Journal d'événements windows

La section attend toutes les questions, impressions, avis ou astuces ou informations sur Windows Vista, Windows 7, Windows 8. Les problèmes aussi...

Modérateur: Modérateurs

Re: Journal d'événements windows

Messagepar maybe » 03 Oct 2009 14:51

- Démarrer / Tous les programmes / Accessoires / Invite de commande
- clic droit dessus / Exécuter en tant qu'administrateur
- dans la fenêtre qui va s'ouvrir, copier/coller dfrgui.exe
- valider par la touche Entrée

Le défragmenteur s'ouvre ?
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 03 Oct 2009 14:56

Non :plaf:
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar maybe » 03 Oct 2009 15:19

OK.
- cette fois dans l'invite de commande, copier/coller defrag.exe c: -a
- après quelques minutes, tu auras un résultat qui va s'afficher :

Défragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: BOOT

etc
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 03 Oct 2009 15:47

Défragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C:

Taille du volume = 319 Go
Espace libre = 217 Go
Étendue d'espace libre la plus grande = 151 Go
Pourcentage de fragmentation des fichiers = 1 %

Remarque : sur les volumes NTFS, les fragments de fichiers de plus de 64 Mo
ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas nécessaire de défragmenter ce volume.
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar gedeon1999 » 03 Oct 2009 16:30

Bonjour

As-tu essayé la restauration en mode sans échec ?
Avatar de l’utilisateur
gedeon1999
Modérateur
Modérateur
 
Messages: 2447
Inscription: 28 Nov 2007 23:06

Re: Journal d'événements windows

Messagepar maybe » 03 Oct 2009 17:38

- Démarrer / Exécuter / taper services.msc / OK
- double-clic sur le service Planificateur de tâches
- Est-il bien sur Automatique et Démarré ?
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 04 Oct 2009 11:39

Je n'avais pas testé la restauration en mode sans échec. Je viens de le faire et ça ne marche pas non plus.
Le planificateur est bien en automatique. Je remarque cependant qu'il ne démarre pas si le journal d'événements n'est pas activé (c'est d'ailleurs précisé sous dépendance). Avec un démarrage normal, je retrouve mon défragmenteur. Je suis une buse : Je n'avais pas pris garde au fait que j'étais en sélectif lors de mes essai d' hier :plaf: Désolé de te faire perdre ton temps avec des âneries, maybe...

J'ai été voir dans le journal "système" et je trouve des erreurs qui reviennent à chaque démarrage :

Nom du journal :System
Source : volmgr
Date : 04.10.2009 13:08:27
ID de l'événement :46
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : FAMILLE
Description :
L'initialisation du fichier de vidage sur incident a échoué.
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volmgr" />
<EventID Qualifiers="49156">46</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-04T11:08:27.031Z" />
<EventRecordID>151963</EventRecordID>
<Channel>System</Channel>
<Computer>FAMILLE</Computer>
<Security />
</System>
<EventData>
<Data>\Device\HarddiskVolume1</Data>
<Binary>0000000001000000000000002E0004C001100000010000C000000000000000000000000000000000</Binary>
</EventData>
</Event>

Nom du journal :System
Source : Microsoft-Windows-Kernel-Processor-Power
Date : 04.10.2009 13:08:27
ID de l'événement :6
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés :
Utilisateur : SYSTEM
Ordinateur : FAMILLE
Description :
Certaines fonctionnalités de gestion de l’alimentation relatives aux performances du processeur ont été désactivées en raison d’un problème connu avec le microprogramme. Contactez le fabricant de l’ordinateur pour obtenir la mise à jour du microprogramme.
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" />
<EventID>6</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-10-04T11:08:27.437Z" />
<EventRecordID>151964</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="60" />
<Channel>System</Channel>
<Computer>FAMILLE</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Nom du journal :System
Source : disk
Date : 04.10.2009 13:08:47
ID de l'événement :7
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : FAMILLE
Description :
Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-04T11:08:47.395Z" />
<EventRecordID>151975</EventRecordID>
<Channel>System</Channel>
<Computer>FAMILLE</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk0\DR0</Data>
<Binary>030068000100000000000000070004C0000100009C0000C0000000000000000000009D0F00000000FE08000000000000FFFFFFFF00000000400000840200000000200A1240032000000000003C00000000C08187E8AAEE850000000070A8EE8550137E8780CE070028000007CE8000007800000000000000F00003000000000B00000000000000000000000000000000</Binary>
</EventData>
</Event>

Nom du journal :System
Source : Microsoft-Windows-Eventlog
Date : 04.10.2009 13:09:28
ID de l'événement :23
Catégorie de la tâche :Démarrage du service
Niveau : Erreur
Mots clés : Disponibilité du service
Utilisateur : SERVICE LOCAL
Ordinateur : FAMILLE
Description :
Le service de journalisation des événements a détecté une erreur (res=23) lors de l’initialisation des ressources de journalisation pour le canal Microsoft-Windows-DriverFrameworks-UserMode/Operational.
XML de l’événement :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>23</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>100</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2009-10-04T11:09:28.004Z" />
<EventRecordID>151983</EventRecordID>
<Correlation />
<Execution ProcessID="1104" ThreadID="1196" />
<Channel>System</Channel>
<Computer>FAMILLE</Computer>
<Security UserID="S-1-5-19" />
</System>
<UserData>
<InitChannelLoggingFailure xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Error Code="23">
</Error>
<ChannelPath>Microsoft-Windows-DriverFrameworks-UserMode/Operational</ChannelPath>
</InitChannelLoggingFailure>
</UserData>
</Event>


La dernière semble correspondre à l'apparition de mes soucis (pas de trace avant)
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar maybe » 04 Oct 2009 18:33

1/ ID de l'événement :46 / volmgr

Possible que ce soit un logiciel qui se lance au démarrage et qui occasionne cette erreur. A priori rien d'inquiétant

2/ ID de l'événement :6 / Microsoft-Windows-Kernel-Processor-Power

Pourrait être résolu en mettant à jour le firmware du processeur.
http://social.technet.microsoft.com/For ... 3f9e8da0bb

3/ ID de l'événement :7 / disk

secteur disque défectueux. Je laisse la place aux pros du hardware pour qu'ils te donnent leur avis.

4/ ID de l'événement :23 / System

Concerne effectivement le service du journal des événements qui ne démarre pas.

