调试易

日志名称:          System
来源:            USER32
日期:            2014/5/12 12:22:29
事件 ID:         1074
任务类别:          无
级别:            信息
关键字:           经典
用户:            SYSTEM
计算机:           WIN-ET38ULMYEVT
描述:
进程 wininit.exe (127.0.0.1) 为用户 NT AUTHORITY\SYSTEM 开始计算机 WIN-ET38ULMYEVT 的 关闭电源，原因如下: 旧版 API 关机
 原因代码: 0x80070000
 关机类型: 关闭电源
 注释: 
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="USER32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-05-12T04:22:29.000000000Z" />
    <EventRecordID>6551</EventRecordID>
    <Channel>System</Channel>
    <Computer>WIN-ET38ULMYEVT</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>wininit.exe (127.0.0.1)</Data>
    <Data>WIN-ET38ULMYEVT</Data>
    <Data>旧版 API 关机</Data>
    <Data>0x80070000</Data>
    <Data>关闭电源</Data>
    <Data>
    </Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Binary>00000780000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>