Nach Benutzeranmeldungen nur Hintergrundbild ohne oder mit Icons aber Rechner hängt (wuauclt.exe?)
Guten Morgen Allerseits!
Wir haben seit meheren Tagen ein merkwürdiges Problem. Wenn sich die Benutzer (mich als Admin eingeschlossen) anmelden, dann kommt es sporadisch vor, dass man nur sein Hitergrundbild ohne Icons sieht und der Rechner hängt. Falls man seinen Desktop mit Icons sieht kann man diese nicht anklicken. Wenn man den Taskmanager öffnen will wird dieser gar nicht mehr angezeigt. Es sieht aus als wenn der komplette Explorer hängt.
Habe nun mal das Startlog aktiviert welches man unter "C:WINDOWSDebugUserModeuserenv.log" einsehen kann.
Dies kann man mit folgendem Registry Key aktivieren:
Hier mal das Log:
Wir haben seit meheren Tagen ein merkwürdiges Problem. Wenn sich die Benutzer (mich als Admin eingeschlossen) anmelden, dann kommt es sporadisch vor, dass man nur sein Hitergrundbild ohne Icons sieht und der Rechner hängt. Falls man seinen Desktop mit Icons sieht kann man diese nicht anklicken. Wenn man den Taskmanager öffnen will wird dieser gar nicht mehr angezeigt. Es sieht aus als wenn der komplette Explorer hängt.
Habe nun mal das Startlog aktiviert welches man unter "C:WINDOWSDebugUserModeuserenv.log" einsehen kann.
Dies kann man mit folgendem Registry Key aktivieren:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"UserEnvDebugLevel"=dword:00010002
Hier mal das Log:
USERENV(e8.ec) 08:18:23:105 UnloadUserProfile: Entering, hProfile = <0x120>
USERENV(e8.ec) 08:18:23:105 UnloadUserProfile: In console winlogon process
USERENV(e8.ec) 08:18:23:105 UnloadUserProfileP: Entering, hProfile = <0x120>
USERENV(e8.ec) 08:18:23:105 GetExclusionListFromRegistry: Policy list is empty, returning user list = <Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp;Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook>
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:18:23:121 CHashTable::HashAdd: S-1-5-21-2110330705-2278029354-3900480542-1502 added in bucket 15
USERENV(e8.ec) 08:18:23:121 UnloadUserProfileP: Wait succeeded. In critical section.
USERENV(e8.ec) 08:18:23:427 MyRegUnLoadKey: Returning 1.
USERENV(e8.ec) 08:18:23:443 UnloadUserProfileP: Succesfully unloaded profile
USERENV(e8.ec) 08:18:23:443 MyRegUnLoadKey: Returning 1.
USERENV(e8.ec) 08:18:23:443 UnLoadClassHive: Successfully unmounted S-1-5-21-2110330705-2278029354-3900480542-1502_Classes
USERENV(e8.ec) 08:18:23:443 UnloadUserProfileP: Successfully unloaded user classes
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Impersonated user
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Writing local ini file
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Reverting to Self
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: exitting and cleaning up
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:18:23:460 CHashTable::HashDelete: S-1-5-21-2110330705-2278029354-3900480542-1502 deleted
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Leave critical section.
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Leaving with a return value of 1
USERENV(e8.ec) 08:18:23:460 UnloadUserProfile: UnloadUserProfileP succeeded
USERENV(e8.ec) 08:18:23:460 UnloadUserProfile: returning 1
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: Entering, hProfile = <0x3dc>
USERENV(11c.d68) 08:18:27:336 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:18:27:336 DropClientContext: Got client token 00000524, sid = S-1-5-18
USERENV(e8.260) 08:18:27:336 MIDL_user_allocate enter
USERENV(e8.260) 08:18:27:336 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:18:27:336 DropClientContext: Returning 0
USERENV(11c.d68) 08:18:27:336 UnLoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.118) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Entering, hProfile = <0x570>
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: ImpersonateUser <00000524>, old token is <00000000>
USERENV(e8.118) 08:18:27:336 GetExclusionListFromRegistry: Policy list is empty, returning user list = <Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp>
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock: No existing entry found
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock: New entry created
USERENV(e8.118) 08:18:27:336 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Wait succeeded. In critical section.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Didn't unload user profile, Ref Count is 2
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Reverted back to user <00000000>
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock: Lock released
USERENV(e8.118) 08:18:27:336 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Leave critical section.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Leaving with a return value of 1
USERENV(e8.118) 08:18:27:336 UnloadUserProfileI: returning 0
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: Calling UnloadUserProfileI succeeded
USERENV(e8.100) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:18:27:336 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:18:27:336 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:18:27:336 MIDL_user_free enter
USERENV(11c.d68) 08:18:27:336 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: returning 1
USERENV(e8.ec) 08:19:10:734 InitializePolicyProcessing: Initialised Machine Mutex/Events
USERENV(e8.ec) 08:19:10:765 InitializePolicyProcessing: Initialised User Mutex/Events
USERENV(e8.ec) 08:19:10:765 LibMain: Process Name: \??\C:\WINDOWS\system32\winlogon.exe
USERENV(e8.ec) 08:19:11:375 Entering CUserProfile::Initialize ...
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize called by winlogon
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: critical section initialized
USERENV(e8.ec) 08:19:11:375 CSyncManager::Initialize: critical section initialized
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: registry key Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-21-2110330705-2278029354-3900480542-1502
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-21-2110330705-2278029354-3900480542-1502 added in bucket 15
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-21-2110330705-2278029354-3900480542-1502 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-21-1409082233-1229272821-839522115-500
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-21-1409082233-1229272821-839522115-500>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-21-1409082233-1229272821-839522115-500 added in bucket 13
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-21-1409082233-1229272821-839522115-500>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-21-1409082233-1229272821-839522115-500 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-20
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-19
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-18
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-18>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-18 added in bucket 11
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 1, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-18>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-18 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: RpcServerRegisterIfEx successful
USERENV(e8.ec) 08:19:11:375 Exiting CUserProfile::Initialize, successful
USERENV(11c.120) 08:19:11:406 LibMain: Process Name: C:\WINDOWS\system32\services.exe
USERENV(12c.130) 08:19:11:437 LibMain: Process Name: C:\WINDOWS\system32\lsass.exe
USERENV(e8.ec) 08:19:11:468 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(208.20c) 08:19:11:968 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:093 =========================================================
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Entering, hToken = <0x2c4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:093 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:093 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:093 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:12:093 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:093 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.100) 08:19:12:093 MIDL_user_allocate enter
USERENV(e8.100) 08:19:12:093 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:12:093 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:12:093 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:093 In LoadUserProfileP
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:12:093 =========================================================
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.260) 08:19:12:093 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:12:093 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:12:093 LoadUserProfile: User sid: S-1-5-20
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:12:093 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:12:093 RestoreUserProfile: Entering
USERENV(e8.260) 08:19:12:093 IsCentralProfileReachable: Entering
USERENV(e8.260) 08:19:12:093 IsCentralProfileReachable: Null path. Leaving
USERENV(e8.260) 08:19:12:093 RestoreUserProfile: Profile path = <>
USERENV(e8.260) 08:19:12:093 ExtractProfileFromBackup: A profile already exists
USERENV(e8.260) 08:19:12:093 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
USERENV(e8.260) 08:19:12:093 CreateLocalProfileKey: Not setting additional Security
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Found entry in profile list for existing local profile
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Expanded local profile image filename = <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: No local mandatory profile. Error = 2
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Found local profile image file ok <C:\Dokumente und Einstellungen\NetworkService\ntuser.dat>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2
USERENV(e8.260) 08:19:12:109 Local Existing Profile Image is reachable
USERENV(e8.260) 08:19:12:109 Local profile name is <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: No central profile. Attempting to load local profile.