- Démarrer / Exécuter / copier-coller
regedit /e C:\Eventlog.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog"
- cliquer sur OK
- cliquer sur Démarrer / Ordinateur
- double-cliquer sur C:\
- ouvrir le fichier-texte Eventlog.txt
- copier/coller le contenu de ce fichier dans ton prochain message
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 05 Oct 2009 00:31

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,65,00,76,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"
"PlugPlayServiceType"=dword:00000003
"ServiceDllUnloadOnStop"=dword:00000001
"DisplayName"="@%SystemRoot%\\system32\\wevtsvc.dll,-200"
"Group"="Event Log"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Description"="@%SystemRoot%\\system32\\wevtsvc.dll,-201"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"FailureActionsOnNonCrashFailures"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,65,00,76,00,74,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000100
"PrimaryModule"="Application"
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,65,00,76,00,74,00,5c,00,4c,00,6f,00,67,00,73,00,5c,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,65,00,76,00,\
74,00,78,00,00,00
"MaxSize"=dword:01400000
"Retention"=dword:00000000
"RestrictGuestAccess"=dword:00000001
"Sources"=hex(7):4d,00,53,00,44,00,4d,00,69,00,6e,00,65,00,00,00,00,00
"AutoBackupLogFiles"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime]
"TypesSupported"=dword:00000007
"EventMessageFile"="C:\\Windows\\system32\\mscoree.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service]
"TypesSupported"=dword:00000007
"EventMessageFile"="C:\\Windows\\system32\\mscoree.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,77,00,65,00,76,00,74,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,72,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,\
4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,\
00,5c,00,76,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,5c,00,\
66,00,72,00,5c,00,61,00,73,00,70,00,6e,00,65,00,74,00,5f,00,72,00,63,00,2e,\
00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000005
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,\
00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,\
6b,00,5c,00,76,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,5c,\
00,66,00,72,00,5c,00,61,00,73,00,70,00,6e,00,65,00,74,00,5f,00,72,00,63,00,\
2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AutoEnrollment]
"ProviderGuid"=hex(2):7b,00,46,00,30,00,44,00,42,00,37,00,45,00,46,00,38,00,2d,\
00,42,00,36,00,46,00,33,00,2d,00,34,00,30,00,30,00,35,00,2d,00,39,00,39,00,\
33,00,37,00,2d,00,46,00,45,00,42,00,37,00,37,00,42,00,39,00,45,00,31,00,42,\
00,34,00,33,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir]
"CategoryMessageFile"="C:\\Program Files\\Avira\\AntiVir Desktop\\avevtrc.dll"
"EventMessageFile"="C:\\Program Files\\Avira\\AntiVir Desktop\\avevtrc.dll"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,42,00,6f,00,6e,00,6a,00,\
6f,00,75,00,72,00,5c,00,6d,00,44,00,4e,00,53,00,52,00,65,00,73,00,70,00,6f,\
00,6e,00,64,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0]
"CategoryCount"=dword:00000001
"CategoryMessageFile"="C:\\Windows\\System32\\icardres.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll;C:\\Windows\\System32\\icardres.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CertEnroll]
"ProviderGuid"=hex(2):7b,00,35,00,34,00,31,00,36,00,34,00,30,00,34,00,35,00,2d,\
00,37,00,43,00,35,00,30,00,2d,00,34,00,39,00,30,00,35,00,2d,00,39,00,36,00,\
33,00,46,00,2d,00,45,00,35,00,42,00,43,00,31,00,45,00,45,00,46,00,30,00,43,\
00,43,00,41,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM]
"providerGuid"=hex(2):7b,00,62,00,66,00,34,00,30,00,36,00,38,00,30,00,34,00,2d,\
00,36,00,61,00,66,00,61,00,2d,00,34,00,36,00,65,00,37,00,2d,00,38,00,61,00,\
34,00,38,00,2d,00,36,00,63,00,33,00,35,00,37,00,65,00,31,00,64,00,36,00,64,\
00,36,00,31,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"providerGuid"=hex(2):7b,00,30,00,66,00,31,00,37,00,37,00,38,00,39,00,33,00,2d,\
00,34,00,61,00,39,00,63,00,2d,00,34,00,37,00,30,00,39,00,2d,00,62,00,39,00,\
32,00,31,00,2d,00,66,00,34,00,33,00,32,00,64,00,36,00,37,00,66,00,34,00,33,\
00,64,00,35,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Customer Experience Improvement Program]
"providerGuid"=hex(2):7b,00,41,00,34,00,30,00,32,00,46,00,45,00,30,00,39,00,2d,\
00,44,00,41,00,36,00,45,00,2d,00,34,00,35,00,46,00,32,00,2d,00,38,00,32,00,\
41,00,46,00,2d,00,33,00,43,00,42,00,33,00,37,00,31,00,37,00,30,00,45,00,45,\
00,30,00,43,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,77,00,6d,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,4d,00,6f,00,76,00,69,00,65,00,20,00,\
4d,00,61,00,6b,00,65,00,72,00,5c,00,44,00,56,00,44,00,4d,00,61,00,6b,00,65,\
00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,65,00,73,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,65,00,73,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem]
"providerGuid"=hex(2):7b,00,38,00,39,00,39,00,64,00,61,00,61,00,63,00,65,00,2d,\
00,34,00,38,00,36,00,38,00,2d,00,34,00,32,00,39,00,35,00,2d,00,61,00,66,00,\
63,00,64,00,2d,00,39,00,65,00,62,00,38,00,66,00,62,00,34,00,39,00,37,00,35,\
00,36,00,31,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ProviderGuid"=hex(2):7b,00,37,00,44,00,37,00,42,00,30,00,43,00,33,00,39,00,2d,\
00,39,00,33,00,46,00,36,00,2d,00,34,00,31,00,30,00,30,00,2d,00,42,00,44,00,\
39,00,36,00,2d,00,34,00,44,00,44,00,41,00,38,00,35,00,39,00,36,00,35,00,32,\
00,43,00,35,00,7d,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,67,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition]
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,50,00,\
72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,68,00,\
61,00,72,00,65,00,64,00,5c,00,49,00,6e,00,6b,00,5c,00,49,00,50,00,53,00,45,\
00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,\
6c,00,6c,00,00,00
"EventMessageFile"=hex(2):25,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,50,00,72,\
00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,\
4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,68,00,61,\
00,72,00,65,00,64,00,5c,00,49,00,6e,00,6b,00,5c,00,49,00,50,00,53,00,45,00,\
76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,\
00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,\
00,7e,00,31,00,5c,00,43,00,4f,00,4d,00,4d,00,4f,00,4e,00,7e,00,31,00,5c,00,\
4d,00,49,00,43,00,52,00,4f,00,53,00,7e,00,31,00,5c,00,44,00,57,00,5c,00,44,\
00,57,00,32,00,30,00,2e,00,45,00,58,00,45,00,00,00,10,02,10,02,10,02,10,02,\
14,02,14,02,10,02,12,03,10,02,10,02,10,02,14,02,12,03,10,02,10,02,10,02,10,\
02,10,02,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,\
01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,01,03,10,\
02,89,00,00,00,18,f4,3d,00,00,00,3c,00,01,03,02,03,02,03,02,03,02,03,02,03,\
00,00,00,00,02,03,02,03,f0,00,00,00,18,f8,2b,00,89,00,00,00,00,00,3c,00,18,\
f4,3d,00,18,f8,2b,00,f0,8a,49,77,2c,8b,49,77,5d,fb,63,77,00,00,3c,00,00,00,\
00,00,54,2c,3c,00,f8,2a,3c,00,04,05,06,07,08,09,0a,0b,0c,0d,0e,0f,10,11,12,\
13,f8,2a,3c,00,18,19,1a,1b,f0,00,00,00,00,21,22,23,f8,2a,3c,00,28,29,2a,2b,\
20,f4,3d,00,03,00,00,00,34,35,36,37,89,00,00,00,3c,3d,3e,3f,40,41,42,43,44,\
45,46,47,48,49,4a,4b,4c,4d,4e,4f,79,01,00,00,00,00,00,00,79,01,00,78,c4,00,\
3c,00,60,41,42,43,44,45,46,47,00,00,00,00,ff,07,00,00,79,01,00,78,c4,00,3c,\
00,01,00,00,00,7c,7d,7e,7f,20,f4,3d,00,08,00,00,00,02,00,2c,00,20,f4,3d,00,\
90,91,92,93,1f,f4,3d,00,1a,f4,3d,00,00,00,00,00,1b,f4,3d,00,a4,a5,a6,00,00,\
00,3c,00,ac,ad,ae,01,40,f7,2b,00,b4,b5,b6,b7,64,fb,2b,00,34,98,43,77,15,40,\
01,00,fe,ff,ff,ff,2c,8b,49,77,52,87,49,77,40,04,00,00,48,04,00,00,18,f4,3d,\
00,fe,ff,ff,ff,e5,5f,e1,00,00,00,00,00,ff,ff,ff,ff,24,8c,48,77,6f,6f,37,77,\
ff,ff,ff,ff,e5,5f,e1,00,02,00,00,00,fe,ff,ff,ff,e5,5f,e1,00,00,00,00,00,fe,\
