SystemLook 30.07.11 by jpshortstuff
Log created at 20:28 on 18/10/2012 by Hania Kinia i Tomek
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]
"Type"= 0x0000000020 (32)
"Start"= 0x0000000003 (3)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
"DisplayName"="Menedżer połączeń usługi Dostęp zdalny"
"DependOnService"="Tapisrv"
"DependOnGroup"=" "
"ObjectName"="LocalSystem"
"Description"="Tworzy połączenie sieciowe."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"Medias"="rastapi"
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
"IpOutLowWatermark"= 0x0000000001 (1)
"IpOutHighWatermark"= 0x0000000005 (5)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\Quarantine]
"Enabled"= 0x0000000001 (1)
"AutoRefreshEnabled"= 0x0000000000 (0)
"AutoRefreshTimeout"= 0x0001808580 (25200000)
"WorkItemTimeout"= 0x0000000bb8 (3000)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP]
"MaxConfigure"= 0x000000000a (10)
"MaxFailure"= 0x000000000a (10)
"MaxReject"= 0x0000000005 (5)
"MaxTerminate"= 0x0000000002 (2)
"Multilink"= 0x0000000000 (0)
"NegotiateTime"= 0x0000000096 (150)
"RestartTimer"= 0x0000000003 (3)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols\BuiltIn]
"Path"="%SystemRoot%\System32\rasppp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols\Chap]
"Path"="%SystemRoot%\System32\raschap.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP]
"Path"="%SystemRoot%\System32\rasppp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13]
"RolesSupported"= 0x0000000002 (2)
"FriendlyName"="Karta inteligentna lub inny certyfikat"
"Path"="%SystemRoot%\System32\rastls.dll"
"ConfigUiPath"="%SystemRoot%\System32\rastls.dll"
"IdentityPath"="%SystemRoot%\System32\rastls.dll"
"InteractiveUIPath"="%SystemRoot%\System32\rastls.dll"
"InvokeUsernameDialog"= 0x0000000000 (0)
"InvokePasswordDialog"= 0x0000000000 (0)
"MPPEEncryptionSupported"= 0x0000000001 (1)
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"StandaloneSupported"= 0x0000000000 (0)
"NoRootRevocationCheck"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\25]
"FriendlyName"="Chroniony protokół EAP (PEAP)"
"Path"="%SystemRoot%\System32\rastls.dll"
"ConfigUiPath"="%SystemRoot%\System32\rastls.dll"
"IdentityPath"="%SystemRoot%\System32\rastls.dll"
"InteractiveUIPath"="%SystemRoot%\System32\rastls.dll"
"InvokeUsernameDialog"= 0x0000000000 (0)
"InvokePasswordDialog"= 0x0000000000 (0)
"MPPEEncryptionSupported"= 0x0000000001 (1)
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"StandaloneSupported"= 0x0000000001 (1)
"NoRootRevocationCheck"= 0x0000000001 (1)
"RolesSupported"= 0x000000001a (26)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\26]
"FriendlyName"="Bezpieczne hasło (EAP-MSCHAP v2)"
"Path"="%SystemRoot%\System32\raschap.dll"
"ConfigUiPath"="%SystemRoot%\System32\raschap.dll"
"IdentityPath"="%SystemRoot%\System32\raschap.dll"
"InteractiveUIPath"="%SystemRoot%\System32\raschap.dll"
"InvokeUsernameDialog"= 0x0000000000 (0)
"InvokePasswordDialog"= 0x0000000000 (0)
"MPPEEncryptionSupported"= 0x0000000001 (1)
"ConfigCLSID"="{2af6bcaa-f526-4803-aeb8-5777ce386647}"
"StandaloneSupported"= 0x0000000001 (1)
"RolesSupported"= 0x0000000004 (4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4]
"RolesSupported"= 0x000000000a (10)
"FriendlyName"="MD5-Challenge"
"Path"="%SystemRoot%\System32\raschap.dll"
"InvokeUsernameDialog"= 0x0000000001 (1)
"InvokePasswordDialog"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Security]
"Security"=01 00 14 80 7c 00 00 00 88 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 4c 00 03 00 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Enum]
"0"="Root\LEGACY_RASMAN\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]
"DependOnService"="PlugPlay RpcSs"
"Description"="Zapewnia obsługę telefonii API (TAPI) dla programów sterujących urządzeniami telefonii i połączeniami głosowymi opartymi na protokole IP na komputerze lokalnym i, za pośrednictwem sieci LAN, na serwerach, na których działa ta usługa."
"DisplayName"="Telefonia"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"= 0x0000000003 (3)
"Type"= 0x0000000020 (32)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Parameters]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Performance]
"Close"="CloseTapiPerformanceData"
"Collect"="CollectTapiPerformanceData"
"Library"="tapiperf.dll"
"ObjectList"="1150"
"Open"="OpenTapiPerformanceData"
"WbemAdapFileSignature"=cc 1b aa 41 d6 26 6d 48 f1 86 04 ae 4c 39 3e 85  (REG_BINARY)
"WbemAdapFileTime"=00 20 e7 d4 f0 3d c6 01  (REG_BINARY)
"WbemAdapFileSize"= 0x0000001600 (5632)
"WbemAdapStatus"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security]
"Security"=01 00 14 80 6c 00 00 00 78 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 80 18 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 20 02 00 00 02 00 38 00 02 00 00 00 00 03 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 03 18 00 9d 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Enum]
"0"="Root\LEGACY_TAPISRV\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


