VIRY.CZ

Při spuštění WIN 10 mi naskočila hláška Při spouštění souboru winscomrssrv.dll došlo k problému a při předchozím se bloknul eset, který nešel sputit. Ten jsem poté reinstalova.
Přikládám logy

Přikládám i addition.
Děkuji

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 03-13-2019
# Database: 2019-03-13.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-31-2019
# Duration: 00:00:19
# OS: Windows 10 Pro
# Scanned: 25924
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\marys\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

OK. Dejte nové logy FRST+Addition.

Přikládám logy

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\Users\marys\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\marys\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {1D7AA6D9-57E3-4458-9161-337202AC542B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001UA => C:\Users\marys\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8B432632-C95A-4083-9121-B35A1326EDAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001Core => C:\Users\marys\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5C0C9313-90A5-4645-824B-C075687A175C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
AlternateDataStreams: C:\Users\marys\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
FirewallRules: [{AD44FDAF-5B16-446E-B07A-EB8B9F37E6C4}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{85CD15DF-6208-4A8B-933A-4DF76D65E595}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{A764018E-743F-4412-BD2C-DA62EF7C2D2B}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{9398FC14-400B-4F3D-9343-DE7604C96837}] => (Allow) C:\Program Files\ESET\ESET Password Manager\pwm.exe No File
FirewallRules: [{B882F64A-8653-40C2-AC98-97E8D1EC0EBA}] => (Allow) C:\Program Files\ESET\ESET Password Manager\pwm.exe No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by marys (01-04-2019 11:29:27) Run:1
Running from C:\Users\marys\Desktop
Loaded Profiles: marys (Available Profiles: marys & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\Users\marys\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\marys\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {1D7AA6D9-57E3-4458-9161-337202AC542B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001UA => C:\Users\marys\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8B432632-C95A-4083-9121-B35A1326EDAF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001Core => C:\Users\marys\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5C0C9313-90A5-4645-824B-C075687A175C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
AlternateDataStreams: C:\Users\marys\Data aplikac�:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\Data aplikac�:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\marys\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
FirewallRules: [{AD44FDAF-5B16-446E-B07A-EB8B9F37E6C4}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{85CD15DF-6208-4A8B-933A-4DF76D65E595}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{A764018E-743F-4412-BD2C-DA62EF7C2D2B}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe No File
FirewallRules: [{9398FC14-400B-4F3D-9343-DE7604C96837}] => (Allow) C:\Program Files\ESET\ESET Password Manager\pwm.exe No File
FirewallRules: [{B882F64A-8653-40C2-AC98-97E8D1EC0EBA}] => (Allow) C:\Program Files\ESET\ESET Password Manager\pwm.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
C:\Users\marys\AppData\Local\Temp => moved successfully
HKU\S-1-5-21-1410936417-1045171731-3576322853-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D7AA6D9-57E3-4458-9161-337202AC542B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D7AA6D9-57E3-4458-9161-337202AC542B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B432632-C95A-4083-9121-B35A1326EDAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B432632-C95A-4083-9121-B35A1326EDAF}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1410936417-1045171731-3576322853-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C0C9313-90A5-4645-824B-C075687A175C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C0C9313-90A5-4645-824B-C075687A175C}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"C:\Users\marys\Data aplikac�" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\marys\Data aplikac�" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
C:\Users\marys\AppData\Roaming => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\marys\AppData\Roaming => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD44FDAF-5B16-446E-B07A-EB8B9F37E6C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85CD15DF-6208-4A8B-933A-4DF76D65E595}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A764018E-743F-4412-BD2C-DA62EF7C2D2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9398FC14-400B-4F3D-9343-DE7604C96837}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B882F64A-8653-40C2-AC98-97E8D1EC0EBA}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128870174 B
Java, Flash, Steam htmlcache => 79126526 B
Windows/system/drivers => 998086 B
Edge => 7638389 B
Chrome => 444344589 B
Firefox => 0 B
Opera => 40467450 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 20804 B
LocalService => 0 B
NetworkService => 1668 B
NetworkService => 0 B
marys => 1042143 B
Administrator => 631522 B

RecycleBin => 494733 B
EmptyTemp: => 678.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:29:55 ====

Smazáno. Nastala nějaká změna?

Zdá se to v pořádku děkuji. Netušíte čím to bylo?

Zbytek po šmejdu. Problém způsoboval tento záznam:

Task: {5C0C9313-90A5-4645-824B-C075687A175C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost

Je to naplánovaná úloha jeho obnovy.

Nemáte zač!