====== سجل أخطاء النظام ======
Computer Name: M-PC
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 361
Source Name: BTHUSB
Time Written: 20120730224647.020429-000
Event Type: Warning
User:
Computer Name: M-PC
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 354
Source Name: BTHUSB
Time Written: 20120730224643.011222-000
Event Type: Warning
User:
Computer Name: 37L4247D28-05
Event Code: 17
Message: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Record Number: 303
Source Name: BTHUSB
Time Written: 20120730224536.966608-000
Event Type: Error
User:
Computer Name: 37L4247D28-05
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 302
Source Name: BTHUSB
Time Written: 20120730224536.966608-000
Event Type: Warning
User:
Computer Name: 37L4247D28-05
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 300
Source Name: BTHUSB
Time Written: 20120730224532.957401-000
Event Type: Warning
User:
===== سجل أخطاء البرامج =====
Computer Name: M-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1743680140-4031571779-3364882558-1000:
Process 1944 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1743680140-4031571779-3364882558-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Record Number: 242
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120731001302.179077-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: M-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {436c8e2b-52e9-4404-b177-d1f899109e0b}
Record Number: 217
Source Name: VSS
Time Written: 20120730235305.000000-000
Event Type: Error
User:
Computer Name: M-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1743680140-4031571779-3364882558-1000:
Process 416 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1743680140-4031571779-3364882558-1000
Record Number: 191
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120730233635.528222-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: M-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a88
Start Time: 01cd6eab429d5734
Termination Time: 16
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Record Number: 188
Source Name: Application Hang
Time Written: 20120730233418.000000-000
Event Type: Error
User:
Computer Name: M-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 110
Source Name: Microsoft-Windows-Search
Time Written: 20120730224736.000000-000
Event Type: Warning
User:
===== السجل الأمني =====
Computer Name: 37L4247D28-05
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120730224359.170036-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x1d0
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120730224359.170036-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x23802
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120730224358.920435-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120730224358.140434-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120730224358.046834-000
Event Type: Audit Success
User:
===== تقرير انهيار البرامج =====
===== تقرير الشاشة الزرقاء =====
==================================================
Dump File : 080112-19016-01.dmp
Crash Time : 8/1/2012 10:36:22 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000004
Parameter 2 : 0x00000258
Parameter 3 : 0x85dada70
Parameter 4 : 0x82d62b24
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+67aa6
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\080112-19016-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 243,984
==================================================