========== filefind ==========

Searching for "rasman.dll"
C:\WINDOWS\$NtServicePackUninstall$\rasman.dll	-----c- 61440 bytes	[06:15 03/10/2008]	[12:00 02/03/2006] 98DC0186CEFABF5B47246807FC26363F
C:\WINDOWS\ServicePackFiles\i386\rasman.dll	-----c- 61440 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] F14A58B29848DE1E9272AE834F0025B0
C:\WINDOWS\system32\rasman.dll	--a---- 61440 bytes	[12:00 02/03/2006]	[17:20 14/04/2008] F14A58B29848DE1E9272AE834F0025B0

Searching for "rasmans.dll"
C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll	--a--c- 180736 bytes	[10:46 22/06/2006]	[10:46 22/06/2006] 1DC3B0C095D22BAAA55B5CA725BC092E
C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll	-----c- 181248 bytes	[06:15 03/10/2008]	[10:54 22/06/2006] AAA8287F49E398A297B59F01F1519F57
C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll	-----c- 174080 bytes	[19:44 22/04/2008]	[12:00 02/03/2006] FF59EC9427760470DE7FFCA75738ECB8
C:\WINDOWS\ServicePackFiles\i386\rasmans.dll	-----c- 186368 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] 0C392E397B8D34AAAF19EC6119CBB788
C:\WINDOWS\SoftwareDistributionOle\Download\15e08cc41524866b47fa24d29330e451\sp2gdr\rasmans.dll	--a--c- 181248 bytes	[10:54 22/06/2006]	[10:54 22/06/2006] AAA8287F49E398A297B59F01F1519F57
C:\WINDOWS\system32\rasmans.dll	--a---- 186368 bytes	[12:00 02/03/2006]	[17:20 14/04/2008] 0C392E397B8D34AAAF19EC6119CBB788