USERENV(e8.260) 08:19:12:109 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:109 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(e8.260) 08:19:12:109 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:109 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:109 CreateClassHive: existing user classes hive found
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: About to Leave. Final Information follows:
USERENV(e8.260) 08:19:12:109 Profile was successfully loaded.
USERENV(e8.260) 08:19:12:109 lpProfile->lpRoamingProfile = <>
USERENV(e8.260) 08:19:12:109 lpProfile->lpLocalProfile = <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:109 lpProfile->dwInternalFlags = 0x0
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: Leaving.
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Entering
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Build numbers match
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Leaving Successfully
USERENV(e8.260) 08:19:12:109 GetProfileType: Profile already loaded.
USERENV(e8.260) 08:19:12:109 LoadProfileInfo: Failed to query central profile with error 2
USERENV(e8.260) 08:19:12:109 GetProfileType: ProfileFlags is 0
USERENV(e8.260) 08:19:12:156 Profile Ref Count is 1
USERENV(e8.260) 08:19:12:156 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:12:156 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:12:156 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(12c.184) 08:19:12:171 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.184) 08:19:12:171 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(12c.184) 08:19:12:171 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.184) 08:19:12:171 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:12:171 =========================================================
USERENV(e8.260) 08:19:12:171 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:171 lpProfileInfo->UserName = <NetworkService>
USERENV(11c.120) 08:19:12:171 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:171 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:12:171 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:171 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:12:171 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:12:171 MIDL_user_free enter
USERENV(11c.120) 08:19:12:187 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:187 LoadUserProfile: Returning TRUE. hProfile = <0x348>
USERENV(11c.120) 08:19:12:187 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:187 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(264.268) 08:19:12:203 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(640.644) 08:19:12:265 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:281 =========================================================
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Entering, hToken = <0x384>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:281 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:281 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:281 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:19:12:281 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:281 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.260) 08:19:12:281 MIDL_user_allocate enter
USERENV(e8.260) 08:19:12:281 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:19:12:281 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.100) 08:19:12:281 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:281 In LoadUserProfileP
USERENV(e8.100) 08:19:12:281 LoadUserProfile: Running as client
USERENV(e8.100) 08:19:12:296 =========================================================
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.100) 08:19:12:296 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL central profile path
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL default profile path
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL server name
USERENV(e8.100) 08:19:12:296 LoadUserProfile: User sid: S-1-5-20
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock: No existing entry found
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock: New entry created
USERENV(e8.100) 08:19:12:296 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.100) 08:19:12:296 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.100) 08:19:12:296 Profile Ref Count is 2
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Leaving critical Section.
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock: Lock released
USERENV(e8.100) 08:19:12:296 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.100) 08:19:12:296 =========================================================
USERENV(e8.100) 08:19:12:296 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:296 lpProfileInfo->UserName = <NetworkService>
USERENV(11c.120) 08:19:12:296 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:296 lpProfileInfo->dwFlags = 0x9
USERENV(e8.260) 08:19:12:296 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:296 ReleaseClientContext: Releasing context
USERENV(e8.260) 08:19:12:296 ReleaseClientContext_s: Releasing context
USERENV(e8.260) 08:19:12:296 MIDL_user_free enter
USERENV(11c.120) 08:19:12:296 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Returning TRUE. hProfile = <0x374>
USERENV(11c.120) 08:19:12:296 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:296 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(32c.334) 08:19:12:328 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:328 =========================================================
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Entering, hToken = <0x3a4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:328 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:328 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:328 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:12:328 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:328 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.100) 08:19:12:328 MIDL_user_allocate enter
USERENV(e8.100) 08:19:12:328 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:12:328 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:12:328 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:328 In LoadUserProfileP
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:12:328 =========================================================
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.260) 08:19:12:328 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:12:328 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:12:328 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:12:328 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:12:328 RestoreUserProfile: Entering
USERENV(e8.260) 08:19:12:328 IsCentralProfileReachable: Entering
USERENV(e8.260) 08:19:12:328 IsCentralProfileReachable: Null path. Leaving
USERENV(e8.260) 08:19:12:328 RestoreUserProfile: Profile path = <>
USERENV(e8.260) 08:19:12:328 ExtractProfileFromBackup: A profile already exists
USERENV(e8.260) 08:19:12:328 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
USERENV(e8.260) 08:19:12:328 CreateLocalProfileKey: Not setting additional Security
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Found entry in profile list for existing local profile
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Expanded local profile image filename = <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: No local mandatory profile. Error = 2
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Found local profile image file ok <C:\Dokumente und Einstellungen\LocalService\ntuser.dat>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2
USERENV(e8.260) 08:19:12:328 Local Existing Profile Image is reachable
USERENV(e8.260) 08:19:12:343 Local profile name is <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: No central profile. Attempting to load local profile.
USERENV(e8.260) 08:19:12:343 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:343 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(e8.260) 08:19:12:343 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:343 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:343 CreateClassHive: existing user classes hive found
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: About to Leave. Final Information follows:
USERENV(e8.260) 08:19:12:343 Profile was successfully loaded.
USERENV(e8.260) 08:19:12:343 lpProfile->lpRoamingProfile = <>
USERENV(e8.260) 08:19:12:343 lpProfile->lpLocalProfile = <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:343 lpProfile->dwInternalFlags = 0x0
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: Leaving.
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Entering
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Build numbers match
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Leaving Successfully
USERENV(e8.260) 08:19:12:343 GetProfileType: Profile already loaded.
USERENV(e8.260) 08:19:12:343 LoadProfileInfo: Failed to query central profile with error 2
USERENV(e8.260) 08:19:12:343 GetProfileType: ProfileFlags is 0
USERENV(e8.260) 08:19:12:375 Profile Ref Count is 1
USERENV(e8.260) 08:19:12:375 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:12:375 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:12:375 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(12c.1a4) 08:19:12:375 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.1a4) 08:19:12:375 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(12c.1a4) 08:19:12:375 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.1a4) 08:19:12:375 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:12:390 =========================================================
USERENV(e8.260) 08:19:12:390 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:390 lpProfileInfo->UserName = <LocalService>
USERENV(11c.120) 08:19:12:390 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:390 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:12:406 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:406 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:12:406 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:12:406 MIDL_user_free enter
USERENV(11c.120) 08:19:12:406 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:406 LoadUserProfile: Returning TRUE. hProfile = <0x398>
USERENV(11c.120) 08:19:12:406 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:406 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(4cc.4d0) 08:19:12:421 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(758.768) 08:19:12:968 LibMain: Process Name: C:\WINDOWS\system32\spoolsv.exe
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:984 =========================================================
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Entering, hToken = <0x3d4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:984 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:984 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:984 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:19:12:984 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:984 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.260) 08:19:12:984 MIDL_user_allocate enter
USERENV(e8.260) 08:19:12:984 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:19:12:984 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.100) 08:19:12:984 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:984 In LoadUserProfileP
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Running as client
USERENV(e8.100) 08:19:12:984 =========================================================
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.100) 08:19:12:984 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL central profile path
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL default profile path
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL server name
USERENV(e8.100) 08:19:12:984 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock: No existing entry found
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock: New entry created
USERENV(e8.100) 08:19:12:984 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.100) 08:19:12:984 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.100) 08:19:12:984 Profile Ref Count is 2
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Leaving critical Section.
