,00,00,00,00,1d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}DeleteProcess (Leave)"|hex:40,00,00,00,00,00,00,00,60,7f,aa,82,be,d7,cc,01,00,00,00,00,00,00,00,00,13,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}AdjustBitmap (Leave)"|hex:40,00,00,00,00,00,00,00,80,f8,e6,68,b8,d7,cc,01,00,00,00,00,00,00,00,00,05,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Enter)"|hex:40,00,00,00,00,00,00,00,40,46,6a,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Enter)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,02,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PreExposure (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}PrepareForSnapshot (Leave)"|hex:40,00,00,00,00,00,00,00,d0,db,6e,4b,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Enter)"|hex:40,00,00,00,00,00,00,00,50,93,6f,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VolSnap\\"Volume{e1fe1ea4-43aa-11e1-9020-806e6f6e6963}EndCommit (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,0c,00,00,48,0c,00,00,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,f0,ff,b2,48,b8,d7,cc,01,38,03,00,00,68,0c,00,00,e8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,10,02,fa,49,b8,d7,cc,01,38,03,00,00,68,0c,00,00,e8,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,30,91,28,4b,b8,d7,cc,01,38,03,00,00,a4,0c,00,00,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,a0,e1,54,4b,b8,d7,cc,01,38,03,00,00,a4,0c,00,00,e9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,d0,68,56,4b,b8,d7,cc,01,38,03,00,00,a8,0c,00,00,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,20,1b,61,4b,b8,d7,cc,01,38,03,00,00,a8,0c,00,00,f9,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"DOSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,e0,37,67,4b,b8,d7,cc,01,38,03,00,00,04,0c,00,00,0a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssapiPublisher\\"DOSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,38,03,00,00,b0,0c,00,00,0a,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,30,ea,71,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ea,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_FRONT (Enter)"|hex:40,00,00,00,00,00,00,00,90,51,be,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ec,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_FRONT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ec,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_BACK (Enter)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ed,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_BACK (Leave)"|hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ed,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_SYSTEM (Enter)"|hex:40,00,00,00,00,00,00,00,d0,a7,d0,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ee,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_SYSTEM (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ee,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_KTM (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f0,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_KTM (Leave)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f0,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_RM (Enter)"|hex:40,00,00,00,00,00,00,00,c0,4b,d8,4b,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ef,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE_RM (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,ef,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,f0,11,54,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,eb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW_KTM (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f4,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW_KTM (Leave)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f4,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,30,db,7e,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f2,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f2,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,60,6d,5c,4d,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f5,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,a0,27,07,67,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,f5,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,40,a2,d4,68,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\VssvcPublisher\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,c0,1a,5b,69,b8,d7,cc,01,0c,0c,00,00,ac,0c,00,00,fb,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"IDENTIFY (Enter)"|hex:40,00,00,00,00,00,00,00,40,b2,bd,48,b8,d7,cc,01,38,03,00,00,74,0c,00,00,e8,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"IDENTIFY (Leave)"|hex:40,00,00,00,00,00,00,00,70,39,bf,48,b8,d7,cc,01,38,03,00,00,74,0c,00,00,e8,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPAREBACKUP (Enter)"|hex:40,00,00,00,00,00,00,00,f0,ad,2e,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,e9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPAREBACKUP (Leave)"|hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,e9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_STABLE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,80,43,33,4b,b8,d7,cc,01,38,03,00,00,6c,0c,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"GETSTATE (Enter)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,00,00,84,0c,00,00,f9,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"GETSTATE (Leave)"|hex:40,00,00,00,00,00,00,00,90,85,5c,4b,b8,d7,cc,01,38,03,00,00,84,0c,00,00,f9,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPARESNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,80,9c,7c,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,ea,03,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"PREPARESNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,ea,03,00,00,00,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_FREEZE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,74,aa,4b,b8,d7,cc,01,38,03,00,00,e8,03,00,00,02,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"FREEZE (Enter)"|hex:40,00,00,00,00,00,00,00,f0,5f,c1,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,eb,03,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"FREEZE (Leave)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,eb,03,00,00,00,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_THAW (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,03,00,00,00,01,00,00,00,02,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BKGND_FREEZE_THREAD (Enter)"|hex:40,00,00,00,00,00,00,00,a0,20,cf,4b,b8,d7,cc,01,38,03,00,00,d8,0c,00,00,fc,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"THAW (Enter)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,f2,03,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BKGND_FREEZE_THREAD (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,d8,0c,00,00,fc,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"THAW (Leave)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,f2,03,00,00,00,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_POST_SNAPSHOT (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,20,7f,86,4c,b8,d7,cc,01,38,03,00,00,fc,0a,00,00,04,00,00,00,01,00,00,00,03,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"POSTSNAPSHOT (Enter)"|hex:40,00,00,00,00,00,00,00,00,d2,71,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,f5,03,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"POSTSNAPSHOT (Leave)"|hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,f5,03,00,00,00,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"VSS_WS_WAITING_FOR_BACKUP_COMPLETE (SetCurrentState)"|hex:40,00,00,00,00,00,00,00,30,59,73,4d,b8,d7,cc,01,38,03,00,00,e8,03,00,00,05,00,00,00,01,00,00,00,04,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BACKUPSHUTDOWN (Enter)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,38,03,00,00,e8,03,00,00,fb,03,00,00,01,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Diag\WMI Writer\\"BACKUPSHUTDOWN (Leave)"|hex:40,00,00,00,00,00,00,00,10,5a,4d,69,b8,d7,cc,01,38,03,00,00,e8,03,00,00,fb,03,00,00,00,00,00,00,05,00,00,00,00,00,00,00,a2,1a,da,b8,b0,11,18,4e,bf,d6,9f,55,91,39,b9,c0,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\@|"Microsoft Software Shadow Copy provider 1.0" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"Type"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"Version"|"1.0.0.7" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\\"VersionId"|"{00000001-0000-0000-0007-000000000001}" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID\\@|"{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{2707761B-2324-473D-88EB-EB007A359533}"|"DFS-R Writer" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{D76F5A28-3092-4589-BA48-2958FB88CE29}"|"FRS Writer" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{B2014C9E-8711-4C5C-A5A9-3CF384484757}"|"AD Writer" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"|"ADAM Writer" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings\WritersBlockingRevert\\"TornComponentsBlockRevert"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\VssAccessControl\\"NT Authority\NetworkService"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06062014_180929

