VIRY.CZ

Zdravím, po štarte PC mi vybehne chyba winscomrssrv.dll - prehľadal som vaše fórum na fix a vyzerá to tak, že som jeden z viacerých s týmto problémom.

Scanoval som s AdwCleaner (ten nič nenašiel) aj s FRST. Prikladám logy z oboch.

Ďakujem za odpoveď

Ahoj

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer
File: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File: C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys
File: C:\WINDOWS\system32\EOSNotify.exe

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Run: [] => [X]
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 Service KMSELDI; E:\Programy\KMSpico\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
S3 WinDivert1.1; C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [35376 2013-12-03] (Nemea Mjukvaruutveckling AB -> Basil Projects)
C:\ProgramData\KMSAuto
C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {30147569-876F-4561-94EC-924CEC329E9C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
Task: {3DB4AFAF-FFA3-4684-BFD5-4DAA0D811EF8} - System32\Tasks\AutoPico Daily Restart => E:\Programy\KMSpico\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {CC10A67E-52DE-4514-B0EA-EE055E85DBD1} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Veľmi pekne ďakujem - reštartoval som ho potom ešte raz a vyzerá, že je to fixnuté

Ešte prikladám ten fixlog:

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Simon (09-04-2019 16:29:46) Run:1
Running from E:\Preberanie
Loaded Profiles: Simon (Available Profiles: Simon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer
File: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File: C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys
File: C:\WINDOWS\system32\EOSNotify.exe

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Run: [] => [X]
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
S2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 Service KMSELDI; E:\Programy\KMSpico\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
S3 WinDivert1.1; C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [35376 2013-12-03] (Nemea Mjukvaruutveckling AB -> Basil Projects)
C:\ProgramData\KMSAuto
C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {30147569-876F-4561-94EC-924CEC329E9C} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
Task: {3DB4AFAF-FFA3-4684-BFD5-4DAA0D811EF8} - System32\Tasks\AutoPico Daily Restart => E:\Programy\KMSpico\KMSpico\AutoPico.exe (@ByELDI -> @ByELDI) [File not signed]
Task: {CC10A67E-52DE-4514-B0EA-EE055E85DBD1} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count    : 8
Average  : 
Sum      : 4049
Maximum  : 
Minimum  : 
Property : Length




========= End of Powershell: =========


========================= Folder: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer ========================

2019-03-22 20:12 - 2019-03-22 20:12 - 000000921 ____A [C4987DA4E0BB5980F968B042F23E5342] () C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\fly.dbl
2019-03-22 20:12 - 2019-03-22 20:12 - 289924110 ____A [D41D8CD98F00B204E9800998ECF8427E] (SoundMixer) C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe

====== End of Folder: ======


========================= File: C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe ========================

C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (zero byte File/Folder)
Creation and modification date: 2019-03-22 20:12 - 2019-03-22 20:12
Size: 289924110
Attributes: ----A
Company Name: SoundMixer
Internal Name: 
Original Name: SoundMixer.exe
Product: SoundMixer
Description: Sound Mixing Utility
File Version: 2.6
Product Version: 2.6
Copyright: Copyright (C) 2017
VirusTotal: 0-byte

====== End of File: ======


========================= File: C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys ========================

C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys
File is digitally signed
MD5: A0D15D8727D0780C51628DF46B7268B3
Creation and modification date: 2018-05-14 14:09 - 2013-12-03 22:01
Size: 000035376
Attributes: ----A
Company Name: Nemea Mjukvaruutveckling AB -> Basil Projects
Internal Name: WinDivert.sys
Original Name: WinDivert.sys
Product: WinDivert driver
Description: WinDivert network packet capture and (re)injection driver
File Version: 1.1 built by: WinDDK
Product Version: 1.1
Copyright: Copyright © Basil Projects 2011-2013
VirusTotal: https://www.virustotal.com/file/5e23f3ed1d6620c39a644f9879404a22ded86b3b076ec4a898b4b6be244afd64/analysis/1553037326/

====== End of File: ======


========================= File: C:\WINDOWS\system32\EOSNotify.exe ========================