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock: Lock released
USERENV(e8.100) 08:19:12:984 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.100) 08:19:12:984 =========================================================
USERENV(e8.100) 08:19:12:984 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:13:000 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:13:000 lpProfileInfo->UserName = <LocalService>
USERENV(11c.120) 08:19:13:000 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:13:000 lpProfileInfo->dwFlags = 0x9
USERENV(e8.260) 08:19:13:000 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:13:000 ReleaseClientContext: Releasing context
USERENV(e8.260) 08:19:13:000 ReleaseClientContext_s: Releasing context
USERENV(e8.260) 08:19:13:000 MIDL_user_free enter
USERENV(11c.120) 08:19:13:000 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:13:000 LoadUserProfile: Returning TRUE. hProfile = <0x3cc>
USERENV(11c.120) 08:19:13:000 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:13:000 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(790.794) 08:19:13:015 LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe
USERENV(4b4.4b8) 08:19:22:078 LibMain: Process Name: C:\WINDOWS\system32\cisvc.exe
USERENV(568.57c) 08:19:28:312 LibMain: Process Name: C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
USERENV(568.57c) 08:19:28:359 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(3f0.3ec) 08:19:28:421 LibMain: Process Name: C:\Programme\VMware\VMware Workstation\vmware-authd.exe
USERENV(bc.180) 08:19:29:093 LibMain: Process Name: C:\Programme\Exchsrvr\bin\exmgmt.exe
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.68c) 08:19:29:671 =========================================================
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Entering, hToken = <0x28>, lpProfileInfo = 0xd8f6ec
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL central profile path
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL default profile path
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL server name
USERENV(11c.68c) 08:19:29:671 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:29:671 DropClientContext: Got client token 000004D8, sid = S-1-5-18
USERENV(e8.100) 08:19:29:671 MIDL_user_allocate enter
USERENV(e8.100) 08:19:29:671 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:29:671 DropClientContext: Returning 0
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:29:671 In LoadUserProfileP
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:29:671 =========================================================
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Entering, hToken = <0x4dc>, lpProfileInfo = 0x79380
USERENV(e8.260) 08:19:29:671 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:29:671 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:29:671 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:29:671 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.260) 08:19:29:671 Profile Ref Count is 3
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:29:671 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Impersonated user: 000004dc, 000004fc
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:29:671 =========================================================
USERENV(e8.260) 08:19:29:671 LoadUserProfileI: returning 0
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Running as self
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->UserName = <LocalService>
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->lpProfilePath = <>
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:29:671 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:29:671 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:29:671 MIDL_user_free enter
USERENV(11c.68c) 08:19:29:671 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Returning TRUE. hProfile = <0x35c>
USERENV(11c.68c) 08:19:29:671 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.68c) 08:19:29:671 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(338.5ac) 08:19:29:703 LibMain: Process Name: C:\WINDOWS\System32\alg.exe
USERENV(4a4.544) 08:19:35:140 LibMain: Process Name: C:\WINDOWS\system32\ipconfig.exe
USERENV(120.358) 08:19:35:734 LibMain: Process Name: C:\Programme\Trend Micro\OfficeScan Client\TSC.EXE
USERENV(120.358) 08:19:35:734 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:765 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:812 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.ec) 08:19:46:983 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(e8.c60) 08:19:46:999 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(e8.c60) 08:19:46:999 ApplyGroupPolicy: Entering. Flags = f
USERENV(e8.c60) 08:19:46:999 ProcessGPOs:
USERENV(e8.c60) 08:19:46:999 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 ProcessGPOs: Starting computer Group Policy (Async forground) processing...
USERENV(e8.c60) 08:19:47:015 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Machine critical section has been claimed. Handle = 0xf8
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(e8.c60) 08:19:47:015 ProcessGPOs: Machine role is 2.
USERENV(e8.c60) 08:19:47:015 PingComputer: PingBufferSize set as 2048
USERENV(e8.c60) 08:19:47:031 PingComputer: Adapter speed 100000000 bps
USERENV(e8.c60) 08:19:47:031 PingComputer: First time: 0
USERENV(e8.c60) 08:19:47:031 PingComputer: Fast link. Exiting.
USERENV(e8.c60) 08:19:47:031 ProcessGPOs: network name is unseredomaene.org
USERENV(e8.c60) 08:19:47:048 ProcessGPOs: User name is: CN=XPLT-00-6844,OU=Computer,OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org, Domain name is: unserefirma-ORG
USERENV(e8.c60) 08:19:47:048 ProcessGPOs: Domain controller is: \\DC01.unseredomaene.org Domain DN is unseredomaene.org
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for dskquota.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for iedkcs32.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for scecli.dll.
USERENV(e8.c60) 08:19:47:064 ReadGPExtensions: Rsop entry point not found for C:\WINDOWS\System32\cscui.dll.
USERENV(e8.c60) 08:19:47:064 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(e8.c60) 08:19:47:064 ProcessGPOs: Calling GetGPOInfo for normal policy mode
USERENV(e8.c60) 08:19:47:064 GetGPOInfo:
USERENV(e8.c60) 08:19:47:064 GetGPOInfo: Entering...
USERENV(e8.c60) 08:19:47:096 GetGPOInfo: Server connection established.
USERENV(e8.c60) 08:19:47:112 GetGPOInfo: Bound successfully.
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=Computer,OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Found GPO(s): < >
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Found GPO(s): <[LDAP:cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org;0]>
USERENV(e8.c60) 08:19:47:112 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:112 ProcessGPO: Deferring search for <LDAP:cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Found GPO(s): <[LDAP:cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org;0][LDAP:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org;0]>
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:128 ProcessGPO: Deferring search for <LDAP:cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:128 ProcessGPO: Deferring search for <LDAP:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <CN=de-00,CN=Sites,CN=Configuration,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:128 EvaluateDeferredGPOs: Searching for GPOs in cn=policies,cn=system,DC=unserefirma,DC=org
USERENV(e8.c60) 08:19:47:128 EvalList: Object <cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org> cannot be accessed
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Searching <CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Machine has access to this GPO.
USERENV(e8.c60) 08:19:47:145 ProcessGPO: GPO passes the filter check.
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Found functionality version of: 2
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Found file system path of: <\\unseredomaene.org\sysvol\unseredomaene.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found common name of: <{31B2F340-016D-11D2-945F-00C04FB984F9}>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found display name of: <Default Domain Policy>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found machine version of: GPC is 327, GPT is 327
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found flags of: 0
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
USERENV(e8.c60) 08:19:47:161 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:161 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Searching <cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Machine has access to this GPO.
USERENV(e8.c60) 08:19:47:161 ProcessGPO: GPO passes the filter check.