Alt 06.06.2014, 17:22   #20
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Gut. Weiter mit 3) und 4) bitte.


Alt 07.06.2014, 00:12   #21
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
Farbar Service Scanner Version: 21-05-2014
Ran by Lieselotte (administrator) on 07-06-2014 at 01:11:38
Running from "C:\Users\Lieselotte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit

ATTENTION!=====> C:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 07.06.2014, 15:07   #22
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Downloade dir bitte ESET services repair und speichere es auf den Desktop.
  • Öffne das Tool mit einem Doppelklick auf ServicesRepair.exe.
  • Wenn Hinweise angezeigt werden, drücke auf Weiter/Ja und bestätige die Ausführung des Tools.
  • Nachdem das Tool durchgelaufen ist, wird ein Neustart verlangt. Drücke auf Yes, um diesen auszuführen.
  • Im auf dem Desktop erstellten Ordner CCSupport findest du ein Logfile. Poste bitte dessen Inhalt hier.
Alt 07.06.2014, 20:27   #23
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
Log Opened: 2014-06-07 @ 21:23:39
21:23:39 - -----------------
21:23:39 - | Begin Logging |
21:23:39 - -----------------
21:23:39 - Fix started on a WIN_7 X64 computer
21:23:39 - Prep in progress.  Please Wait.
21:23:41 - Prep complete
21:23:41 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Zugriff verweigert
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Zugriff verweigert

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
21:23:48 - Services Repair Complete.
21:23:52 - Reboot Initiated

Alt 08.06.2014, 09:49   #24
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Jetzt bitte nochmal FSS ausführen.

Alt 08.06.2014, 12:41   #25
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
Farbar Service Scanner Version: 21-05-2014
Ran by Lieselotte (administrator) on 08-06-2014 at 13:30:53
Running from "C:\Users\Lieselotte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit

ATTENTION!=====> C:\Windows\System32\vssvc.exe FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 08.06.2014, 18:13   #26
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Es fehlt noch eine Systemdatei. Diese würde ich gerne wiederherstellen.

Dazu müssen wir erst nach einer Kopie suchen:

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
vssvc.exe
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.


Alt 08.06.2014, 21:24   #27
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 08/06/2014 by Lieselotte
Administrator - Elevation successful

========== filefind ==========

Searching for "vssvc.exe"
C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe	--a---- 1598976 bytes	[23:39 13/07/2009]	[01:39 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA

-= EOF =-

Alt 09.06.2014, 09:48   #28
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


So, wir verschieben jetzt die fehlende Systemdatei mit ComboFix.




Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe | C:\Windows\System32\vssvc.exe
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Schritt 2
Poste bitte nochmal eine Logdatei von FSS.