ff,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\idsvc]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,\
4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,\
00,5c,00,76,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,5c,00,\
45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,4d,00,65,00,73,00,73,00,61,\
00,67,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,55,00,49,00,30,00,44,00,65,00,74,00,65,00,63,00,74,00,2e,00,65,00,78,\
00,65,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LBTServ]
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,70,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,66,00,69,00,6c,00,65,00,73,00,5c,00,63,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,66,00,69,00,6c,00,65,00,73,00,5c,00,6c,00,6f,00,67,00,69,\
00,74,00,65,00,63,00,68,00,5c,00,62,00,6c,00,75,00,65,00,74,00,6f,00,6f,00,\
74,00,68,00,5c,00,4c,00,42,00,54,00,53,00,65,00,72,00,76,00,4d,00,73,00,67,\
00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):63,00,3a,00,5c,00,70,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,66,00,69,00,6c,00,65,00,73,00,5c,00,63,00,6f,00,6d,00,6d,\
00,6f,00,6e,00,20,00,66,00,69,00,6c,00,65,00,73,00,5c,00,6c,00,6f,00,67,00,\
69,00,74,00,65,00,63,00,68,00,5c,00,62,00,6c,00,75,00,65,00,74,00,6f,00,6f,\
00,74,00,68,00,5c,00,4c,00,42,00,54,00,53,00,65,00,72,00,76,00,4d,00,73,00,\
67,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LightScribeService]
@=""
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,69,00,67,00,68,\
00,74,00,53,00,63,00,72,00,69,00,62,00,65,00,5c,00,4c,00,53,00,53,00,4d,00,\
73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf]
"ProviderGuid"=hex(2):7b,00,31,00,32,00,32,00,45,00,45,00,32,00,39,00,37,00,2d,\
00,42,00,42,00,34,00,37,00,2d,00,34,00,31,00,41,00,45,00,2d,00,42,00,32,00,\
36,00,35,00,2d,00,31,00,43,00,41,00,38,00,44,00,31,00,38,00,38,00,36,00,44,\
00,34,00,30,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LOGITECH]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,4c,00,\
56,00,4d,00,61,00,4c,00,6f,00,67,00,44,00,2e,00,44,00,4c,00,4c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 12]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CAPI2]
"providerGuid"="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,66,00,72,00,67,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EFSADU]
"providerGuid"="{D6795C62-6F24-4363-99CE-2FF3F4B1FABA}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-propsys]
"ProviderGuid"=hex(2):7b,00,39,00,34,00,38,00,35,00,46,00,41,00,31,00,45,00,2d,\
00,32,00,33,00,43,00,44,00,2d,00,34,00,39,00,41,00,31,00,2d,00,38,00,34,00,\
45,00,33,00,2d,00,31,00,31,00,44,00,38,00,42,00,43,00,35,00,35,00,30,00,43,\
00,42,00,37,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,72,00,6f,00,70,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDMine]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\SYSTEM\\OLEDB~1\\MSDMINE.DLL"
"CategoryMessageFile"="C:\\PROGRA~1\\COMMON~1\\SYSTEM\\OLEDB~1\\MSDMINE.DLL"
"TypesSupported"=hex:00,12,b8,58
"CategoryCount"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC]
"providerGuid"=hex(2):7b,00,37,00,31,00,39,00,42,00,45,00,34,00,45,00,44,00,2d,\
00,45,00,39,00,42,00,43,00,2d,00,34,00,44,00,44,00,38,00,2d,00,41,00,37,00,\
43,00,46,00,2d,00,43,00,38,00,35,00,43,00,45,00,38,00,45,00,34,00,39,00,37,\
00,35,00,44,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC 2]
"providerGuid"=hex(2):7b,00,35,00,44,00,39,00,45,00,30,00,30,00,32,00,30,00,2d,\
00,33,00,37,00,36,00,31,00,2d,00,34,00,66,00,33,00,36,00,2d,00,39,00,30,00,\
43,00,38,00,2d,00,33,00,38,00,43,00,45,00,36,00,35,00,31,00,31,00,42,00,44,\
00,31,00,32,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"providerGuid"=hex(2):7b,00,37,00,41,00,36,00,37,00,30,00,36,00,36,00,45,00,2d,\
00,31,00,39,00,33,00,46,00,2d,00,34,00,44,00,33,00,41,00,2d,00,38,00,32,00,\
44,00,33,00,2d,00,33,00,32,00,32,00,46,00,45,00,45,00,35,00,32,00,35,00,39,\
00,44,00,45,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client 2]
"providerGuid"=hex(2):7b,00,31,00,35,00,35,00,43,00,42,00,33,00,33,00,34,00,2d,\
00,33,00,44,00,37,00,46,00,2d,00,34,00,66,00,66,00,31,00,2d,00,42,00,31,00,\
30,00,37,00,2d,00,44,00,46,00,38,00,41,00,46,00,43,00,33,00,43,00,30,00,33,\
00,36,00,33,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller]
"EventMessageFile"="C:\\Windows\\system32\\msimsg.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSOAP]
"TypesSupported"=dword:00000001
"CategoryCount"=dword:00000004
"EventMessageFile"="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSSOAP30.DLL"
"CategoryMessageFile"="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSSOAP30.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook]
"EventMessageFile"="C:\\PROGRA~1\\MICROS~2\\Office12\\1036\\MAPIR.DLL"
"Version"=dword:0000000d
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PDH]
"ProviderGuid"=hex(2):7b,00,30,00,34,00,44,00,36,00,36,00,33,00,35,00,38,00,2d,\
00,43,00,34,00,41,00,31,00,2d,00,34,00,31,00,39,00,42,00,2d,00,38,00,30,00,\
32,00,33,00,2d,00,32,00,33,00,42,00,37,00,33,00,39,00,30,00,32,00,44,00,45,\
00,32,00,43,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfCtrs]
"ProviderGuid"=hex(2):7b,00,39,00,37,00,33,00,31,00,34,00,33,00,44,00,44,00,2d,\
00,46,00,33,00,43,00,37,00,2d,00,34,00,45,00,46,00,35,00,2d,00,42,00,31,00,\
35,00,36,00,2d,00,35,00,34,00,34,00,41,00,43,00,33,00,38,00,43,00,33,00,39,\
00,42,00,36,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk]
"ProviderGuid"=hex(2):7b,00,37,00,46,00,39,00,44,00,38,00,33,00,44,00,45,00,2d,\
00,38,00,41,00,42,00,42,00,2d,00,34,00,35,00,37,00,46,00,2d,00,39,00,38,00,\
45,00,38,00,2d,00,34,00,41,00,44,00,31,00,36,00,31,00,34,00,34,00,39,00,45,\
00,43,00,43,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib]
"ProviderGuid"=hex(2):7b,00,31,00,33,00,42,00,31,00,39,00,37,00,42,00,44,00,2d,\
00,37,00,43,00,45,00,45,00,2d,00,34,00,42,00,34,00,45,00,2d,00,38,00,44,00,\
44,00,30,00,2d,00,35,00,39,00,33,00,31,00,34,00,43,00,45,00,33,00,37,00,34,\
00,43,00,45,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet]
"ProviderGuid"=hex(2):7b,00,43,00,41,00,42,00,32,00,42,00,38,00,41,00,35,00,2d,\
00,34,00,39,00,42,00,39,00,2d,00,34,00,45,00,45,00,43,00,2d,00,42,00,31,00,\
42,00,30,00,2d,00,46,00,41,00,43,00,32,00,31,00,44,00,41,00,30,00,35,00,41,\
00,33,00,42,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOs]
"ProviderGuid"=hex(2):7b,00,46,00,38,00,32,00,46,00,42,00,35,00,37,00,36,00,2d,\
00,45,00,39,00,34,00,31,00,2d,00,34,00,39,00,35,00,36,00,2d,00,41,00,32,00,\
43,00,37,00,2d,00,41,00,30,00,43,00,46,00,38,00,33,00,46,00,36,00,34,00,35,\
00,30,00,41,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc]
"ProviderGuid"=hex(2):7b,00,37,00,32,00,44,00,32,00,31,00,31,00,45,00,31,00,2d,\
00,34,00,43,00,35,00,34,00,2d,00,34,00,41,00,39,00,33,00,2d,00,39,00,35,00,\
32,00,30,00,2d,00,34,00,39,00,30,00,31,00,36,00,38,00,31,00,42,00,32,00,32,\
00,37,00,31,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,72,00,6f,00,66,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"ProviderGuid"="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RasClient]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC]
"providerGuid"=hex(2):7b,00,66,00,34,00,61,00,65,00,64,00,37,00,63,00,37,00,2d,\
00,61,00,38,00,39,00,38,00,2d,00,34,00,36,00,32,00,37,00,2d,00,62,00,30,00,\
35,00,33,00,2d,00,34,00,34,00,61,00,37,00,63,00,61,00,61,00,31,00,32,00,66,\
00,63,00,64,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar Ziggot » 05 Oct 2009 00:32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0]
"TypesSupported"=dword:0000001f
"CategoryCount"=dword:00000002
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SideBySide]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,78,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Licensing Service]