"C:\WINDOWS\system32\EOSNotify.exe" => not found
====== End of File: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
"HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-1582610941-2809078255-2227080442-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\KMSEmulator => removed successfully
KMSEmulator => service removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully
Service KMSELDI => service removed successfully
HKLM\System\CurrentControlSet\Services\WinDivert1.1 => removed successfully
WinDivert1.1 => service removed successfully
C:\ProgramData\KMSAuto => moved successfully

"C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer" folder move:

Could not move "C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer" => Scheduled to move on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30147569-876F-4561-94EC-924CEC329E9C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30147569-876F-4561-94EC-924CEC329E9C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DB4AFAF-FFA3-4684-BFD5-4DAA0D811EF8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DB4AFAF-FFA3-4684-BFD5-4DAA0D811EF8}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC10A67E-52DE-4514-B0EA-EE055E85DBD1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC10A67E-52DE-4514-B0EA-EE055E85DBD1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 86101668 B
Java, Flash, Steam htmlcache => 500457684 B
Windows/system/drivers => 3111565 B
Edge => 1128710 B
Chrome => 0 B
Firefox => 1103455243 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 183920 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
altai => 136806946 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-04-2019 16:32:24)

C:\Users\altai\AppData\Roaming\Microsoft\SoundMixer => Is moved successfully
C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 16:32:25 ====

Poprosim este o obidva nove logy z FRST pre kontrolu (vo FRST kliknut na moznost Scan).

Tu sú - snáď je to v poriadku

Vyzera to uz OK, len este jednu vec skontrolujeme. Pouzivas vo Firefoxe nejaky doplnok (add-on) na vlastnu/prisposobenu domovsku stranu, novu kartu alebo nieco podobne?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\altai\AppData\Roaming\Mozilla\Firefox\Profiles\oinAsbY7.default\Extensions\{9cae78fa-738f-4c1b-b684-65addb9395b4}.xpi
VirusTotal: C:\FRST\Quarantine\C\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
Folder: C:\Users\altai\AppData\Roaming\Mozilla\Firefox\Profiles\oinAsbY7.default\Extensions
File: C:\Users\altai\AppData\Roaming\Mozilla\Firefox\Profiles\oinAsbY7.default\Extensions\{9cae78fa-738f-4c1b-b684-65addb9395b4}.xpi
Folder: C:\FRST\Quarantine\C\Users\altai\AppData\Roaming\Microsoft\SoundMixer
File: C:\FRST\Quarantine\C\Users\altai\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
Zip: C:\FRST\Quarantine; C:\Users\altai\AppData\Roaming\Mozilla\Firefox\Profiles\oinAsbY7.default\Extensions

Task: {9D8A1916-7F71-44DC-AFC2-A67FAACD9442} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, nahraj ho napr. na leteckaposta.cz a posli odkaz na stiahnutie.

Používam New tab tools: https://addons.mozilla.org/sk/firefox/a ... tab-tools/

Link na ten .zip: http://leteckaposta.cz/129162805

+ prikladám aj fixlog z FRST

Tak vyzera to OK. Ak uz nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

Done. Ešte raz ďakujem za pomoc

Nie je zaco, rad som pomohol

Zdravím ťa Conder.

Vďaka tvojmu návodu som sa zbavil erroru "winscomrssrv.dll". Ale stále mi ešte vyskakuje pri štarte Windowsu tento error:
"startupchecklibraly.dll", našiel by sa prosím ťa u teba návod na odstránenie tohoto erroru? Už som obehal všelijaké stránky na rôzne programy ktoré nepomohli, aj rady z Microsoft stránok som vyskúšal ale nula bodov. Budem ti naozaj vďačný, ĎAKUJEM!

Ahoj

Zaloz si, prosim, vlastnu temu a vloz do nej logy z FRST (FRST.txt a Addition.txt) podla navodu https://forum.viry.cz/viewtopic.php?f=13&t=154679
Do nazvu temy mozes uviest ze je to pre mna a ak si spustal fixlist z tejto temy, tak vloz aj vysledny Fixlog.txt.

Tiez chcem upozornit, ze tunajsie scripty (hlavne FRST fixlisty) od radcov nie je vhodne spustat na inych PC, pretoze su napisane len pre dany konkretny PC resp. operacny system, a pri spustaniu na inych PC moze dojst napr. k poskodeniu systemu alebo zmazaniu dat.

VIRY.CZ

winscomrssrv.dll chyba po štarte PC

winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC

Re: winscomrssrv.dll chyba po štarte PC