Alt 09.06.2014, 14:07   #29
DerTK
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Code:
ATTFilter
ComboFix 14-06-09.01 - Lieselotte 09.06.2014  14:40:32.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1788.767 [GMT 2:00]
ausgeführt von:: c:\users\Lieselotte\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Lieselotte\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\System32\dllhost.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!dllhost.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\windows\System32\msiexec.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7600.16385_none_a57666739fcae94c\msiexec.exe wurde wiederhergestellt 
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --> c:\windows\System32\vssvc.exe
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-09 bis 2014-06-09  ))))))))))))))))))))))))))))))
.
.
2014-06-09 12:58 . 2013-07-15 01:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF0980E1-6BC5-4477-AEC8-B139BFE1D9C1}\mpengine.dll
2014-06-09 12:55 . 2014-06-09 12:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-09 12:40 . 2014-06-09 12:58	2199040	----atw-	c:\windows\system32\vssvc.exe
2014-06-06 16:09 . 2014-06-06 16:09	--------	d-----w-	C:\_OTL
2014-06-06 11:37 . 2014-06-06 11:37	3524608	----a-w-	c:\windows\system32\sppsvc.exe
2014-06-06 11:37 . 2014-06-06 11:37	533504	----a-w-	c:\windows\system32\vds.exe
2014-06-06 11:37 . 2014-06-06 11:37	40960	----a-w-	c:\windows\system32\UI0Detect.exe
2014-06-05 15:22 . 2014-06-05 15:22	--------	d-----w-	c:\program files (x86)\ESET
2014-06-05 12:03 . 2014-06-05 12:03	--------	d-----w-	C:\zoek
2014-06-04 18:51 . 2014-06-04 18:51	--------	d-----w-	c:\windows\ERUNT
2014-06-04 18:24 . 2014-06-04 18:41	--------	d-----w-	C:\AdwCleaner
2014-06-03 12:00 . 2014-06-05 15:11	--------	d-----w-	C:\FRST
2014-05-15 13:58 . 2014-05-15 13:58	--------	d-----w-	c:\users\Lieselotte\AppData\Roaming\AVAST Software
2014-05-15 13:56 . 2014-05-15 13:57	85328	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-05-15 13:56 . 2014-05-15 13:55	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-05-15 13:56 . 2014-05-15 13:57	1039096	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-05-15 13:56 . 2014-05-15 13:57	423240	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-05-15 13:56 . 2014-05-15 13:55	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-05-15 13:56 . 2014-05-15 13:55	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-05-15 13:56 . 2014-05-15 13:55	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-05-15 13:56 . 2014-05-15 13:55	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-05-15 13:55 . 2014-05-15 13:55	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-15 13:55 . 2014-05-15 13:55	43152	----a-w-	c:\windows\avastSS.scr
2014-05-15 13:53 . 2014-05-15 13:53	--------	d-----w-	c:\program files\AVAST Software
2014-05-15 13:53 . 2014-06-04 19:04	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-15 13:52 . 2014-05-15 18:24	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-15 13:52 . 2014-05-15 13:52	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-15 13:52 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-15 13:52 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-15 13:52 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-11 00:07 . 2014-05-15 13:51	--------	d-----w-	c:\programdata\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-09 12:58 . 2011-06-24 07:57	727552	----atw-	c:\windows\system32\msiexec.exe
2014-05-17 16:47 . 2010-10-19 11:28	735744	----atw-	c:\windows\system32\TODDSrv.exe
2014-05-15 16:11 . 2011-06-24 07:57	73216	----a-w-	c:\windows\SysWow64\msiexec.exe
2014-04-17 03:31 . 2014-04-22 09:12	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B70722CB-1C44-4892-83EC-9A83FCF7D2DB}\mpengine.dll
2014-03-31 07:35 . 2011-09-02 12:09	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-31 01:51 . 2011-12-13 14:15	90655440	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2014-05-11 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-15 13:55	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-28 2120808]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2014-05-11 18944]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\77C616E6: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7b51ee58-8c05-4c71-ad03-9f1f1c809f13}\84352505: DhcpNameServer = 192.168.106.1
FF - ProfilePath - c:\users\Lieselotte\AppData\Roaming\Mozilla\Firefox\Profiles\7o7bb6oi.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B} - c:\program files\Amazon\UninstallerAmazon.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-09  15:03:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-09 13:03
ComboFix2.txt  2014-06-03 20:30
.
Vor Suchlauf: 2.408.153.088 Bytes frei
Nach Suchlauf: 2.255.814.656 Bytes frei
.
- - End Of File - - 57F240097DE9242CCB554AFB957E1111
Code:
ATTFilter
Farbar Service Scanner Version: 21-05-2014
Ran by Lieselotte (administrator) on 09-06-2014 at 15:06:00
Running from "C:\Users\Lieselotte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2014-06-09 14:40] - [2014-06-09 14:58] - 2199040 ___AT (Microsoft Corporation) 2965C64AE72247809BA5FEB3AE368F34