"EventMessageFile"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,6c,00,73,00,\
76,00,63,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007
"ProviderGuid"="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SPP]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,78,00,70,00,72,00,6f,00,78,00,79,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Standard TCP/IP Port]
"ProviderGuid"=hex(2):7b,00,43,00,41,00,44,00,32,00,44,00,38,00,30,00,39,00,2d,\
00,30,00,33,00,44,00,39,00,2d,00,34,00,46,00,34,00,36,00,2d,00,39,00,43,00,\
46,00,34,00,2d,00,37,00,32,00,41,00,41,00,34,00,46,00,30,00,34,00,42,00,36,\
00,42,00,39,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,72,00,63,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ulead VideoStudio]
"EventMessageFile"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 11\\uvEventMessage.dll"
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\usbperf]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,73,00,62,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"ProviderGuid"="{DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime]
"EventMessageFile"="C:\\Windows\\system32\\msvbvm60.dll"
"TypesSupported"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,56,00,53,00,53,00,56,00,43,00,2e,00,45,00,58,00,45,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,72,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WGA Scanner]
"EventMessageFile"="C:\\Windows\\SoftwareDistribution\\Download\\Install\\WGAER_M.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinDefendRtp]
"ParameterMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
70,00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderGuid"="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}"
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,70,\
00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,64,00,65,00,6e,00,67,00,69,00,6e,00,32,00,2e,00,64,00,6c,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Error Reporting]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service]
"ProviderGuid"="{CA4E628D-8567-4896-AB6B-835B221F373F}"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,74,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,74,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification]
"ProviderGuid"="{FC6F77DD-769A-470E-BCF9-1B6555A118BE}"
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,73,00,65,00,70,00,6e,00,6f,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:00000007
"providerGuid"="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007
"providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt]
"ProviderGuid"=hex(2):7b,00,31,00,65,00,64,00,65,00,65,00,65,00,35,00,33,00,2d,\
00,30,00,61,00,66,00,65,00,2d,00,34,00,36,00,30,00,39,00,2d,00,62,00,38,00,\
34,00,36,00,2d,00,64,00,38,00,63,00,30,00,62,00,32,00,30,00,37,00,35,00,62,\
00,31,00,66,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007
"providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile"="c:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\EventLogMessages.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,66,00,73,00,72,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000065
"MaxSize"=dword:00ed0000
"Sources"=hex(7):44,00,46,00,53,00,52,00,00,00,44,00,46,00,53,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFS Replication]
"TypesSupported"=dword:0000001f
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,66,00,73,00,72,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFSR]
"TypesSupported"=dword:0000001f
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,66,00,73,00,72,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,65,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000100
"File"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,65,00,76,00,74,00,5c,00,6c,00,6f,00,67,00,73,00,5c,00,48,00,61,\
00,72,00,64,00,77,00,61,00,72,00,65,00,45,00,76,00,65,00,6e,00,74,00,73,00,\
2e,00,65,00,76,00,74,00,78,00,00,00
"MaxSize"=dword:01400000
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer]
"CustomSD"="O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service]
"MaxSize"=dword:01400000
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests]
"EventMessageFile"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,6c,00,73,00,\
76,00,63,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007
"ProviderGuid"="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center]
"MaxSize"=dword:00800000
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,65,00,76,00,74,00,5c,00,4c,00,6f,00,67,00,73,00,5c,00,4d,00,65,\
00,64,00,69,00,61,00,20,00,43,00,65,00,6e,00,74,00,65,00,72,00,2e,00,65,00,\
76,00,74,00,78,00,00,00
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\CongestionController]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehRecvr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,65,00,68,00,6f,00,6d,00,65,00,5c,00,65,00,68,00,\
52,00,65,00,63,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehReplay]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehSched]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,65,00,68,00,6f,00,6d,00,65,00,5c,00,65,00,68,00,\
53,00,63,00,68,00,65,00,64,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\McrMgr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\MCUpdate]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,65,00,68,00,6f,00,6d,00,65,00,5c,00,65,00,68,00,\
65,00,70,00,67,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Mcx2Dvcs]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Mcx2Filter]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Mcx2Prov]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Mcx2Svc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,63,00,78,00,44,00,72,00,69,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Recording]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,65,00,68,00,6f,00,6d,00,65,00,5c,00,65,00,68,00,\
65,00,70,00,67,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ODiag]
"DisplayNameFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\OFFREL.DLL"
"DisplayNameID"=dword:00000065
"MaxSize"=dword:01000000
"PrimaryModule"="ODiag"
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ODiag\Microsoft Office 12 Diagnostics]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\OFFREL.DLL"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OSession]
"DisplayNameFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\OFFREL.DLL"
"DisplayNameID"=dword:00000064
"MaxSize"=dword:01000000
"PrimaryModule"="OSessions"
"Retention"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OSession\Microsoft Office 12 Sessions]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\OFFREL.DLL"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,65,00,76,00,74,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000101
"Isolation"=dword:00000002
"PrimaryModule"="Security"
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,65,00,76,00,74,00,5c,00,4c,00,6f,00,67,00,73,00,5c,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,2e,00,65,00,76,00,74,00,78,00,00,00
"MaxSize"=dword:01400000
"Retention"=dword:00000000
"RestrictGuestAccess"=dword:00000001
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,44,00,00,00,02,\
00,30,00,02,00,00,00,02,40,14,00,72,01,0d,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,48,\
00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,\
00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,\
00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames]
"Directory Service Object"=dword:00001e00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames]
"PolicyObject"=dword:00001600
"SecretObject"=dword:00001610
"TrustedDomainObject"=dword:00001620
"UserAccountObject"=dword:00001630