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found functionality version of: 2
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found file system path of: <\\unseredomaene.org\SysVol\unseredomaene.org\Policies\{1BD0F65B-3312-42B4-89BD-B27D4BBF9C03}>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found common name of: <{1BD0F65B-3312-42B4-89BD-B27D4BBF9C03}>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found display name of: <de-00 Standard>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found machine version of: GPC is 135, GPT is 135
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found flags of: 0
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
USERENV(e8.c60) 08:19:47:177 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:177 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(e8.c60) 08:19:47:177 GetGPOInfo: Leaving with 1
USERENV(e8.c60) 08:19:47:177 GetGPOInfo:
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: Logging Data for Target <XPLT-00-6844>.
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: Processing extension Registrierung
USERENV(e8.c60) 08:19:47:177 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:177 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:177 CheckGPOs: No GPO changes and no security group membership change and extension Registrierung has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Drahtlos
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Drahtlos's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Drahtlos skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Folder Redirection
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Folder Redirection's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Folder Redirection skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Microsoft-Datenträgerkontingent
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Microsoft-Datenträgerkontingent's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Microsoft-Datenträgerkontingent skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension QoS-Paketplaner
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension QoS-Paketplaner's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension QoS-Paketplaner skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Skripts
USERENV(e8.c60) 08:19:47:193 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension Skripts has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Internet Explorer Zonemapping
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Zonemapping's status or policy time.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Extension Internet Explorer Zonemapping skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Security
USERENV(e8.c60) 08:19:47:209 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension Security has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Internet Explorer Branding
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Branding's status or policy time.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Extension Internet Explorer Branding skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension EFS recovery
USERENV(e8.c60) 08:19:47:209 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension EFS recovery has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Microsoft Offline Files
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension Microsoft Offline Files's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension Microsoft Offline Files skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Processing extension Softwareinstallation
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension Softwareinstallation's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension Softwareinstallation skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Processing extension IP-Sicherheit
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension IP-Sicherheit's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension IP-Sicherheit skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 SetFgRefreshInfo: Previous Machine Fg policy Asynchronous, Reason: NoNeedForSync.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(e8.c60) 08:19:47:225 LeaveCriticalPolicySection: Critical section 0xf8 has been released.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Computer Group Policy has been applied.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Leaving with 1.
USERENV(e8.c60) 08:19:47:225 ApplyGroupPolicy: Leaving successfully.
USERENV(e8.cdc) 08:19:47:225 GPOThread: Next refresh will happen in 93 minutes
USERENV(e8.cfc) 08:19:54:673 SetFgRefreshInfo: Next User Fg policy Synchronous, Reason: NonCachedCredentials.
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(e8.ec) 08:19:55:594 =========================================================
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Entering, hToken = <0x5c4>, lpProfileInfo = 0x6e3e0
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpUserName = <meine_wenigkeit>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: NULL central profile path
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\DC01\netlogon\Default User>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: NULL server name
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: In console winlogon process
USERENV(e8.ec) 08:19:55:594 In LoadUserProfileP
USERENV(e8.ec) 08:19:55:594 =========================================================
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Entering, hToken = <0x5c4>, lpProfileInfo = 0x6e3e0
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpUserName = <meine_wenigkeit>
USERENV(e8.ec) 08:19:55:610 LoadUserProfile: NULL central profile path
USERENV(e8.ec) 08:19:55:610 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\DC01\netlogon\Default
USERENV(e8.ec) 08:18:23:105 UnloadUserProfile: In console winlogon process
USERENV(e8.ec) 08:18:23:105 UnloadUserProfileP: Entering, hProfile = <0x120>
USERENV(e8.ec) 08:18:23:105 GetExclusionListFromRegistry: Policy list is empty, returning user list = <Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp;Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook>
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:18:23:121 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:18:23:121 CHashTable::HashAdd: S-1-5-21-2110330705-2278029354-3900480542-1502 added in bucket 15
USERENV(e8.ec) 08:18:23:121 UnloadUserProfileP: Wait succeeded. In critical section.
USERENV(e8.ec) 08:18:23:427 MyRegUnLoadKey: Returning 1.
USERENV(e8.ec) 08:18:23:443 UnloadUserProfileP: Succesfully unloaded profile
USERENV(e8.ec) 08:18:23:443 MyRegUnLoadKey: Returning 1.
USERENV(e8.ec) 08:18:23:443 UnLoadClassHive: Successfully unmounted S-1-5-21-2110330705-2278029354-3900480542-1502_Classes
USERENV(e8.ec) 08:18:23:443 UnloadUserProfileP: Successfully unloaded user classes
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Impersonated user
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Writing local ini file
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Reverting to Self
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: exitting and cleaning up
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:18:23:460 CHashTable::HashDelete: S-1-5-21-2110330705-2278029354-3900480542-1502 deleted
USERENV(e8.ec) 08:18:23:460 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Leave critical section.
USERENV(e8.ec) 08:18:23:460 UnloadUserProfileP: Leaving with a return value of 1
USERENV(e8.ec) 08:18:23:460 UnloadUserProfile: UnloadUserProfileP succeeded
USERENV(e8.ec) 08:18:23:460 UnloadUserProfile: returning 1
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: Entering, hProfile = <0x3dc>
USERENV(11c.d68) 08:18:27:336 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:18:27:336 DropClientContext: Got client token 00000524, sid = S-1-5-18
USERENV(e8.260) 08:18:27:336 MIDL_user_allocate enter
USERENV(e8.260) 08:18:27:336 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:18:27:336 DropClientContext: Returning 0
USERENV(11c.d68) 08:18:27:336 UnLoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.118) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Entering, hProfile = <0x570>
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: ImpersonateUser <00000524>, old token is <00000000>
USERENV(e8.118) 08:18:27:336 GetExclusionListFromRegistry: Policy list is empty, returning user list = <Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp>
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock: No existing entry found
USERENV(e8.118) 08:18:27:336 CSyncManager::EnterLock: New entry created
USERENV(e8.118) 08:18:27:336 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Wait succeeded. In critical section.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Didn't unload user profile, Ref Count is 2
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Reverted back to user <00000000>
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock: Lock released
USERENV(e8.118) 08:18:27:336 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.118) 08:18:27:336 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Leave critical section.
USERENV(e8.118) 08:18:27:336 UnloadUserProfileP: Leaving with a return value of 1
USERENV(e8.118) 08:18:27:336 UnloadUserProfileI: returning 0
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: Calling UnloadUserProfileI succeeded
USERENV(e8.100) 08:18:27:336 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:18:27:336 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:18:27:336 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:18:27:336 MIDL_user_free enter
USERENV(11c.d68) 08:18:27:336 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.d68) 08:18:27:336 UnloadUserProfile: returning 1
USERENV(e8.ec) 08:19:10:734 InitializePolicyProcessing: Initialised Machine Mutex/Events
USERENV(e8.ec) 08:19:10:765 InitializePolicyProcessing: Initialised User Mutex/Events
USERENV(e8.ec) 08:19:10:765 LibMain: Process Name: \??\C:\WINDOWS\system32\winlogon.exe
USERENV(e8.ec) 08:19:11:375 Entering CUserProfile::Initialize ...