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 09.06.2014, 14:08   #30
M-K-D-B
/// TB-Ausbilder
 
Komplette Säuberung (Entfernen von Viren usw) - Standard

Komplette Säuberung (Entfernen von Viren usw)


Leider habe ich schlechte Nachrichten für dich:



Warnung:
File Infector
Dein Rechner wurde mit einem besonderen Schädling infiziert, der andere Dateien infiziert, wodurch er sich unkontrolliert vermehrt. Diese Art der Computerschädlinge ist mit die gefährlichste. Bereinigungsversuche sind möglich, die Erfolgsaussichten dein System wieder sauber zu bekommen liegen dabei allerdings zwischen gering und unmöglich.

Wir empfehlen dringend die Formatierung und das Neuaufsetzen deines Systemes in folgenden Schritten:
  1. Sicherung deiner Daten: Nicht während dein Windows läuft sondern mit Hilfe einer Boot-CD oder eines entsprechend vorbereiteten USB-Sticks. (Anleitung)
  2. Löschen deiner Festplatte entweder mit dem Windows-Setup oder einem Tool per USB-Stick.
  3. Nach der Installation: Absicherung deines Systems (ein Virenscanner mit Hintergrundwächter, ein Malwarescanner beispielsweise MBAM)
Antwort
Seite 2 von 3 1 2 3

Themen zu Komplette Säuberung (Entfernen von Viren usw)
avast, bereinigt, bereinigung, bereits, brauch, community, datei, datein, entferne, entfernen, erfolgreich, erneut, freue, geholfen, komplett, komplette, konnte, laptop, liebe, maleware suchen, scan, säuberung, unbedingt, viren, viren bekämpfen, win, win7, würde


« Antivir hat TR/TRASH .GEN und ADWARE/DealPly.o gefunden - was nun? | Spammails an Kontakte (Yahoo) »


Ähnliche Themen: Komplette Säuberung (Entfernen von Viren usw)


  1. XP: svchost.exe krampft sich die komplette CPU-Zeit
    Log-Analyse und Auswertung - 24.01.2014 (19)
  2. Pc Voller Viren?Säuberung!
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  3. Säuberung meine s pcs von viren
    Lob, Kritik und Wünsche - 11.07.2013 (0)
  4. GVU Trojaner - komplette löschung
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  5. Incredibar durch komplette Neuinstallation entfernen?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (8)
  6. grosse säuberung
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (21)
  7. Vollständige Säuberung&instandsetzung des PCs
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  8. Medion Pc: Komplette Formatiering möglich?
    Alles rund um Windows - 31.07.2011 (9)
  9. kann komplette Hardware auf einmal kaputt gehen?
    Netzwerk und Hardware - 18.11.2010 (9)
  10. Komplette i368 kaputt
    Alles rund um Windows - 18.07.2010 (8)
  11. Malware Doctor - komplette Einschränkung
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (2)
  12. Explorer.exe komplette prozessorauslastung
    Log-Analyse und Auswertung - 26.02.2008 (2)
  13. Anleitung für allgemeine Säuberung
    Diskussionsforum - 30.01.2008 (8)
  14. Log nach Virenbefall und Säuberung
    Log-Analyse und Auswertung - 03.07.2007 (2)
  15. Hilfe das komplette Netzwerk spinnt
    Plagegeister aller Art und deren Bekämpfung - 10.02.2006 (1)
  16. Säuberung oder Format C ?
    Log-Analyse und Auswertung - 16.07.2005 (1)
  17. HiJack von ebay-Mail / komplette Festplatte schreibgeschützt
    Log-Analyse und Auswertung - 19.11.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Komplette Säuberung (Entfernen von Viren usw) - 1) Bitte folgendes tun: Systemdateien reparieren 2) Danach die folgende Datei auf den Desktop abspeichern und ausführen (ggf. Sicherheitsabfrage bestätigen/erlauben): vss.reg Rechner neu starten! 3) Dann noch die folgende Batch-Datei - Komplette Säuberung (Entfernen von Viren usw)...
Archiv
Du betrachtest: Komplette Säuberung (Entfernen von Viren usw) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131