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog]
"ProviderGuid"=hex(2):7b,00,66,00,63,00,36,00,35,00,64,00,64,00,64,00,38,00,2d,\
00,64,00,36,00,65,00,66,00,2d,00,34,00,39,00,36,00,32,00,2d,00,38,00,33,00,\
64,00,35,00,2d,00,36,00,65,00,35,00,63,00,66,00,65,00,39,00,63,00,65,00,31,\
00,34,00,38,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,76,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Security-Auditing]
"ProviderGuid"=hex(2):7b,00,35,00,34,00,38,00,34,00,39,00,36,00,32,00,35,00,2d,\
00,35,00,34,00,37,00,38,00,2d,00,34,00,39,00,39,00,34,00,2d,00,61,00,35,00,\
62,00,61,00,2d,00,33,00,65,00,33,00,62,00,30,00,33,00,32,00,38,00,63,00,33,\
00,30,00,64,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,64,00,74,00,73,00,63,00,68,00,65,00,6d,00,61,00,2e,00,64,00,6c,\
00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object"=dword:00001c00
"SERVICE Object"=dword:00001c10

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security]
"CategoryCount"=dword:00000009
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,\
6c,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\
00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames]
"AdtSecurity"=dword:00001f00
"Channel"=dword:00001400
"Desktop"=dword:00001a10
"Device"=dword:00001100
"Directory"=dword:00001110
"Event"=dword:00001120
"EventPair"=dword:00001130
"File"=dword:00001140
"IoCompletion"=dword:00001300
"Job"=dword:00001410
"Key"=dword:00001150
"KeyedEvent"=dword:00001640
"MailSlot"=dword:00001140
"Mutant"=dword:00001160
"NamedPipe"=dword:00001140
"Port"=dword:00001170
"Process"=dword:00001180
"Profile"=dword:00001190
"Section"=dword:000011a0
"Semaphore"=dword:000011b0
"SymbolicLink"=dword:000011c0
"Thread"=dword:000011d0
"Timer"=dword:000011e0
"Token"=dword:000011f0
"Type"=dword:00001200
"WaitablePort"=dword:00001170
"WindowStation"=dword:00001a00
"WMI Namespace"=dword:00004200

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS"=dword:00001530
"SAM_DOMAIN"=dword:00001510
"SAM_GROUP"=dword:00001520
"SAM_SERVER"=dword:00001500
"SAM_USER"=dword:00001540

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0]
"ParameterMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"TypesSupported"=dword:0000001f
"CategoryCount"=dword:00000003
"CategoryMessageFile"="%SystemRoot%\\System32\\MsAuditE.dll"
"EventSourceFlags"=dword:00000001
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames]
"Document"=dword:00001b20
"Printer"=dword:00001b10
"Server"=dword:00001b00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP\ObjectNames]
"InternetPort"=dword:00001f80

