ndptsp.tsp chybí

[7lk]

Dobrý den,
vyskytují se mi občasné poruchy připojení k netu, jako by prohlížeč nenašel DNS. Výstup z FRST dává hlášku:
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
pokud chci toto smazat uvedením ve FIXLIST, tak se nedaří, protože tento soubor na disku prostě není:
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
V registrech však záznam stále je. Procházel jsem fórum zde, občas se to vyskytne se stejným stavem, nenašel jsem, že by se tím někdo podrobně zabýval.
Podle procházení jiných (různě podezřelých, ale snad i pár seriozních webů), by tento soubor měl své opodstatnění v systému, viz např. zde:
http://www.myfilecheck.com/ndptsp.tsp.html
Setkal jste se někdo s tímto a vyřešil to?
Děkuji Lada

[Conder]

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

Potom posli aj aktualne logy z FRST a pozrieme na to.

[7lk]

Toto ( a nejen ADWC) jsem udělal. Od klasického adware jsem vše vyčistil už dlouho předtím, přesto jsem nyní nechal proskenovat co se jen dalo. Vše hlásí čisto. Nakonec jsem udělal to, co se nabízelo jako první nápad. Záloha registru a tento záznam prostě smazat. Zatím se neděje nic, co by se dít nemělo. Došel jsem jen k tomu, že jde o modul, který se instaloval snad s firemní vpn od zyxelu. Protože to kolidovalo s jinými virtuálními síťovými kartami, tak jsem to odinstaloval a zřejmě ani RevoUninstaler nebyl schopen posbírat všechna místa, která se měla vyčistit. Jen jsem chtěl najít přesnou příčinu proč a jak, ne jen vlastní dohady, ale asi se to nedá.
Trápilo mě totiž to, že jsem pověšený na kabelu s konektivitou 250/250 a přesto se docela často stávalo, že chrome visel a dával hlášku, že nejde DNS a stránku nelze najít. Zkoušel jsem na routeru nastavit DNS NIC, google 8.8.8.8 pak i "bombasticky propagovaný" 1.1.1.1 a nic nepomáhalo. Teď je cca hodinu klid. Tak uvidíme.
V rámci vlastního výcviku, pokud je tedy chuť nad tím přemýšlet, přikládám logy z času T-1 inspirováno samozřejmě vším co jsem vykoumal zde i jinde, přijímám drtivou kritiku! A děkuji za povšimnutí. L

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
  File: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
  File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMRE.EXE
  File: c:\apcupsd\bin\apcupsd.exe
  File: C:\Windows\SysWOW64\ASGT.exe
  File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
  File: C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
  File: C:\Program Files (x86)\Cobian Backup 11\cbService.exe
  File: C:\Program Files\Ferro Software\FtpUse\mounter.exe
  File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
  File: C:\WINDOWS\system32\IProsetMonitor.exe
  File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
  File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
  File: C:\WINDOWS\system32\ampa.sys
  File: C:\WINDOWS\SysWOW64\ampa.sys
  File: C:\WINDOWS\system32\pla.dll
  File: C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe
  ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
  ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
  ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
  
  HKLM-x32\...\Run: [UPS Assistant] => [X]
  HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
  HKU\S-1-5-21-813562695-3325033892-3013063695-1006\...\Run: [UPS Assistant] => [X]
  IFEO\apctray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
  IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
  Startup: C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-25]
  ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} =>  -> No File
  Task: {0FB150CF-A560-4D09-BAD8-47BB890A3000} - System32\Tasks\AdwCleaner_onReboot => E:\Download\AntiVir\adwcleaner_7.2.4.0.exe [2018-09-27] (Malwarebytes)
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[7lk]

To je spousta zásahů do systému a zkusím polemiku:

File: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
stařičký, ale fungující a používaný Google Desktop co je na počítači záměrně, proč s ním pryč?

File: c:\apcupsd\bin\apcupsd.exe
program komunikace od záložního zdroje ... proč s ním pryč?

File: C:\WINDOWS\system32\ampa.sys
File: C:\WINDOWS\SysWOW64\ampa.sys
moduly AOMEI sw pro disky, používáno pro specifické práce s partition disků pokud je potřeba nějaký zásah k externím diskům z jiných compů.

File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File: C:\Windows\SysWOW64\ASGT.exe
procesy k základní desce compu ... viz
https://www.file.net/process/assysctrlservice.exe.html
... proč s ním pryč?