Searching for "rastls.dll"
C:\WINDOWS\$hf_mig$\KB974318\SP3QFE\rastls.dll	--a--c- 150528 bytes	[13:33 12/10/2009]	[13:33 12/10/2009] CFAD0D162548BEF897D96522C63792C4
C:\WINDOWS\$NtServicePackUninstall$\rastls.dll	-----c- 112640 bytes	[06:15 03/10/2008]	[12:00 02/03/2006] 1837D874883471605CC00056B60EBBBC
C:\WINDOWS\$NtUninstallKB974318$\rastls.dll	-----c- 150528 bytes	[21:32 10/12/2009]	[17:20 14/04/2008] 35B49F4C96E0CD91C187C1749D8160B8
C:\WINDOWS\ServicePackFiles\i386\rastls.dll	-----c- 150528 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] 35B49F4C96E0CD91C187C1749D8160B8
C:\WINDOWS\system32\rastls.dll	--a---- 150016 bytes	[12:00 02/03/2006]	[13:40 12/10/2009] C651154660B957ADFC414A467117B11A
C:\WINDOWS\system32\dllcache\rastls.dll	-----c- 150016 bytes	[13:40 12/10/2009]	[13:40 12/10/2009] C651154660B957ADFC414A467117B11A

Searching for "raschap.dll"
C:\WINDOWS\$hf_mig$\KB974318\SP3QFE\raschap.dll	--a--c- 79872 bytes	[13:33 12/10/2009]	[13:33 12/10/2009] 525E91DA4A9389F0628FBB0594B6AABF
C:\WINDOWS\$NtServicePackUninstall$\raschap.dll	-----c- 69632 bytes	[06:15 03/10/2008]	[12:00 02/03/2006] FEB5461D94A832964D37B3D7A61C19BA
C:\WINDOWS\$NtUninstallKB974318$\raschap.dll	-----c- 79872 bytes	[21:32 10/12/2009]	[17:20 14/04/2008] BF7CF2D5723A293EE1865651D99BF29A
C:\WINDOWS\ServicePackFiles\i386\raschap.dll	-----c- 79872 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] BF7CF2D5723A293EE1865651D99BF29A
C:\WINDOWS\system32\raschap.dll	--a---- 79872 bytes	[12:00 02/03/2006]	[13:40 12/10/2009] 18B9DBAF83C368EF0E5E134A547ECA7D
C:\WINDOWS\system32\dllcache\raschap.dll	-----c- 79872 bytes	[13:40 12/10/2009]	[13:40 12/10/2009] 18B9DBAF83C368EF0E5E134A547ECA7D

Searching for "rasppp.dll"
C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll	-----c- 206336 bytes	[06:15 03/10/2008]	[12:00 02/03/2006] 348D979C8108F904E3A7EB59D7B078F1
C:\WINDOWS\ServicePackFiles\i386\rasppp.dll	-----c- 210944 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B
C:\WINDOWS\system32\rasppp.dll	--a--c- 210944 bytes	[12:00 02/03/2006]	[17:20 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B
C:\WINDOWS\system32\dllcache\rasppp.dll	--a--c- 210944 bytes	[12:00 02/03/2006]	[17:20 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B

Searching for "tapisrv.dll"
C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll	--a--c- 249344 bytes	[16:30 08/07/2005]	[16:30 08/07/2005] 8B050486E57C23624CFD374488FE4A16
C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll	-----c- 249344 bytes	[06:15 03/10/2008]	[16:29 08/07/2005] DA38C22EB4A3F9A15B9B9B885F4F5251
C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll	-----c- 246272 bytes	[19:44 22/04/2008]	[12:00 02/03/2006] 0A695B77564D8E9333E846B526F95AB2
C:\WINDOWS\ERDNT\cache\tapisrv.dll	--a--c- 249856 bytes	[14:47 14/11/2009]	[17:20 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC
C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll	-----c- 249856 bytes	[17:20 14/04/2008]	[17:20 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC
C:\WINDOWS\SoftwareDistributionOle\Download\b300ea5d25f4c9473d79c803e059645d\sp2gdr\tapisrv.dll	--a--c- 249344 bytes	[16:29 08/07/2005]	[16:29 08/07/2005] DA38C22EB4A3F9A15B9B9B885F4F5251
C:\WINDOWS\system32\tapisrv.dll	------- 249856 bytes	[12:00 02/03/2006]	[17:20 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC

-= EOF =-