Forum
Bildirimler
Hepsini Temizle
Windows Server
3
Yazılar
2
Üyeler
0
Reactions
1,399
Görüntüleme
Konu başlatıcı
Merhaba
EVENT İD: 1530 OLAN HATA DETAYI AŞŞAĞIDADIR
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-943768699-3025925119-816058524-500:
Process 248 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500
Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Printers\DevModePerUser
Process 2732 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-11-29T09:57:55.997463500Z" />
<EventRecordID>2381</EventRecordID>
<Correlation />
<Execution ProcessID="864" ThreadID="2616" />
<Channel>Application</Channel>
< <Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-943768699-3025925119-816058524-500:
Process 248 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500
Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Printers\DevModePerUser
Process 2732 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks
</Data>
</EventData>
</Event>
Gönderildi : 29/11/2011 16:07
MerhabaEVENT İD: 1530 OLAN HATA DETAYI AŞŞAĞIDADIRWindows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.DETAIL -3 user registry handles leaked from \Registry\User\S-1-5-21-943768699-3025925119-816058524-500:Process 248 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Printers\DevModePerUserProcess 2732 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Software\Symantec\Symantec Endpoint Protection\AV\Custom TasksEvent Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" /><EventID>1530</EventID><Version>0</Version><Level>3</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2011-11-29T09:57:55.997463500Z" /><EventRecordID>2381</EventRecordID><Correlation /><Execution ProcessID="864" ThreadID="2616" /><Channel>Application</Channel>< <Security UserID="S-1-5-18" /></System><EventData Name="EVENT_HIVE_LEAK"><Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-943768699-3025925119-816058524-500:Process 248 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Printers\DevModePerUserProcess 2732 (\Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-943768699-3025925119-816058524-500\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks</Data></EventData></Event>
Bu Hata İçin İse
Gönderildi : 29/11/2011 17:09
Konu başlatıcı
MERHABA
burayab daha önce baktım ama açıkçası pek işime yaramadı
Gönderildi : 29/11/2011 17:18