File: C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
File: C:\Program Files (x86)\Cobian Backup 11\cbService.exe
CobianBackup ... zálohovadlo, nějakou lepší náhradu jsem zatím nenašel (a zkoušel jsem! není to jen setrvačnost)
... proč s ním pryč?

File: C:\WINDOWS\system32\IProsetMonitor.exe
!!! toto by mělo ovládat síťovou kartu - odstraněním (má domněnka!) odejde připojení k síti


File: C:\Program Files\Ferro Software\FtpUse\mounter.exe
... asi by se mohl smazat, ale opět byl záměrně instalován pro síťové disky z FTP a vím o něm, je v compu záměrně

File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
používám Honor telefon, je to záměrně instalovaný program.

File: C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe
Prohlížeč, který používám, proč s ním pryč?

E_YATIMRE.EXE je modul od EPSON tiskárny, ale nemohu potvrdit na 100%, asi by nebyl problém doinstalovat obsluhu zpět, kdyby to byl krok mimo.

Zkusil bych tedy modifikaci do této podoby: (Prosím!!! To není žádné nevážení si pomoci či zpochybňování návrhu!!! Diskutuji, abych se poučil a rozšířil obzory!)

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
File: c:\apcupsd\bin\apcupsd.exe

File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe

File: C:\WINDOWS\system32\pla.dll
File: C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe
ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers

HKLM-x32\...\Run: [UPS Assistant] => [X]
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-813562695-3325033892-3013063695-1006\...\Run: [UPS Assistant] => [X]
IFEO\apctray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-25]
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} =>  -> No File
Task: {0FB150CF-A560-4D09-BAD8-47BB890A3000} - System32\Tasks\AdwCleaner_onReboot => E:\Download\AntiVir\adwcleaner_7.2.4.0.exe [2018-09-27] (Malwarebytes)

Hosts:
EmptyTemp:
End

[Conder]

Direktivou/prikazom File: sa subory neodstranuju, ale ziskaju sa podrobnosti o danom subore, vratane MD5 hashsumu a podla moznosti aj priamy link na VirusTotal analyzu, ktore sa vypisu do vysledneho fixlogu. To, ze vacsina z toho su aj dolezite subory mi je samozrejme jasne, ide iba o kontrolu.

[7lk]

OK, omlouvám se, log zde:
Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by admin (17-11-2018 17:38:39) Run:13
Running from E:\Download\AntiVir
Loaded Profiles: l & admin & MSSQL$SQL12 (Available Profiles: l & admin & MSSQL$SQL12 & WebDriverInstaller & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
File: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMRE.EXE
File: c:\apcupsd\bin\apcupsd.exe
File: C:\Windows\SysWOW64\ASGT.exe
File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File: C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
File: C:\Program Files (x86)\Cobian Backup 11\cbService.exe
File: C:\Program Files\Ferro Software\FtpUse\mounter.exe
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\WINDOWS\system32\IProsetMonitor.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File: C:\WINDOWS\system32\ampa.sys
File: C:\WINDOWS\SysWOW64\ampa.sys
File: C:\WINDOWS\system32\pla.dll
File: C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe
ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
ExportKey: HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers

HKLM-x32\...\Run: [UPS Assistant] => [X]
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-813562695-3325033892-3013063695-1006\...\Run: [UPS Assistant] => [X]
IFEO\apctray.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-25]
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => -> No File
Task: {0FB150CF-A560-4D09-BAD8-47BB890A3000} - System32\Tasks\AdwCleaner_onReboot => E:\Download\AntiVir\adwcleaner_7.2.4.0.exe [2018-09-27] (Malwarebytes)

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 14
Average :
Sum : 101488
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe ========================

C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
File is digitally signed
MD5: 26443C4332B966C44481D1DE8D1BCBB4
Creation and modification date: 2016-02-21 21:10 - 2013-01-28 15:58
Size: 000550272
Attributes: ----A
Company Name: ASUSTek Computer Inc.
Internal Name: AiChargerPlus
Original Name: AiChargerPlus.EXE
Product: AiChargerPlus Application
Description: AiChargerPlus Application
File Version: 2, 0, 0, 0
Product Version: 2, 0, 0, 0
Copyright: Copyright (C) 2011
VirusTotal: https://www.virustotal.com/file/2407ee6 ... 536664600/