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize called by winlogon
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: critical section initialized
USERENV(e8.ec) 08:19:11:375 CSyncManager::Initialize: critical section initialized
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: registry key Software\Microsoft\Windows NT\CurrentVersion\ProfileList opened
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-21-2110330705-2278029354-3900480542-1502
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-21-2110330705-2278029354-3900480542-1502 added in bucket 15
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-21-2110330705-2278029354-3900480542-1502>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-21-2110330705-2278029354-3900480542-1502 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-21-1409082233-1229272821-839522115-500
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-21-1409082233-1229272821-839522115-500>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-21-1409082233-1229272821-839522115-500 added in bucket 13
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 0, state is 00000100
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-21-1409082233-1229272821-839522115-500>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-21-1409082233-1229272821-839522115-500 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-20
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-19
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 2, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: Proccessing S-1-5-18
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock <S-1-5-18>
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: No existing entry found
USERENV(e8.ec) 08:19:11:375 CSyncManager::EnterLock: New entry created
USERENV(e8.ec) 08:19:11:375 CHashTable::HashAdd: S-1-5-18 added in bucket 11
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Enter critical section.
USERENV(e8.ec) 08:19:11:375 CUserProfile::GetRefCountAndFlags: Ref count is 1, state is 00000000
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock <S-1-5-18>
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.ec) 08:19:11:375 CHashTable::HashDelete: S-1-5-18 deleted
USERENV(e8.ec) 08:19:11:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.ec) 08:19:11:375 CUserProfile::CleanupUserProfile: Leave critical section
USERENV(e8.ec) 08:19:11:375 CUserProfile::Initialize: RpcServerRegisterIfEx successful
USERENV(e8.ec) 08:19:11:375 Exiting CUserProfile::Initialize, successful
USERENV(11c.120) 08:19:11:406 LibMain: Process Name: C:\WINDOWS\system32\services.exe
USERENV(12c.130) 08:19:11:437 LibMain: Process Name: C:\WINDOWS\system32\lsass.exe
USERENV(e8.ec) 08:19:11:468 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(208.20c) 08:19:11:968 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:093 =========================================================
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Entering, hToken = <0x2c4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:093 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:093 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:093 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:093 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:12:093 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:093 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.100) 08:19:12:093 MIDL_user_allocate enter
USERENV(e8.100) 08:19:12:093 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:12:093 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:093 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:12:093 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:093 In LoadUserProfileP
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:12:093 =========================================================
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.260) 08:19:12:093 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:12:093 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:12:093 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:12:093 LoadUserProfile: User sid: S-1-5-20
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:12:093 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:12:093 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.260) 08:19:12:093 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:12:093 RestoreUserProfile: Entering
USERENV(e8.260) 08:19:12:093 IsCentralProfileReachable: Entering
USERENV(e8.260) 08:19:12:093 IsCentralProfileReachable: Null path. Leaving
USERENV(e8.260) 08:19:12:093 RestoreUserProfile: Profile path = <>
USERENV(e8.260) 08:19:12:093 ExtractProfileFromBackup: A profile already exists
USERENV(e8.260) 08:19:12:093 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
USERENV(e8.260) 08:19:12:093 CreateLocalProfileKey: Not setting additional Security
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Found entry in profile list for existing local profile
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Expanded local profile image filename = <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: No local mandatory profile. Error = 2
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Found local profile image file ok <C:\Dokumente und Einstellungen\NetworkService\ntuser.dat>
USERENV(e8.260) 08:19:12:093 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2
USERENV(e8.260) 08:19:12:109 Local Existing Profile Image is reachable
USERENV(e8.260) 08:19:12:109 Local profile name is <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: No central profile. Attempting to load local profile.
USERENV(e8.260) 08:19:12:109 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:109 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(e8.260) 08:19:12:109 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:109 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:109 CreateClassHive: existing user classes hive found
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: About to Leave. Final Information follows:
USERENV(e8.260) 08:19:12:109 Profile was successfully loaded.
USERENV(e8.260) 08:19:12:109 lpProfile->lpRoamingProfile = <>
USERENV(e8.260) 08:19:12:109 lpProfile->lpLocalProfile = <C:\Dokumente und Einstellungen\NetworkService>
USERENV(e8.260) 08:19:12:109 lpProfile->dwInternalFlags = 0x0
USERENV(e8.260) 08:19:12:109 RestoreUserProfile: Leaving.
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Entering
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Build numbers match
USERENV(e8.260) 08:19:12:109 UpgradeProfile: Leaving Successfully
USERENV(e8.260) 08:19:12:109 GetProfileType: Profile already loaded.
USERENV(e8.260) 08:19:12:109 LoadProfileInfo: Failed to query central profile with error 2
USERENV(e8.260) 08:19:12:109 GetProfileType: ProfileFlags is 0
USERENV(e8.260) 08:19:12:156 Profile Ref Count is 1
USERENV(e8.260) 08:19:12:156 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:12:156 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.260) 08:19:12:156 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:12:156 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(12c.184) 08:19:12:171 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.184) 08:19:12:171 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(12c.184) 08:19:12:171 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.184) 08:19:12:171 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:12:171 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:12:171 =========================================================
USERENV(e8.260) 08:19:12:171 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:171 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:171 lpProfileInfo->UserName = <NetworkService>
USERENV(11c.120) 08:19:12:171 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:171 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:12:171 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:171 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:12:171 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:12:171 MIDL_user_free enter
USERENV(11c.120) 08:19:12:187 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:187 LoadUserProfile: Returning TRUE. hProfile = <0x348>
USERENV(11c.120) 08:19:12:187 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:187 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(264.268) 08:19:12:203 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(640.644) 08:19:12:265 LibMain: Process Name: C:\WINDOWS\System32\svchost.exe
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:281 =========================================================
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Entering, hToken = <0x384>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:281 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:281 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:281 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:281 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:19:12:281 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:281 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.260) 08:19:12:281 MIDL_user_allocate enter
USERENV(e8.260) 08:19:12:281 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:19:12:281 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:281 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.100) 08:19:12:281 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:281 In LoadUserProfileP
USERENV(e8.100) 08:19:12:281 LoadUserProfile: Running as client
USERENV(e8.100) 08:19:12:296 =========================================================
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.100) 08:19:12:296 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: lpProfileInfo->lpUserName = <NetworkService>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL central profile path
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL default profile path
USERENV(e8.100) 08:19:12:296 LoadUserProfile: NULL server name
USERENV(e8.100) 08:19:12:296 LoadUserProfile: User sid: S-1-5-20
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock <S-1-5-20>
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock: No existing entry found
USERENV(e8.100) 08:19:12:296 CSyncManager::EnterLock: New entry created
USERENV(e8.100) 08:19:12:296 CHashTable::HashAdd: S-1-5-20 added in bucket 4
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.100) 08:19:12:296 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.100) 08:19:12:296 Profile Ref Count is 2
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Leaving critical Section.
