none
事件1530 RRS feed

  • 问题

  • 日志名称:          Application
    来源:            Microsoft-Windows-User Profiles Service
    日期:            2012/11/14 8:20:08
    事件 ID:         1530
    任务类别:          无
    级别:            警告
    关键字:          
    用户:            SYSTEM
    计算机:          
    描述:
    Windows 检测到注册表文件仍在由其他应用程序或服务使用。将立即卸载此文件。包含注册表文件的应用程序或服务以后可能无法正确运行。

     详细信息 -
     3 user registry handles leaked from \Registry\User\S-1-5-21-4261768702-3527829929-2507541738-500:
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500\Printers\DevModePerUser
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500\Software\Microsoft\Windows NT\CurrentVersion\Windows

    事件 Xml:
    <Event xmlns="">
      <System>
        <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
        <EventID>1530</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2012-11-14T00:20:08.618792200Z" />
        <EventRecordID>3165</EventRecordID>
        <Correlation />
        <Execution ProcessID="888" ThreadID="2480" />
        <Channel>Application</Channel>
        <Computer>tspserver.tsp.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData Name="EVENT_HIVE_LEAK">
        <Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-4261768702-3527829929-2507541738-500:
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500\Printers\DevModePerUser
    Process 304 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4261768702-3527829929-2507541738-500\Software\Microsoft\Windows NT\CurrentVersion\Windows
    </Data>
      </EventData>
    </Event>

    此事件如何解开

    2012年11月14日 1:09

全部回复