====== End of File: ======


========================= File: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe ========================

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
File is digitally signed
MD5: 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F
Creation and modification date: 2018-10-22 10:47 - 2018-10-22 10:47
Size: 000030192
Attributes: ----A
Company Name: Google
Internal Name: Google Desktop
Original Name:
Product: Google Desktop
Description: Google Desktop
File Version: 5.9.1005.12335
Product Version: 5.9.1005.12335
Copyright: Copyright (c) 2003-10 Google. All Rights Reserved.
VirusTotal: https://www.virustotal.com/file/6d2b301 ... 542080212/

====== End of File: ======


========================= File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMRE.EXE ========================

C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMRE.EXE
File is digitally signed
MD5: 5451E20D9EFBDC89991C1B86A6306894
Creation and modification date: 2017-02-11 15:45 - 2014-03-20 09:01
Size: 000298560
Attributes: ----A
Company Name: SEIKO EPSON CORPORATION
Internal Name: E_WT80IC
Original Name: E_WT80IC.EXE
Product: EPSON Status Monitor 3
Description: EPSON Status Monitor 3
File Version: 9.01
Product Version: 9.01
Copyright: Copyright (C) SEIKO EPSON CORP. 2014
VirusTotal: https://www.virustotal.com/file/e41cd89 ... 541862986/

====== End of File: ======


========================= File: c:\apcupsd\bin\apcupsd.exe ========================

c:\apcupsd\bin\apcupsd.exe
File not signed
MD5: C98FE9099FA0741C84E5CACF7B0C0722
Creation and modification date: 2016-05-31 18:52 - 2016-05-31 18:52
Size: 000266752
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/97d8588 ... 490635582/

====== End of File: ======


========================= File: C:\Windows\SysWOW64\ASGT.exe ========================

C:\Windows\SysWOW64\ASGT.exe
File not signed
MD5: 3A4DB6DDE6326FAE8ED11760678277FF
Creation and modification date: 2015-08-18 22:31 - 2015-08-18 22:31
Size: 000048640
Attributes: ---AC
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe ========================

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File not signed
MD5: 37F7DD839A711B5706B1264F4D8D4BDC
Creation and modification date: 2015-12-30 13:27 - 2014-07-23 02:59
Size: 001360016
Attributes: ---RA
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe ========================

C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
File not signed
MD5: 58BF7714A312698108A96D0DE2BB6825
Creation and modification date: 2017-02-10 23:15 - 2013-03-07 23:07
Size: 000067584
Attributes: ----A
Company Name: CobianSoft, Luis Cobian
Internal Name: cbVSCService11.exe
Original Name: cbVSCService11.exe
Product: Cobian Backup Gravity
Description: Cobian Backup Gravity VSC Requester
File Version: 11.0.0.0
Product Version: 11.0.0.0
Copyright: Copyright © CobianSoft, Luis Cobian 2000-2011
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Cobian Backup 11\cbService.exe ========================

C:\Program Files (x86)\Cobian Backup 11\cbService.exe
File not signed
MD5: 7EA8AC41A2E8426EC7079C44DBA1D254
Creation and modification date: 2017-02-10 23:15 - 2013-03-07 23:27
Size: 001131008
Attributes: ----A
Company Name: Luis Cobian, CobianSoft
Internal Name: Cobian Backup 11 Gravity
Original Name: cbService.exe
Product: Cobian Backup 11 Gravity
Description: Cobian Backup 11 Gravity - Service
File Version: 11.2.0.200
Product Version: 11.2.0.0
Copyright: © 2000-2012 Luis Cobian
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files\Ferro Software\FtpUse\mounter.exe ========================

C:\Program Files\Ferro Software\FtpUse\mounter.exe
File not signed
MD5: 309148E6A081596EE9C1EA98DA4C9E5A
Creation and modification date: 2017-12-17 19:12 - 2011-02-04 17:01
Size: 000025088
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: 9CEE2BBB060DC4B7062BE4461774A7A0
Creation and modification date: 2018-08-23 13:42 - 2018-08-23 13:42
Size: 000190784
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\IProsetMonitor.exe ========================