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,56,00,53,00,53,00,56,00,43,00,2e,00,45,00,58,00,45,00,00,00
"EventSourceFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,65,00,76,00,74,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000102
"PrimaryModule"="System"
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,\
69,00,6e,00,65,00,76,00,74,00,5c,00,4c,00,6f,00,67,00,73,00,5c,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,2e,00,65,00,76,00,74,00,78,00,00,00
"MaxSize"=dword:01400000
"Retention"=dword:00000000
"RestrictGuestAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\
79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adp94xx]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpahci]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu320]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,65,00,6c,00,75,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK7]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,6d,00,64,00,6b,00,37,00,2e,00,\
73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,6d,00,64,00,6b,00,38,00,2e,00,\
73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arcsas]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntflt]
"CategoryCount"=dword:00000001
"TypesSupported"=dword:00000007
"CategoryMessageFile"="C:\\Program Files\\Avira\\AntiVir Desktop\\avgntflt.sys"
"EventMessageFile"="C:\\Program Files\\Avira\\AntiVir Desktop\\avgntflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Bowser]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,42,00,74,00,68,00,70,00,6f,00,72,00,\
74,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,42,00,74,00,68,00,70,00,6f,00,72,00,\
74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,\
00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,\
33,00,32,00,5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,42,00,74,\
00,68,00,55,00,73,00,62,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BugCheck]
"providerGuid"=hex(2):7b,00,41,00,42,00,43,00,45,00,32,00,33,00,45,00,37,00,2d,\
00,44,00,45,00,34,00,35,00,2d,00,34,00,33,00,36,00,36,00,2d,00,38,00,36,00,\
33,00,31,00,2d,00,38,00,34,00,46,00,41,00,36,00,43,00,35,00,32,00,35,00,39,\
00,35,00,32,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Client Side Rendering Spooler]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,33,00,32,00,73,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007
"providerGuid"="{13E8B4F7-4D1C-4F65-95A2-39C6B26A3012}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Crusoe]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,72,00,75,00,73,00,6f,00,65,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM]
"providerGuid"=hex(2):7b,00,31,00,42,00,35,00,36,00,32,00,45,00,38,00,36,00,2d,\
00,42,00,37,00,41,00,41,00,2d,00,34,00,31,00,33,00,31,00,2d,00,42,00,41,00,\
44,00,43,00,2d,00,42,00,36,00,46,00,33,00,41,00,30,00,30,00,31,00,34,00,30,\
00,37,00,45,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc]
"ProviderGuid"=hex(2):7b,00,37,00,44,00,41,00,34,00,46,00,45,00,30,00,45,00,2d,\
00,46,00,44,00,34,00,32,00,2d,00,34,00,37,00,30,00,38,00,2d,00,39,00,41,00,\
41,00,35,00,2d,00,38,00,39,00,42,00,37,00,37,00,41,00,32,00,32,00,34,00,38,\
00,38,00,35,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp]
"providerGuid"=hex(2):7b,00,31,00,35,00,41,00,37,00,41,00,34,00,46,00,38,00,2d,\
00,30,00,30,00,37,00,32,00,2d,00,34,00,45,00,41,00,42,00,2d,00,41,00,42,00,\
41,00,44,00,2d,00,46,00,39,00,38,00,41,00,34,00,44,00,36,00,36,00,36,00,41,\
00,45,00,44,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\
00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcpv6]
"providerGuid"=hex(2):7b,00,36,00,41,00,31,00,46,00,32,00,42,00,30,00,30,00,2d,\
00,36,00,41,00,39,00,30,00,2d,00,34,00,43,00,33,00,38,00,2d,00,39,00,35,00,\
41,00,35,00,2d,00,35,00,43,00,41,00,42,00,33,00,42,00,30,00,35,00,36,00,37,\
00,37,00,38,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,36,00,2e,00,64,00,6c,\
00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp_QEC]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,68,00,63,00,70,00,71,00,65,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,64,00,68,00,63,00,70,00,71,00,65,00,63,00,2e,00,64,00,6c,00,6c,00,\
00,00
"TypesSupported"=dword:0000001f
"providerGuid"=hex(2):7b,00,46,00,36,00,44,00,41,00,33,00,35,00,43,00,45,00,2d,\
00,44,00,33,00,31,00,32,00,2d,00,34,00,31,00,43,00,38,00,2d,00,39,00,38,00,\
32,00,38,00,2d,00,35,00,41,00,32,00,45,00,31,00,37,00,33,00,43,00,39,00,31,\
00,42,00,36,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Display]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,44,00,69,00,73,00,70,00,43,00,49,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\E1G60]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,45,00,31,00,47,00,36,00,30,00,49,00,\
33,00,32,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\elxstor]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\exFAT]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,74,00,6d,\
00,67,00,72,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\
00,6d,00,33,00,32,00,5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,\
2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,68,00,69,00,64,00,62,00,74,00,68,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HpCISSs]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Http]
"ProviderGuid"=hex(2):7b,00,37,00,62,00,36,00,62,00,63,00,37,00,38,00,63,00,2d,\
00,38,00,39,00,38,00,62,00,2d,00,34,00,31,00,37,00,30,00,2d,00,62,00,62,00,\
66,00,38,00,2d,00,31,00,61,00,34,00,36,00,39,00,65,00,61,00,34,00,33,00,66,\
00,63,00,35,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i2omp]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\
72,00,74,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,61,00,53,00,74,00,6f,00,72,00,\
56,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,67,00,6d,00,70,00,76,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iirsp]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar Ziggot » 05 Oct 2009 00:35