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock <S-1-5-20>
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock: Lock released
USERENV(e8.100) 08:19:12:296 CHashTable::HashDelete: S-1-5-20 deleted
USERENV(e8.100) 08:19:12:296 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.100) 08:19:12:296 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.100) 08:19:12:296 =========================================================
USERENV(e8.100) 08:19:12:296 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:296 lpProfileInfo->UserName = <NetworkService>
USERENV(11c.120) 08:19:12:296 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:296 lpProfileInfo->dwFlags = 0x9
USERENV(e8.260) 08:19:12:296 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:296 ReleaseClientContext: Releasing context
USERENV(e8.260) 08:19:12:296 ReleaseClientContext_s: Releasing context
USERENV(e8.260) 08:19:12:296 MIDL_user_free enter
USERENV(11c.120) 08:19:12:296 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:296 LoadUserProfile: Returning TRUE. hProfile = <0x374>
USERENV(11c.120) 08:19:12:296 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:296 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(32c.334) 08:19:12:328 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:328 =========================================================
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Entering, hToken = <0x3a4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:328 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:328 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:328 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:328 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:12:328 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:328 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.100) 08:19:12:328 MIDL_user_allocate enter
USERENV(e8.100) 08:19:12:328 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:12:328 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:328 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:12:328 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:328 In LoadUserProfileP
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:12:328 =========================================================
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.260) 08:19:12:328 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:12:328 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:12:328 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:12:328 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:12:328 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:12:328 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.260) 08:19:12:328 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:12:328 RestoreUserProfile: Entering
USERENV(e8.260) 08:19:12:328 IsCentralProfileReachable: Entering
USERENV(e8.260) 08:19:12:328 IsCentralProfileReachable: Null path. Leaving
USERENV(e8.260) 08:19:12:328 RestoreUserProfile: Profile path = <>
USERENV(e8.260) 08:19:12:328 ExtractProfileFromBackup: A profile already exists
USERENV(e8.260) 08:19:12:328 PatchNewProfileIfRequred: A profile already exists with the current sid, exitting
USERENV(e8.260) 08:19:12:328 CreateLocalProfileKey: Not setting additional Security
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Found entry in profile list for existing local profile
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Local profile image filename = <%SystemDrive%\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Expanded local profile image filename = <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: No local mandatory profile. Error = 2
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Found local profile image file ok <C:\Dokumente und Einstellungen\LocalService\ntuser.dat>
USERENV(e8.260) 08:19:12:328 GetExistingLocalProfileImage: Failed to query low profile unload time with error 2
USERENV(e8.260) 08:19:12:328 Local Existing Profile Image is reachable
USERENV(e8.260) 08:19:12:343 Local profile name is <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: No central profile. Attempting to load local profile.
USERENV(e8.260) 08:19:12:343 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:343 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(e8.260) 08:19:12:343 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:343 MyRegLoadKey: Returning 00000000
USERENV(e8.260) 08:19:12:343 CreateClassHive: existing user classes hive found
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: About to Leave. Final Information follows:
USERENV(e8.260) 08:19:12:343 Profile was successfully loaded.
USERENV(e8.260) 08:19:12:343 lpProfile->lpRoamingProfile = <>
USERENV(e8.260) 08:19:12:343 lpProfile->lpLocalProfile = <C:\Dokumente und Einstellungen\LocalService>
USERENV(e8.260) 08:19:12:343 lpProfile->dwInternalFlags = 0x0
USERENV(e8.260) 08:19:12:343 RestoreUserProfile: Leaving.
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Entering
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Build numbers match
USERENV(e8.260) 08:19:12:343 UpgradeProfile: Leaving Successfully
USERENV(e8.260) 08:19:12:343 GetProfileType: Profile already loaded.
USERENV(e8.260) 08:19:12:343 LoadProfileInfo: Failed to query central profile with error 2
USERENV(e8.260) 08:19:12:343 GetProfileType: ProfileFlags is 0
USERENV(e8.260) 08:19:12:375 Profile Ref Count is 1
USERENV(e8.260) 08:19:12:375 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:12:375 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.260) 08:19:12:375 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:12:375 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(12c.1a4) 08:19:12:375 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.1a4) 08:19:12:375 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(12c.1a4) 08:19:12:375 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(12c.1a4) 08:19:12:375 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:12:390 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:12:390 =========================================================
USERENV(e8.260) 08:19:12:390 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:12:390 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:12:390 lpProfileInfo->UserName = <LocalService>
USERENV(11c.120) 08:19:12:390 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:12:390 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:12:406 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:406 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:12:406 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:12:406 MIDL_user_free enter
USERENV(11c.120) 08:19:12:406 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:12:406 LoadUserProfile: Returning TRUE. hProfile = <0x398>
USERENV(11c.120) 08:19:12:406 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:12:406 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(4cc.4d0) 08:19:12:421 LibMain: Process Name: C:\WINDOWS\system32\svchost.exe
USERENV(758.768) 08:19:12:968 LibMain: Process Name: C:\WINDOWS\system32\spoolsv.exe
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.120) 08:19:12:984 =========================================================
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Entering, hToken = <0x3d4>, lpProfileInfo = 0x7fcf8
USERENV(11c.120) 08:19:12:984 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.120) 08:19:12:984 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL central profile path
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL default profile path
USERENV(11c.120) 08:19:12:984 LoadUserProfile: NULL server name
USERENV(11c.120) 08:19:12:984 GetInterface: Returning rpc binding handle
USERENV(e8.260) 08:19:12:984 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:12:984 DropClientContext: Got client token 000004C4, sid = S-1-5-18
USERENV(e8.260) 08:19:12:984 MIDL_user_allocate enter
USERENV(e8.260) 08:19:12:984 DropClientContext: load profile object successfully made
USERENV(e8.260) 08:19:12:984 DropClientContext: Returning 0
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.100) 08:19:12:984 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:12:984 In LoadUserProfileP
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Running as client
USERENV(e8.100) 08:19:12:984 =========================================================
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Entering, hToken = <0x4d0>, lpProfileInfo = 0xe8a618
USERENV(e8.100) 08:19:12:984 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL central profile path
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL default profile path
USERENV(e8.100) 08:19:12:984 LoadUserProfile: NULL server name
USERENV(e8.100) 08:19:12:984 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock: No existing entry found
USERENV(e8.100) 08:19:12:984 CSyncManager::EnterLock: New entry created
USERENV(e8.100) 08:19:12:984 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.100) 08:19:12:984 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.100) 08:19:12:984 Profile Ref Count is 2
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Leaving critical Section.