C:\WINDOWS\system32\IProsetMonitor.exe
File not signed
MD5: F46D397155BAAB70BFA9D2E0941D5374
Creation and modification date: 2017-11-10 16:05 - 2017-11-10 16:05
Size: 000506368
Attributes: ----A
Company Name: Intel Corporation
Internal Name: Intel® PROSet Monitoring Service
Original Name: IPROSetMonitor.exe
Product: Intel® PROSet Monitoring Service
Description: Intel® PROSet Monitoring Service
File Version: 22, 10, 3, 0
Product Version: 22, 10, 3, 0
Copyright: Copyright (C) 2015 Intel Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File not signed
MD5: 8213094EA736A9C575AB0E22AD09B0BA
Creation and modification date: 2015-05-19 09:11 - 2015-05-19 09:11
Size: 000335872
Attributes: ----A
Company Name: Intel Corporation
Internal Name: isa.exe
Original Name: isa.exe
Product: Intel(R) Security Assist
Description: Intel(R) Security Assist
File Version: 1.0.0.532
Product Version: 1.0.0.532
Copyright: Copyright © 2014
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File not signed
MD5: 1DFC3CCA51785254C5604238BB1A5467
Creation and modification date: 2015-05-19 09:11 - 2015-05-19 09:11
Size: 000007680
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\ampa.sys ========================

C:\WINDOWS\system32\ampa.sys
File not signed
MD5: 091F08BCEE2AEDDC89070370552DFD34
Creation and modification date: 2016-02-28 20:21 - 2013-12-18 11:33
Size: 000017008
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\ampa.sys ========================

C:\WINDOWS\SysWOW64\ampa.sys
File not signed
MD5: 091F08BCEE2AEDDC89070370552DFD34
Creation and modification date: 2016-02-28 20:21 - 2013-12-18 11:33
Size: 000017008
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\pla.dll ========================

C:\WINDOWS\system32\pla.dll
File is digitally signed
MD5: 8ADDEE39782CBEB49B4C3A8E9AA2DF56
Creation and modification date: 2018-09-15 08:29 - 2018-09-15 08:29
Size: 001473024
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: PLA.DLL
Original Name: PLA.DLL
Product: Microsoft® Windows® Operating System
Description: Performance Logs & Alerts
File Version: 10.0.17763.1 (WinBuild.160101.0800)
Product Version: 10.0.17763.1
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== End of File: ======


========================= File: C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe ========================

C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe
File is digitally signed
MD5: 2DFE9E750A4F8E0AAF52C6BC90F7B87D
Creation and modification date: 2017-07-15 18:47 - 2017-07-11 19:26
Size: 000921720
Attributes: ----A
Company Name: Vivaldi Technologies AS
Internal Name: chrome_exe
Original Name: vivaldi.exe
Product: Vivaldi
Description: Vivaldi
File Version: 1.10.867.48
Product Version: 1.10.867.48
Copyright: Copyright 2017 Vivaldi Technologies AS. All rights reserved.
VirusTotal: 0

====== End of File: ======

================== ExportKey: ===================

[HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi]
"DisplayName"="Vivaldi"
"UninstallString"=""C:\Users\l\AppData\Local\Vivaldi\Application\2.1.1337.47\Installer\setup.exe" --uninstall --vivaldi"
"InstallLocation"="C:\Users\l\AppData\Local\Vivaldi\Application"
"DisplayIcon"="C:\Users\l\AppData\Local\Vivaldi\Application\vivaldi.exe,0"
"NoModify"="1"
"NoRepair"="1"
"Publisher"="Vivaldi"
"Version"="2.1.1337.47"
"DisplayVersion"="2.1.1337.47"
"InstallDate"="20160409"
"VersionMajor"="1337"
"VersionMinor"="47"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_USERS\S-1-5-21-813562695-3325033892-3013063695-1006\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi]
"DisplayName"="Vivaldi"
"UninstallString"=""C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\1.10.867.48\Installer\setup.exe" --uninstall --vivaldi"
"InstallLocation"="C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application"
"DisplayIcon"="C:\Users\admin.TlapXX\AppData\Local\Vivaldi\Application\vivaldi.exe,0"
"NoModify"="1"
"NoRepair"="1"
"Publisher"="Vivaldi"
"Version"="1.10.867.48"
"DisplayVersion"="1.10.867.48"
"InstallDate"="20170715"
"VersionMajor"="867"
"VersionMinor"="48"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers]
"NextProviderID"="5"
"NumProviders"="4"
"ProviderFileName0"="unimdm.tsp"
"ProviderFileName1"="kmddsp.tsp"
"ProviderID0"="1"
"ProviderID1"="2"
"ProviderID2"="3"
"ProviderID3"="4"
"ProviderFilename3"="hidphone.tsp"