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,6e,00,74,00,65,00,6c,00,70,00,\
70,00,6d,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMGM]
"providerGuid"=hex(2):7b,00,32,00,39,00,44,00,31,00,33,00,31,00,34,00,37,00,2d,\
00,31,00,43,00,32,00,45,00,2d,00,34,00,38,00,45,00,43,00,2d,00,39,00,39,00,\
39,00,34,00,2d,00,45,00,32,00,39,00,44,00,46,00,45,00,34,00,39,00,36,00,45,\
00,42,00,33,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,72,00,74,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,70,00,6d,00,69,\
00,64,00,72,00,76,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP]
"providerGuid"=hex(2):7b,00,41,00,36,00,46,00,33,00,32,00,37,00,33,00,31,00,2d,\
00,39,00,41,00,33,00,38,00,2d,00,34,00,31,00,35,00,39,00,2d,00,41,00,32,00,\
32,00,30,00,2d,00,33,00,44,00,39,00,42,00,37,00,46,00,43,00,35,00,46,00,45,\
00,35,00,44,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,73,\
00,30,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager]
"providerGuid"=hex(2):7b,00,46,00,32,00,43,00,36,00,32,00,38,00,41,00,45,00,2d,\
00,44,00,32,00,36,00,43,00,2d,00,34,00,33,00,35,00,32,00,2d,00,39,00,43,00,\
34,00,35,00,2d,00,37,00,34,00,37,00,35,00,34,00,45,00,31,00,45,00,32,00,46,\
00,39,00,46,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents]
"CategoryCount"=dword:00000001
"TypesSupported"=dword:00000007
"CategoryMessageFile"=""
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,72,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\irsir]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,73,00,63,00,73,00,69,00,6c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iteatapi]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,74,00,65,00,61,00,74,00,61,00,\
70,00,69,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iteraid]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,74,00,65,00,72,00,61,00,69,00,\
64,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\
73,00,73,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,68,00,69,00,64,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007
"ProviderGuid"=hex(2):7b,00,39,00,38,00,45,00,36,00,43,00,46,00,43,00,42,00,2d,\
00,45,00,45,00,30,00,41,00,2d,00,34,00,31,00,45,00,30,00,2d,00,41,00,35,00,\
37,00,42,00,2d,00,36,00,32,00,32,00,44,00,34,00,45,00,31,00,42,00,33,00,30,\
00,42,00,31,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lltdio]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_FC]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SCSI]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,6d,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007
"providerGuid"="{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy]
"ProviderGuid"=hex(2):7b,00,61,00,65,00,61,00,31,00,62,00,34,00,66,00,61,00,2d,\
00,39,00,37,00,64,00,31,00,2d,00,34,00,35,00,66,00,32,00,2d,00,61,00,36,00,\
34,00,63,00,2d,00,34,00,64,00,36,00,39,00,66,00,66,00,66,00,64,00,39,00,32,\
00,63,00,39,00,7d,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,67,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,67,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Servicing]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,65,00,72,00,76,00,69,00,63,00,69,00,6e,00,\
67,00,5c,00,63,00,62,00,73,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"ProviderGuid"=hex(2):7b,00,62,00,64,00,31,00,32,00,66,00,33,00,62,00,38,00,2d,\
00,66,00,63,00,34,00,30,00,2d,00,34,00,61,00,36,00,31,00,2d,00,61,00,33,00,\
30,00,37,00,2d,00,62,00,37,00,61,00,30,00,31,00,33,00,61,00,30,00,36,00,39,\
00,63,00,31,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\
73,00,73,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,68,00,69,00,64,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,70,00,69,00,6f,00,2e,00,73,00,\
79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mraid35x]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mrxsmb]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\
25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\
00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00,50,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\EventLogMessages.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,73,00,63,00,73,00,69,00,65,00,78,00,65,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,\
65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,3b,00,43,\
00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,\
00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NAPIPSecEnf]
"providerGuid"=hex(2):7b,00,38,00,31,00,31,00,35,00,35,00,37,00,39,00,45,00,2d,\
00,32,00,42,00,45,00,41,00,2d,00,34,00,43,00,39,00,45,00,2d,00,39,00,41,00,\
42,00,31,00,2d,00,38,00,32,00,31,00,43,00,43,00,32,00,43,00,39,00,38,00,41,\
00,42,00,30,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nfrd960]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,74,00,66,00,73,\
00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,\
52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,\
00,32,00,5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntrigdigi]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,74,00,72,00,69,00,67,00,64,00,\
69,00,67,00,69,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,73,00,74,00,6f,00,72,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\
74,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parvdm]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,56,00,64,00,6d,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PNRPSvc]
"ProviderGuid"=hex(2):7b,00,42,00,42,00,45,00,39,00,34,00,46,00,33,00,36,00,2d,\
00,46,00,38,00,44,00,43,00,2d,00,34,00,43,00,33,00,33,00,2d,00,38,00,32,00,\
32,00,37,00,2d,00,38,00,31,00,36,00,30,00,32,00,42,00,37,00,41,00,33,00,44,\
00,35,00,33,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,74,00,70,00,72,00,69,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"providerGuid"="{e4c60dfa-ecc5-4889-b406-e9ddd38463c8}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc]
"ProviderGuid"=hex(2):7b,00,35,00,42,00,33,00,33,00,31,00,34,00,35,00,43,00,2d,\
00,31,00,43,00,36,00,36,00,2d,00,34,00,39,00,46,00,33,00,2d,00,42,00,34,00,\
43,00,41,00,2d,00,46,00,35,00,36,00,33,00,43,00,31,00,36,00,35,00,46,00,32,\
00,43,00,30,00,7d,00,00,00
"TypesSupported"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,72,00,6f,00,63,00,65,00,73,00,\
73,00,72,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2300]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql40xx]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp]
"ProviderGuid"="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}"
"TypesSupported"=dword:0000001c
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,73,00,74,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rdbss]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,\
65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,69,00,61,00,73,00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,\
00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rspndr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RTL8169]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
"providerGuid"="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,62,00,70,00,32,00,70,00,6f,00,\
72,00,74,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr]
"providerGuid"=hex(2):7b,00,34,00,46,00,43,00,42,00,46,00,36,00,36,00,34,00,2d,\
00,41,00,33,00,33,00,41,00,2d,00,34,00,36,00,35,00,32,00,2d,00,42,00,34,00,\
33,00,36,00,2d,00,39,00,44,00,35,00,35,00,38,00,39,00,38,00,33,00,44,00,39,\
00,35,00,35,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,6d,00,6f,00,75,00,\
73,00,65,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager]
"ProviderGuid"=hex(2):7b,00,35,00,35,00,35,00,39,00,30,00,38,00,44,00,31,00,2d,\
00,41,00,36,00,44,00,37,00,2d,00,34,00,36,00,39,00,35,00,2d,00,38,00,45,00,\
31,00,45,00,2d,00,32,00,36,00,39,00,33,00,31,00,44,00,32,00,30,00,31,00,32,\
00,46,00,34,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid2]
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid4]
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Smb]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0]
"CategoryCount"=dword:0000000e
"CategoryMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelEvents.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,6e,00,6d,00,70,00,74,00,72,00,61,00,70,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SPOOLSS]
"ProviderGuid"=hex(2):7b,00,43,00,44,00,37,00,35,00,30,00,34,00,38,00,46,00,2d,\
00,31,00,32,00,33,00,33,00,2d,00,34,00,46,00,35,00,38,00,2d,00,42,00,39,00,\
45,00,44,00,2d,00,39,00,38,00,42,00,41,00,32,00,30,00,39,00,37,00,41,00,43,\
00,37,00,45,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,61,00,73,00,65,00,72,00,76,00,63,00,2e,00,64,00,6c,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Symc8xx]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SymSnap]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,53,00,79,00,6d,00,53,00,6e,00,61,00,\
70,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Sym_hi]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Sym_u3]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,77,00,65,00,76,00,74,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip6]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,74,00,63,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermDD]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"providerGuid"="{C76BAA63-AE81-421C-B425-340B4B24157F}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tunmp]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tunnel]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\uliahci]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,49,00,\
6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UlSata]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ulsata2]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,75,00,6c,00,73,00,61,00,74,00,61,00,\
32,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\USER32]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,73,00,65,00,72,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,76,00,64,00,73,00,62,00,61,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,76,00,64,00,73,00,64,00,79,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vga]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,70,00,6e,00,70,00,\
2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ViaC7]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,69,00,61,00,63,00,37,00,2e,00,\
73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,76,00,64,00,73,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\volmgr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,56,00,6f,00,6c,00,53,00,6e,00,61,00,\
70,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007
"ProviderGuid"="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,61,00,63,00,6f,00,6d,00,70,00,\
65,00,6e,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,2e,00,73,\
00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000]
"EventMessageFile"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,57,00,64,00,66,00,30,00,31,\
00,30,00,30,00,30,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,65,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend]
"ParameterMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
70,00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderGuid"="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}"
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,70,\
00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,44,00,46,00,44,00,54,00,53,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000018