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock: Lock released
USERENV(e8.100) 08:19:12:984 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.100) 08:19:12:984 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Impersonated user: 000004d0, 000004dc
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.100) 08:19:12:984 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.100) 08:19:12:984 =========================================================
USERENV(e8.100) 08:19:12:984 LoadUserProfileI: returning 0
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Running as self
USERENV(11c.120) 08:19:12:984 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.120) 08:19:13:000 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.120) 08:19:13:000 lpProfileInfo->UserName = <LocalService>
USERENV(11c.120) 08:19:13:000 lpProfileInfo->lpProfilePath = <>
USERENV(11c.120) 08:19:13:000 lpProfileInfo->dwFlags = 0x9
USERENV(e8.260) 08:19:13:000 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:13:000 ReleaseClientContext: Releasing context
USERENV(e8.260) 08:19:13:000 ReleaseClientContext_s: Releasing context
USERENV(e8.260) 08:19:13:000 MIDL_user_free enter
USERENV(11c.120) 08:19:13:000 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.120) 08:19:13:000 LoadUserProfile: Returning TRUE. hProfile = <0x3cc>
USERENV(11c.120) 08:19:13:000 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.120) 08:19:13:000 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(790.794) 08:19:13:015 LibMain: Process Name: C:\WINDOWS\System32\SCardSvr.exe
USERENV(4b4.4b8) 08:19:22:078 LibMain: Process Name: C:\WINDOWS\system32\cisvc.exe
USERENV(568.57c) 08:19:28:312 LibMain: Process Name: C:\Programme\Trend Micro\OfficeScan Client\ntrtscan.exe
USERENV(568.57c) 08:19:28:359 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(3f0.3ec) 08:19:28:421 LibMain: Process Name: C:\Programme\VMware\VMware Workstation\vmware-authd.exe
USERENV(bc.180) 08:19:29:093 LibMain: Process Name: C:\Programme\Exchsrvr\bin\exmgmt.exe
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(11c.68c) 08:19:29:671 =========================================================
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Entering, hToken = <0x28>, lpProfileInfo = 0xd8f6ec
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL central profile path
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL default profile path
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: NULL server name
USERENV(11c.68c) 08:19:29:671 GetInterface: Returning rpc binding handle
USERENV(e8.100) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:29:671 DropClientContext: Got client token 000004D8, sid = S-1-5-18
USERENV(e8.100) 08:19:29:671 MIDL_user_allocate enter
USERENV(e8.100) 08:19:29:671 DropClientContext: load profile object successfully made
USERENV(e8.100) 08:19:29:671 DropClientContext: Returning 0
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Calling DropClientToken (as self) succeeded
USERENV(e8.260) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.260) 08:19:29:671 In LoadUserProfileP
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Running as client
USERENV(e8.260) 08:19:29:671 =========================================================
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Entering, hToken = <0x4dc>, lpProfileInfo = 0x79380
USERENV(e8.260) 08:19:29:671 LoadUserProfile: lpProfileInfo->dwFlags = <0x9>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: lpProfileInfo->lpUserName = <LocalService>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL central profile path
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL default profile path
USERENV(e8.260) 08:19:29:671 LoadUserProfile: NULL server name
USERENV(e8.260) 08:19:29:671 LoadUserProfile: User sid: S-1-5-19
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock <S-1-5-19>
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock: No existing entry found
USERENV(e8.260) 08:19:29:671 CSyncManager::EnterLock: New entry created
USERENV(e8.260) 08:19:29:671 CHashTable::HashAdd: S-1-5-19 added in bucket 12
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Wait succeeded. In critical section.
USERENV(e8.260) 08:19:29:671 TestIfUserProfileLoaded: Profile already loaded.
USERENV(e8.260) 08:19:29:671 Profile Ref Count is 3
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Leaving critical Section.
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock <S-1-5-19>
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock: Lock released
USERENV(e8.260) 08:19:29:671 CHashTable::HashDelete: S-1-5-19 deleted
USERENV(e8.260) 08:19:29:671 CSyncManager::LeaveLock: Lock deleted
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Impersonated user: 000004dc, 000004fc
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Reverted to user: 00000000
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Reverted back to user <00000000>
USERENV(e8.260) 08:19:29:671 LoadUserProfile: Leaving with a value of 1.
USERENV(e8.260) 08:19:29:671 =========================================================
USERENV(e8.260) 08:19:29:671 LoadUserProfileI: returning 0
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Running as self
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Calling LoadUserProfileI (as user) succeeded
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Returning success. Final Information follows:
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->UserName = <LocalService>
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->lpProfilePath = <>
USERENV(11c.68c) 08:19:29:671 lpProfileInfo->dwFlags = 0x9
USERENV(e8.100) 08:19:29:671 IProfileSecurityCallBack: client authenticated.
USERENV(e8.100) 08:19:29:671 ReleaseClientContext: Releasing context
USERENV(e8.100) 08:19:29:671 ReleaseClientContext_s: Releasing context
USERENV(e8.100) 08:19:29:671 MIDL_user_free enter
USERENV(11c.68c) 08:19:29:671 ReleaseInterface: Releasing rpc binding handle
USERENV(11c.68c) 08:19:29:671 LoadUserProfile: Returning TRUE. hProfile = <0x35c>
USERENV(11c.68c) 08:19:29:671 GetUserDNSDomainName: Domain name is NT Authority. No DNS domain name available.
USERENV(11c.68c) 08:19:29:671 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(338.5ac) 08:19:29:703 LibMain: Process Name: C:\WINDOWS\System32\alg.exe
USERENV(4a4.544) 08:19:35:140 LibMain: Process Name: C:\WINDOWS\system32\ipconfig.exe
USERENV(120.358) 08:19:35:734 LibMain: Process Name: C:\Programme\Trend Micro\OfficeScan Client\TSC.EXE
USERENV(120.358) 08:19:35:734 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:750 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:765 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(120.358) 08:19:35:812 ProcessAutoexec: Cannot process autoexec.bat.
USERENV(e8.ec) 08:19:46:983 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(e8.c60) 08:19:46:999 IsSyncForegroundPolicyRefresh: Asynchronous, Reason: NoNeedForSync
USERENV(e8.c60) 08:19:46:999 ApplyGroupPolicy: Entering. Flags = f
USERENV(e8.c60) 08:19:46:999 ProcessGPOs:
USERENV(e8.c60) 08:19:46:999 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 ProcessGPOs: Starting computer Group Policy (Async forground) processing...
USERENV(e8.c60) 08:19:47:015 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 ProcessGPOs:
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Machine critical section has been claimed. Handle = 0xf8
USERENV(e8.c60) 08:19:47:015 EnterCriticalPolicySectionEx: Leaving successfully.
USERENV(e8.c60) 08:19:47:015 ProcessGPOs: Machine role is 2.
USERENV(e8.c60) 08:19:47:015 PingComputer: PingBufferSize set as 2048
USERENV(e8.c60) 08:19:47:031 PingComputer: Adapter speed 100000000 bps
USERENV(e8.c60) 08:19:47:031 PingComputer: First time: 0
USERENV(e8.c60) 08:19:47:031 PingComputer: Fast link. Exiting.
USERENV(e8.c60) 08:19:47:031 ProcessGPOs: network name is unseredomaene.org
USERENV(e8.c60) 08:19:47:048 ProcessGPOs: User name is: CN=XPLT-00-6844,OU=Computer,OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org, Domain name is: unserefirma-ORG
USERENV(e8.c60) 08:19:47:048 ProcessGPOs: Domain controller is: \\DC01.unseredomaene.org Domain DN is unseredomaene.org
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for dskquota.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for iedkcs32.dll.
USERENV(e8.c60) 08:19:47:048 ReadGPExtensions: Rsop entry point not found for scecli.dll.
USERENV(e8.c60) 08:19:47:064 ReadGPExtensions: Rsop entry point not found for C:\WINDOWS\System32\cscui.dll.
USERENV(e8.c60) 08:19:47:064 ReadGPExtensions: Rsop entry point not found for gptext.dll.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {35378EAC-683F-11D2-A89A-00C04FBBCFA2}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {25537BA6-77A8-11D2-9B6C-0000F8080861}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {3610eda5-77ef-11d2-8dc5-00c04fa31a66}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {426031c0-0b47-4852-b0ca-ac3d37bfcb39}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {42B5FAAE-6536-11d2-AE5A-0000F87571E3}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {827D319E-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
USERENV(e8.c60) 08:19:47:064 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {C631DF4C-088F-4156-B058-4375F0853CD8}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {c6dc5466-785a-11d2-84d0-00c04fb169f7}
USERENV(e8.c60) 08:19:47:064 ReadExtStatus: Reading Previous Status for extension {e437bc1c-aa7d-11d2-a382-00c04f991e27}
USERENV(e8.c60) 08:19:47:064 ProcessGPOs: Calling GetGPOInfo for normal policy mode
USERENV(e8.c60) 08:19:47:064 GetGPOInfo:
USERENV(e8.c60) 08:19:47:064 GetGPOInfo: Entering...
