Die Ereignisanzeige hat doch was ausgespuckt..... nämlich:
Protokollname: Application
Quelle: Microsoft-Windows-User Profiles Service
Datum: 19.12.2009 19:17:57
Ereignis-ID: 1530
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:
Benutzer: SYSTEM
Computer: Olli-PC
Beschreibung:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-3408727455-1684067407-3049641752-1001:
Process 2356 (\Device\HarddiskVolume3\Program Files\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary\Scanner
Ereignis-XML:
<Event xmlns="
http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-12-19T18:17:57.954863700Z" />
<EventRecordID>4743</EventRecordID>
<Correlation />
<Execution ProcessID="980" ThreadID="5552" />
<Channel>Application</Channel>
<Computer>Olli-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">6 user registry handles leaked from \Registry\User\S-1-5-21-3408727455-1684067407-3049641752-1001:
Process 2356 (\Device\HarddiskVolume3\Program Files\PC Connectivity Solution\ServiceLayer.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3032 (\Device\HarddiskVolume3\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-3408727455-1684067407-3049641752-1001\Software\Ahead\Nero Home\MediaLibrary\Scanner
</Data>
</EventData>
</Event>
Damit kann ich natürlich nicht viel anfangen :-)