描述:
Windows 检测到注册表文件仍在由其他应用程序或服务使用。将立即卸载此文件。包含注册表文件的应用程序或服务以后可能无法正确运行。
详细信息 -
13 user registry handles leaked from \Registry\User\S-1-5-21-1958156886-1053990510-1543772822-1000:
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Internet Explorer\IETld
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Policies
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2011-12-05T03:32:52.362661700Z" />
<EventRecordID>3018</EventRecordID>
<Correlation />
<Execution ProcessID="820" ThreadID="3136" />
<Channel>Application</Channel>
<Computer>WIN-sq01</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">13 user registry handles leaked from \Registry\User\S-1-5-21-1958156886-1053990510-1543772822-1000:
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Internet Explorer\IETld
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Policies
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1864 (\Device\HarddiskVolume1\Program Files (x86)\360\360sd\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958156886-1053990510-1543772822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
</Data>
</EventData>
</Event>