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinHttpAutoProxySvc]
"EventMessageFile"=hex(2):77,00,69,00,6e,00,68,00,74,00,74,00,70,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ProviderGuid"="{7D44233D-3055-4B9C-BA64-0D47CA40A232}"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinRM]
"ProviderGuid"=hex(2):7b,00,41,00,37,00,39,00,37,00,35,00,43,00,38,00,46,00,2d,\
00,41,00,43,00,31,00,33,00,2d,00,34,00,39,00,46,00,31,00,2d,00,38,00,37,00,\
44,00,41,00,2d,00,35,00,41,00,39,00,38,00,34,00,41,00,34,00,41,00,42,00,34,\
00,31,00,37,00,7d,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMIxWDM]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc]
"ProviderGuid"="{6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,\
65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPC]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDClassInstaller]
"ProviderGuid"="{AD5162D8-DAF0-4A25-88A7-01CBEB33902E}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDMTPDriver]
"ProviderGuid"="{21B7C16E-C5AF-4A69-A74A-7245481C1B97}"
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar maybe » 05 Oct 2009 20:26

Rien à redire.

Pour le moment, je n'ai trouvé aucune référence relative à l'erreur 23 / Microsoft-Windows-Eventlog. Je continue mes recherches dans la semaine.

1/ De ton côté, peux-tu regarder dans le journal des événements si tu vois quelque chose concernant le canal Microsoft-Windows-DriverFrameworks

Extrait de ton rapport :

Le service de journalisation des événements a détecté une erreur (res=23) lors de l’initialisation des ressources de journalisation pour le canal Microsoft-Windows-DriverFrameworks-UserMode/Operational.


2/ As-tu installé un programme ou fait des mises à jour avant l'apparition de ce problème.

3/ Le plantage dont tu parles au début fait suite à quoi (si tu peux le déterminer) ?
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 05 Oct 2009 22:29

Un très grand merci pour ton aide, Maybe :supers:

Je regarderais attentivement le journal des événements dès que possible (suis au boulot...)
Je n'ai fait aucune mise à jour volontaire récente. Je désactive autant que possible les mises à jour automatique et ne conserve que winupdate et antivir. Il est cependant possible qu'un programme ou l'autre m'ait échappé.
Pour ce qui est des circonstances : L'ordi était allumé sans tâche particulière. Un "tac-tac" régulier à commencé à se faire entendre (certainement dû au secteur défectueux du disque). J'ai cliqué sur l'icône d'outlook (qui était réduite dans le systray) pour l'ouvrir. Rien n'a bougé. Idem pour l'icône d'antivir. J'ai voulu arrêter la machine sans succès. J'ai pû cliquer normalement mais rien ne s'est passé. J'ai alors coupé avec le bouton power. Au démarrage suivant, j'ai eu l'écran de choix pour le mode sans échec et ai pris "normal". C'est alors que ça a commencé à ramer...
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar Ziggot » 06 Oct 2009 11:40

Ce matin, plus moyen de démarrer même en mode sans échec :roll: . Reboot en boucle...J'ai donc amené la tour chez l'assembleur chez qui je l'ai achetée. Etant encore sous garantie, il va tester le disque dur et le changer avec réinstalle de windows en cas de défaut.
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar maybe » 06 Oct 2009 12:18

Il fallait s'y attendre plus ou moins. Tu avais sauvegardé tes données (je te l'avais conseillé en début de sujet) ?
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 06 Oct 2009 13:45

Effectivement, ce n'est pas vraiment une surprise. Mes données ont bien été sauvegardées (je le fais de toute façon à intervalles réguliers. C'est toujours à l'improviste que ça crashe). Elles sont de plus stockées sur une partition dédiée et devraient être transférées lors de l'échange de disque dur. Il ne me restera plus qu'à reinstaller et paramétrer tout le bouzin :mrgreen: Je déprime déjà mais ça m'apprendra à ne pas faire une image disque quand tout va bien. J'y avais bêtement renoncé faute de place sur mon disque externe (c'est gourmand Vista).
Encore merci pour ton aide.
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Re: Journal d'événements windows

Messagepar maybe » 06 Oct 2009 19:13

J'y avais bêtement renoncé faute de place sur mon disque externe (c'est gourmand Vista).

Même avec des sauvegardes incrémentielles ? Dommage que ça t'oblige à tout réinstaller, mais l'essentiel ce sont les données. :-D

Bon courage pour tout remettre d'équerre !
« L’imprimerie a permis au peuple de lire, Internet va lui permettre d’écrire ». (Benjamin Bayart) http://www.framablog.org/index.php/post ... ture-seule
Avatar de l’utilisateur
maybe
Libellulien Junior
Libellulien Junior
 
Messages: 378
Inscription: 02 Déc 2008 10:04
Localisation: ailleurs

Re: Journal d'événements windows

Messagepar Ziggot » 07 Oct 2009 12:43

La sauvegarde me faisait quand même dans les 50 Go, trop pour mon pauvre disque saturé. Ca faisait un moment que je voulais m'en offrir un nouveau mais le problème s'est résolu de manière inattendue : Mon assembleur s'est trompé et m'a installé XP pro. Du coup, je vais avoir assez de place :mrgreen: Après quelques mois à tester Vista, je suis plutôt content de ce "retour en arrière"... Il paraît que le disque dur était vraiment au bout et qu'il a été possible de justesse de récupérer les données. Sur ce coup, j'ai vraiment soupconné windows à tort :?
Avatar de l’utilisateur
Ziggot
Libellulien Junior
Libellulien Junior
 
Messages: 142
Inscription: 13 Mai 2005 12:05
Localisation: Lôzane

Précédente

Retourner vers Windows 8

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités
cron