=== End of ExportKey ===
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UPS Assistant" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*EmptyTemp" => removed successfully
"HKU\S-1-5-21-813562695-3325033892-3013063695-1006\Software\Microsoft\Windows\CurrentVersion\Run\\UPS Assistant" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\apctray.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => removed successfully
C:\Users\l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk => moved successfully
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => -> No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FB150CF-A560-4D09-BAD8-47BB890A3000}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB150CF-A560-4D09-BAD8-47BB890A3000}" => removed successfully
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2104856 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8390 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2708 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
l => 43016470 B
admin.TlapXX => 10280593 B
MSSQL$SQL12 => 0 B
WebDriverInstaller => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 62.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:39:04 ====

[Conder]

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  DISM.exe /Online /Cleanup-image /Restorehealth

• Po dokonceni skopiruj a spusti druhy prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

• Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC a napis ako sa chova PC

[7lk]

Provedeno,
subjektivně si myslím, že je celkově odezva rychlejší, těžkopádnost dostupu stránek se zlepšila už dříve, tam posun nepoznám vůbec, ale určitě je dobré systém takto vyladit. S aktualizacemi problém nebyl, jen 1809 se mi na tomto compu instalovala skoro o měsíc později než na notebooku.

Z logu SFC:
[SR] Verify complete
[SR] Repairing 1 components
[SR] Beginning Verify and Repair transaction
Hashes for file member [l:12]'mscormmc.dll' do not match.
Expected: {l:32 ml:4096 b:6081ecf5a17f618e1efb0d76843f59b0c57e4df4dd211b61f46aa9ce364d0d69}.
Actual: {l:32 b:be39e9b8105c2b1b11446965404455019df6526e958fc3413da83b33fc574380}.
[SR] Repairing corrupted file \??\C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\\mscormmc.dll from store
2018-11-17 23:24:56, Info CSI 00004a46@2018/11/17:22:24:56.637 Primitive installers committed for repair
2018-11-17 23:24:56, Info CSI 00004a47 [SR] Repair complete
to znamená, že našel jeden modul, který nemá správné hash a byl nahrazen, mohlo tedy jít o důsledek nějakého "napadení" virem či podobně, ano?
Jinak ostatní bylo docela v pořádku. Souhlas?

[Conder]

Teoreticky by to mohlo byt aj virusom, ale v tomto priapde to nebolo, pretoze aj ten stary "poskodeny" subor je digitalne podpisany od Microsoftu, takze mozno nejaka chyba pri aktualizaciach a ostala tam stara verzia toho suboru.

Inak to vyzera OK. Ak uz teda nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[7lk]

ne, ne, uklízet se nebude, je to studijní materiál. Když tak archivovat, ale ono to ničemu nepřekáží.
Děkuji za pomoc, prvotní příčina je někde v nedohlednu, ale kdyby se (jako že se určitě) zase něco objevilo, tak vím aspoň částečně jak na to. Hezký večer.

[7lk]

Tak za dnešní den cca 5x hláška v chrome "DNS_PROBE_FINISHED_BAD_CONFIG" a jednou při odesílání pošty, že SMTP server nenalezen. Nevím, že by DNS servery nestíhaly, ale holt musím věřit svým očím, u mailu mi to přijde divný.

[Conder]

Skus otvorit prikazovy riadok a spusti prikaz: "ipconfig /flushdns"

Dalej skus nastavit DNS servery priamo na PC:

• Google DNS - 8.8.8.8 a 8.8.4.4
  alebo
  Cloudflare DNS - 1.1.1.1 a 1.0.0.1

[7lk]

jj, viz na začátku, toto jsem zkoušel, různě přehazovat adresy DNS, asi je to prostě normál a občas nestíhají linky. Teď byl dlouho klid, pak zase u jednoho mailu. Zřejmě opravdu odezva zvenku občas zadrhne. Zatím tedy klid a když tak je možné vlákno uzavřít.
Děkuji za pomoc.

[Conder]

OK, nie je zaco