- 1 user registry handles leaked from \Registry\User\S-1-5-21-3264609573-1455639020-2944556979-1000_Classes:__
- Warning in Event Viewer «2 user registry handles leaked from \Registry\User\S-1-5-21-372863494-2545602876-1647677964-1003»
- Replies (4)
- Windows user registry handles leaked from
- Глюк терминала Win 2008R2
1 user registry handles leaked from \Registry\User\S-1-5-21-3264609573-1455639020-2944556979-1000_Classes:__
help this is one of thousands of diff event logs
1 user registry handles leaked from \Registry\User\S-1-5-21-3264609573-1455639020-2944556979-1000_Classes:
Process 1000 (\Device\HarddiskVolume1\Program Files\F-Secure\common\FSHDLL32.EXE) has opened key \REGISTRY\USER\S-1-5-21-3264609573-1455639020-2944556979-1000_CLASSES
You may refer the following KB article to get more information on the issue:
Event ID: 1530 may be logged in the Application log on a Windows 7-based or Windows Vista-based client computer
• Do you have F-Secure antivirus installed on the computer?
If you have installed it, then the registry key is opened by the F-Secure antivirus and you may need to contact F-secure to check with them about the issue:
Please post back and let us know about the status.
Hope this information is useful.
Praseetha K
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.
If this post helps to resolve your issue, please click the «Mark as Answer» or «Helpful» button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.
7 people found this reply helpful
Was this reply helpful?
Sorry this didn’t help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Warning in Event Viewer «2 user registry handles leaked from \Registry\User\S-1-5-21-372863494-2545602876-1647677964-1003»
Original Title: Registry
I get the below warning in the Event Viewer, any one can tell me what that means ?
2 user registry handles leaked from \Registry\User\S-1-5-21-372863494-2545602876-1647677964-1003: Process 780 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-372863494-2545602876-1647677964-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Process 928 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-372863494-2545602876-1647677964-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Replies (4)
Check for the issue in ‘Safe Mode with Networking’.
‘Safe Mode with Networking’ starts Windows in safe mode and includes the network drivers and services needed to access the Internet or other computers on your network.
If the issue doesn’t persist in safe mode, I would suggest you to perform clean boot and check.
Place the computer in a clean boot state and then check if it helps. You can start Windows by using a minimal set of drivers and startup programs. This kind of startup is known as a «clean boot.» A clean boot helps eliminate software conflicts.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Note: After troubleshooting, make sure the computer to start as usual as mentioned in Step 7 in the above KB article.
I would suggest you to download and install Microsoft safety scanner and run the scan and check.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.
2 people found this reply helpful
Was this reply helpful?
Sorry this didn’t help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
I get the below warning in the Event Viewer, any one can tell me what that means ?
2 user registry handles leaked from \Registry\User\S-1-5-21-372863494-2545602876-1647677964-1003: Process 780 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-372863494-2545602876-1647677964-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Process 928 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-372863494-2545602876-1647677964-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
1) This behavior occurs because Windows automatically closes any registry handle to a user profile that is left open by an application. Windows Vista does this when Windows Vista tries to close a user profile.
Note Event ID 1530 is logged as a Warning event. The application that is listed in the event detail is leaving the registry handle open and should be investigated.
Windows user registry handles leaked from
16 user registry handles leaked from \Registry\User\S-1-5-21-1082989139-2594333343-3947924465-1001: Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 828 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\nTune\nTuneService.exe) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001 Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\My Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\CA Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Root Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\TrustedPeople Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\trust Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Policies\Microsoft\SystemCertificates Process 2384 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1082989139-2594333343-3947924465-1001\Software\Microsoft\SystemCertificates\Disallowed
should i be worried or can i get some help with this ?
Глюк терминала Win 2008R2
  | Список форумов SYSAdmins.RU -> WINDOWS | На страницу 1, 2 След. |
| Автор | |||||
|---|---|---|---|---|---|
| Air777 Новичок Зарегистрирован: 17.10.2003 |
| ||||
| Вернуться к началу |
| ||||
 | |||||
| Зарегистрируйтесь и реклама исчезнет! | |||||
| |||||
| Мpak Старожил форума
Зарегистрирован: 23.03.2007 |
| ||||
| Вернуться к началу |
| ||||
| |||||
| Air777 Новичок Зарегистрирован: 17.10.2003 |
| ||||
| Вернуться к началу |
| ||||
| |||||
| mds78 Активный участник Зарегистрирован: 29.10.2009
|
| ||||
| Вернуться к началу |
| ||||
| |||||
| Air777 Новичок Зарегистрирован: 17.10.2003 |
| ||||
| Вернуться к началу |
| ||||
| |||||
| mds78 Активный участник Зарегистрирован: 29.10.2009
|
| ||||
| Вернуться к началу |
| ||||
| |||||
| Air777 Новичок Зарегистрирован: 17.10.2003 |
| ||||
| Вернуться к началу |
| ||||
| |||||
| Мpak Старожил форума
Зарегистрирован: 23.03.2007 |
| ||||
| Вернуться к началу |
| ||||
| |||||
| Air777 Новичок Зарегистрирован: 17.10.2003 | |||||
