...you can delete folders before the system blocks files.
I sheduled "C:\Windows\Logs" and "C:\Windows\System32\LogFiles" to delete at startup, rebooted and the EventLog was online again.
You are right:
"X:\***\movefile.exe" "C:\Windows\System32\LogFiles" ""
"X:\***\movefile.exe" "C:\Windows\Logs" ""
It -IS- a permission problem. But the snag was, that I wasn't able to change something with the permissions, because these files were in use. (Well... I believe that was the reason)
So add to my solution: The root-folders of the logfiles (Windows and System32) have to have permission sets, where the "system"-account is able to read and write files.
Then -after you delete the messed up folders- Windows will copy the permission for the recreated log-folders from their root-folder (and the system, as well as the services, are able to use the files).
And why the permissions were messed up at my PC I can only guess - I use a more or less virgin Vista and not any other OS ((Well... at -this- PC *gg*)).