SystemLook 30.07.11 by jpshortstuff Log created at 04:52 on 07/12/2012 by Monika Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan] "Type"= 0x0000000020 (32) "Start"= 0x0000000002 (2) "ErrorControl"= 0x0000000001 (1) "ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs" "DisplayName"="Mened|er poBczeD usBugi Dostp zdalny" "DependOnService"="Tapisrv" "DependOnGroup"=" " "ObjectName"="LocalSystem" "Description"="Tworzy poBczenie sieciowe." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters] "Medias"="rastapi" "ServiceDll"="%SystemRoot%\System32\rasmans.dll" "IpOutLowWatermark"= 0x0000000001 (1) "IpOutHighWatermark"= 0x0000000005 (5) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\Quarantine] "Enabled"= 0x0000000001 (1) "AutoRefreshEnabled"= 0x0000000000 (0) "AutoRefreshTimeout"= 0x0001808580 (25200000) "WorkItemTimeout"= 0x0000000bb8 (3000) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP] "MaxConfigure"= 0x000000000a (10) "MaxFailure"= 0x000000000a (10) "MaxReject"= 0x0000000005 (5) "MaxTerminate"= 0x0000000002 (2) "Multilink"= 0x0000000000 (0) "NegotiateTime"= 0x0000000096 (150) "RestartTimer"= 0x0000000003 (3) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols] (No values found) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols\BuiltIn] "Path"="%SystemRoot%\System32\rasppp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\ControlProtocols\Chap] "Path"="%SystemRoot%\System32\raschap.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP] "Path"="%SystemRoot%\System32\rasppp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13] "RolesSupported"= 0x0000000002 (2) "FriendlyName"="Karta inteligentna lub inny certyfikat" "Path"="%SystemRoot%\System32\rastls.dll" "ConfigUiPath"="%SystemRoot%\System32\rastls.dll" "IdentityPath"="%SystemRoot%\System32\rastls.dll" "InteractiveUIPath"="%SystemRoot%\System32\rastls.dll" "InvokeUsernameDialog"= 0x0000000000 (0) "InvokePasswordDialog"= 0x0000000000 (0) "MPPEEncryptionSupported"= 0x0000000001 (1) "ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}" "StandaloneSupported"= 0x0000000000 (0) "NoRootRevocationCheck"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\25] "RolesSupported"= 0x000000001a (26) "FriendlyName"="Chroniony protokóB EAP (PEAP)" "Path"="%SystemRoot%\System32\rastls.dll" "ConfigUiPath"="%SystemRoot%\System32\rastls.dll" "IdentityPath"="%SystemRoot%\System32\rastls.dll" "InteractiveUIPath"="%SystemRoot%\System32\rastls.dll" "InvokeUsernameDialog"= 0x0000000000 (0) "InvokePasswordDialog"= 0x0000000000 (0) "MPPEEncryptionSupported"= 0x0000000001 (1) "ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}" "StandaloneSupported"= 0x0000000001 (1) "NoRootRevocationCheck"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\26] "FriendlyName"="Bezpieczne hasBo (EAP-MSCHAP v2)" "Path"="%SystemRoot%\System32\raschap.dll" "ConfigUiPath"="%SystemRoot%\System32\raschap.dll" "IdentityPath"="%SystemRoot%\System32\raschap.dll" "InteractiveUIPath"="%SystemRoot%\System32\raschap.dll" "InvokeUsernameDialog"= 0x0000000000 (0) "InvokePasswordDialog"= 0x0000000000 (0) "MPPEEncryptionSupported"= 0x0000000001 (1) "ConfigCLSID"="{2af6bcaa-f526-4803-aeb8-5777ce386647}" "StandaloneSupported"= 0x0000000001 (1) "RolesSupported"= 0x0000000004 (4) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4] "RolesSupported"= 0x000000000a (10) "FriendlyName"="MD5-Challenge" "Path"="%SystemRoot%\System32\raschap.dll" "InvokeUsernameDialog"= 0x0000000001 (1) "InvokePasswordDialog"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Security] "Security"=01 00 14 80 7c 00 00 00 88 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 4c 00 03 00 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Enum] "0"="Root\LEGACY_RASMAN\0000" "Count"= 0x0000000001 (1) "NextInstance"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv] "DependOnService"="PlugPlay RpcSs" "Description"="Zapewnia obsBug telefonii API (TAPI) dla programów sterujcych urzdzeniami telefonii i poBczeniami gBosowymi opartymi na protokole IP na komputerze lokalnym i, za po[rednictwem sieci LAN, na serwerach, na których dziaBa ta usBuga." "DisplayName"="Telefonia" "ErrorControl"= 0x0000000001 (1) "ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"= 0x0000000003 (3) "Type"= 0x0000000020 (32) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Parameters] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Performance] "Close"="CloseTapiPerformanceData" "Collect"="CollectTapiPerformanceData" "Library"="tapiperf.dll" "ObjectList"="1150" "Open"="OpenTapiPerformanceData" "WbemAdapFileSignature"=cc 1b aa 41 d6 26 6d 48 f1 86 04 ae 4c 39 3e 85 (REG_BINARY) "WbemAdapFileTime"=00 f4 1a cd 43 5e c1 01 (REG_BINARY) "WbemAdapFileSize"= 0x0000001600 (5632) "WbemAdapStatus"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security] "Security"=01 00 14 80 6c 00 00 00 78 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 80 18 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 20 02 00 00 02 00 38 00 02 00 00 00 00 03 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 03 18 00 9d 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Enum] "0"="Root\LEGACY_TAPISRV\0000" "Count"= 0x0000000001 (1) "NextInstance"= 0x0000000001 (1) ========== filefind ========== Searching for "rasman.dll" C:\WINDOWS\$NtServicePackUninstall$\rasman.dll -----c- 61440 bytes [23:07 01/12/2012] [22:44 03/08/2004] 98DC0186CEFABF5B47246807FC26363F C:\WINDOWS\ServicePackFiles\i386\rasman.dll -----c- 61440 bytes [23:11 01/12/2012] [21:50 14/04/2008] F14A58B29848DE1E9272AE834F0025B0 C:\WINDOWS\system32\rasman.dll --a--c- 61440 bytes [22:44 03/08/2004] [21:50 14/04/2008] F14A58B29848DE1E9272AE834F0025B0 C:\WINDOWS\system32\dllcache\rasman.dll --a--c- 61440 bytes [22:44 03/08/2004] [21:50 14/04/2008] F14A58B29848DE1E9272AE834F0025B0 Searching for "rasmans.dll" C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll -----c- 174080 bytes [23:07 01/12/2012] [22:44 03/08/2004] FF59EC9427760470DE7FFCA75738ECB8 C:\WINDOWS\ServicePackFiles\i386\rasmans.dll -----c- 186368 bytes [23:11 01/12/2012] [21:50 14/04/2008] 0C392E397B8D34AAAF19EC6119CBB788 C:\WINDOWS\system32\rasmans.dll --a--c- 186368 bytes [22:44 03/08/2004] [21:50 14/04/2008] 0C392E397B8D34AAAF19EC6119CBB788 C:\WINDOWS\system32\dllcache\rasmans.dll --a--c- 186368 bytes [22:44 03/08/2004] [21:50 14/04/2008] 0C392E397B8D34AAAF19EC6119CBB788 Searching for "rastls.dll" C:\WINDOWS\$NtServicePackUninstall$\rastls.dll -----c- 112640 bytes [23:07 01/12/2012] [22:44 03/08/2004] 1837D874883471605CC00056B60EBBBC C:\WINDOWS\ServicePackFiles\i386\rastls.dll -----c- 150528 bytes [23:12 01/12/2012] [21:50 14/04/2008] 35B49F4C96E0CD91C187C1749D8160B8 C:\WINDOWS\system32\rastls.dll --a--c- 150528 bytes [22:44 03/08/2004] [21:50 14/04/2008] 35B49F4C96E0CD91C187C1749D8160B8 C:\WINDOWS\system32\dllcache\rastls.dll --a--c- 150528 bytes [22:44 03/08/2004] [21:50 14/04/2008] 35B49F4C96E0CD91C187C1749D8160B8 Searching for "raschap.dll" C:\WINDOWS\$NtServicePackUninstall$\raschap.dll -----c- 69632 bytes [23:07 01/12/2012] [22:44 03/08/2004] FEB5461D94A832964D37B3D7A61C19BA C:\WINDOWS\ServicePackFiles\i386\raschap.dll -----c- 79872 bytes [23:11 01/12/2012] [21:50 14/04/2008] BF7CF2D5723A293EE1865651D99BF29A C:\WINDOWS\system32\raschap.dll --a--c- 79872 bytes [22:44 03/08/2004] [21:50 14/04/2008] BF7CF2D5723A293EE1865651D99BF29A C:\WINDOWS\system32\dllcache\raschap.dll --a--c- 79872 bytes [22:44 03/08/2004] [21:50 14/04/2008] BF7CF2D5723A293EE1865651D99BF29A Searching for "rasppp.dll" C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll -----c- 206336 bytes [23:07 01/12/2012] [22:44 03/08/2004] 348D979C8108F904E3A7EB59D7B078F1 C:\WINDOWS\ServicePackFiles\i386\rasppp.dll -----c- 210944 bytes [23:11 01/12/2012] [21:50 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B C:\WINDOWS\system32\rasppp.dll --a--c- 210944 bytes [22:44 03/08/2004] [21:50 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B C:\WINDOWS\system32\dllcache\rasppp.dll --a--c- 210944 bytes [22:44 03/08/2004] [21:50 14/04/2008] 297CFDB38A647FDC52F2B31D1436EB5B Searching for "tapisrv.dll" C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll -----c- 246272 bytes [23:07 01/12/2012] [22:44 03/08/2004] 0A695B77564D8E9333E846B526F95AB2 C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll -----c- 249856 bytes [23:11 01/12/2012] [21:50 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC C:\WINDOWS\system32\tapisrv.dll --a--c- 249856 bytes [22:44 03/08/2004] [21:50 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC C:\WINDOWS\system32\dllcache\tapisrv.dll --a--c- 249856 bytes [22:44 03/08/2004] [21:50 14/04/2008] 2340E6977548038C88E39A9ECBB3FADC -= EOF =-