USERENV(e8.c60) 08:19:47:096 GetGPOInfo: Server connection established.
USERENV(e8.c60) 08:19:47:112 GetGPOInfo: Bound successfully.
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=Computer,OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=IT,OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Found GPO(s): < >
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Searching <OU=de-00,OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:112 SearchDSObject: Found GPO(s): <[LDAP:cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org;0]>
USERENV(e8.c60) 08:19:47:112 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:112 ProcessGPO: Deferring search for <LDAP:cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <OU=Holding,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Found GPO(s): <[LDAP:cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org;0][LDAP:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org;0]>
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:128 ProcessGPO: Deferring search for <LDAP:cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:128 ProcessGPO: Deferring search for <LDAP:CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: Searching <CN=de-00,CN=Sites,CN=Configuration,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:128 SearchDSObject: No GPO(s) for this object.
USERENV(e8.c60) 08:19:47:128 EvaluateDeferredGPOs: Searching for GPOs in cn=policies,cn=system,DC=unserefirma,DC=org
USERENV(e8.c60) 08:19:47:128 EvalList: Object <cn={F2307DD1-CA01-49CD-A767-390BFA5ABA62},cn=policies,cn=system,DC=unserefirma,DC=org> cannot be accessed
USERENV(e8.c60) 08:19:47:128 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Searching <CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Machine has access to this GPO.
USERENV(e8.c60) 08:19:47:145 ProcessGPO: GPO passes the filter check.
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Found functionality version of: 2
USERENV(e8.c60) 08:19:47:145 ProcessGPO: Found file system path of: <\\unseredomaene.org\sysvol\unseredomaene.org\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found common name of: <{31B2F340-016D-11D2-945F-00C04FB984F9}>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found display name of: <Default Domain Policy>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found machine version of: GPC is 327, GPT is 327
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found flags of: 0
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
USERENV(e8.c60) 08:19:47:161 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:161 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Searching <cn={1BD0F65B-3312-42B4-89BD-B27D4BBF9C03},cn=policies,cn=system,DC=unserefirma,DC=org>
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Machine has access to this GPO.
USERENV(e8.c60) 08:19:47:161 ProcessGPO: GPO passes the filter check.
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found functionality version of: 2
USERENV(e8.c60) 08:19:47:161 ProcessGPO: Found file system path of: <\\unseredomaene.org\SysVol\unseredomaene.org\Policies\{1BD0F65B-3312-42B4-89BD-B27D4BBF9C03}>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found common name of: <{1BD0F65B-3312-42B4-89BD-B27D4BBF9C03}>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found display name of: <de-00 Standard>
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found machine version of: GPC is 135, GPT is 135
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found flags of: 0
USERENV(e8.c60) 08:19:47:177 ProcessGPO: Found extensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1D-2488-11D1-A28C-00C04FB94F17}]
USERENV(e8.c60) 08:19:47:177 ProcessGPO: ==============================
USERENV(e8.c60) 08:19:47:177 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
USERENV(e8.c60) 08:19:47:177 GetGPOInfo: Leaving with 1
USERENV(e8.c60) 08:19:47:177 GetGPOInfo:
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: Logging Data for Target <XPLT-00-6844>.
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: OpenThreadToken failed with error 1008, assuming thread is not impersonating
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: Processing extension Registrierung
USERENV(e8.c60) 08:19:47:177 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:177 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:177 CheckGPOs: No GPO changes and no security group membership change and extension Registrierung has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:177 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Drahtlos
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Drahtlos's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Drahtlos skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Folder Redirection
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Folder Redirection's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Folder Redirection skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Microsoft-Datenträgerkontingent
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension Microsoft-Datenträgerkontingent's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension Microsoft-Datenträgerkontingent skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension QoS-Paketplaner
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:193 CheckGPOs: No GPO changes but couldn't read extension QoS-Paketplaner's status or policy time.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Extension QoS-Paketplaner skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:193 ProcessGPOs: Processing extension Skripts
USERENV(e8.c60) 08:19:47:193 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:193 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension Skripts has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Internet Explorer Zonemapping
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Zonemapping's status or policy time.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Extension Internet Explorer Zonemapping skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Security
USERENV(e8.c60) 08:19:47:209 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension Security has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Internet Explorer Branding
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes but couldn't read extension Internet Explorer Branding's status or policy time.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Extension Internet Explorer Branding skipped with flags 0x1000f.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension EFS recovery
USERENV(e8.c60) 08:19:47:209 ReadStatus: Read Extension's Previous status successfully.
USERENV(e8.c60) 08:19:47:209 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:209 CheckGPOs: No GPO changes and no security group membership change and extension EFS recovery has NoGPOChanges set.
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:209 ProcessGPOs: Processing extension Microsoft Offline Files
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension Microsoft Offline Files's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension Microsoft Offline Files skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Processing extension Softwareinstallation
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension Softwareinstallation's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension Softwareinstallation skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: -----------------------
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Processing extension IP-Sicherheit
USERENV(e8.c60) 08:19:47:225 CompareGPOLists: The lists are the same.
USERENV(e8.c60) 08:19:47:225 CheckGPOs: No GPO changes but couldn't read extension IP-Sicherheit's status or policy time.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Extension IP-Sicherheit skipped because both deleted and changed GPO lists are empty.
USERENV(e8.c60) 08:19:47:225 SetFgRefreshInfo: Previous Machine Fg policy Asynchronous, Reason: NoNeedForSync.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(e8.c60) 08:19:47:225 LeaveCriticalPolicySection: Critical section 0xf8 has been released.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Computer Group Policy has been applied.
USERENV(e8.c60) 08:19:47:225 ProcessGPOs: Leaving with 1.
USERENV(e8.c60) 08:19:47:225 ApplyGroupPolicy: Leaving successfully.
USERENV(e8.cdc) 08:19:47:225 GPOThread: Next refresh will happen in 93 minutes
USERENV(e8.cfc) 08:19:54:673 SetFgRefreshInfo: Next User Fg policy Synchronous, Reason: NonCachedCredentials.
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV(e8.ec) 08:19:55:594 =========================================================
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Entering, hToken = <0x5c4>, lpProfileInfo = 0x6e3e0
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpUserName = <meine_wenigkeit>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: NULL central profile path
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\DC01\netlogon\Default User>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: NULL server name
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: In console winlogon process
USERENV(e8.ec) 08:19:55:594 In LoadUserProfileP
USERENV(e8.ec) 08:19:55:594 =========================================================
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: Entering, hToken = <0x5c4>, lpProfileInfo = 0x6e3e0
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(e8.ec) 08:19:55:594 LoadUserProfile: lpProfileInfo->lpUserName = <meine_wenigkeit>
USERENV(e8.ec) 08:19:55:610 LoadUserProfile: NULL central profile path
USERENV(e8.ec) 08:19:55:610 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\DC01\netlogon\Default
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 65365
Url: https://administrator.de/forum/nach-benutzeranmeldungen-nur-hintergrundbild-ohne-oder-mit-icons-aber-rechner-haengt-wuauclt-exe-65365.html
Ausgedruckt am: 22.12.2024 um 20:12 Uhr
6 Kommentare
Neuester Kommentar