Antivirus-Removed Virus & Persistent Winscomrssrv.dll Message: Troubleshooting Tips

Question

Hello
Antivirus immediately after starting the computer, informed me that he removed some virus. It surprised me a bit and for sure I scanned it all but found nothing.
After reboot I started getting a message that appears every time.

Antivirus-Removed Virus & Persistent Winscomrssrv.dll Message: Troubleshooting Tips

I tried several ways for similar problems, including AdwCleaner but the message appears after each reboot.

Kolobos · Accepted Answer

Poprawny Fixlist.txt:
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-374170528-3039333091-3245006288-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => Brak pliku
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
Task: {63818197-652F-449D-BD13-CB5967D85AFB} - System32\Tasks\Opera scheduled Autoupdate 1542652055 => C:\Users\Z\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {AC35CF5F-8159-4ED4-98FB-9B437E35B289} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
GroupPolicy: Ograniczenia ? Microsoft Corporation) Microsoft Corporation)

adamegah · Answer

Most likely, the antivirus has found winscomrssrv.dll as a virus and removed / moved it.

Zajonc753 · Answer

Possible. Only how to get rid of this annoying message?

Anonymous · Answer

Download, scan and delete everything (from quarantine as well): Uninstall unnecessary programs Execute the fixlist - download, put it in the folder next to FRST and click Repair I can not find more mistakes.

dt1 · Answer

I would not be doing this fixlist above!
It will remove entries from the software from the AIM SC808 card, running the software from the MS mouse / keyboard (although it is optional), a lot of codecs from the system, and crack, thanks to which pirate Windows and / or Office Author works.

It will generally remove little of harmful things.

Anonymous · Answer

Spoiler: Show () [No digital signature] C: \ Windows \ System \ GfsMgr64.exe () [No digital signature] C: \ Windows \ SysWOW64 \ GfsMgr.exe () [No digital signature] C: \ Windows \ SysWOW64 \ ExMgr.exe HKLM \ ... \ Run: [GFS64] => C: \ Windows \ system \ GfsMgr64.exe [286720 2013-04-25] () [No digital signature] HKLM \ ... \ Run: [GFS] => C: \ Windows \ syswow64 \ GfsMgr.exe [204800 2013-04-25] () [No digital signature] HKLM \ ... \ Run: => C: \ Windows \ syswow64 \ ExMgr.exe [204800 2011-02-26] () [No digital signature] HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows Defender: Limitations Fraunhofer Institut Integrierte Schaltungen IIS) FF Plugin: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature] FF Plugin: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll [No file] FF Plugin-x32: @ wacom.com / wtPlugin, version = 2.1.0.3 -> C: \ Program Files (x86) \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [No digital signature] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect32.dll [No file] FF Plugin HKU \ S-1-5-21-374170528-3039333091-3245006288-1001: wacom.com/WacomTabletPlugin -> C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll [2012-12-25] (Wacom) [None digital signature] S3 ATLOISAService; C: \ Windows \ system \ ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [No digital signature] S3 wuauserv; C: \ Windows \ system32 \ svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) Microsoft Corporation) C: \ Program Files \ TabletPlugins \ npWacomTabletPlugin.dll (Wacom ) [No digital signature] CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {7AFDFDDB-F914-11E4-8377-6C3BE50D980C} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} \ InprocServer32 -> C: \ Users \ Z \ AppData \ Local \ Microsoft \ OneDrive \ 18.192.0920.0015 \ amd64 \ FileSyncShell64.dll => No file CustomCLSID: HKU \ S-1-5-21-374170528-3039333091-3245006288-1001_Classes \ CLSID \ {e8c77137-e224-5791-b6e9-ff0305797a13} \ InprocServer32 -> C: \ Program Files (x86) \ Adobe \ Adobe Creative Cloud \ Utils \ npAdobeAAMDetect64.dll => No file ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file ContextMenuHandlers1: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku ContextMenuHandlers1: -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku Task: {34EEEC33-8B1C-4056-A3A3-DEC9B57D40FF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [TCP Query User{89662DC9-7117-4B72-9D36-AE44E52F2D43}D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe] => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku FirewallRules: => (Block) D:\gry\jump force\jump force\jump_force\binaries\win64\jump_force-win64-shipping.exe Brak pliku Co jeszcze? Dodasz, odejmiesz?

Zajonc753 · Answer

Nie pomogło.

Anonymous · Answer

Yes, I am waiting for an answer @ dt1 what it should look like.

dt1 · Answer

Now, if the fixlist has already been executed, it is worth re-scanning and uploading new logs.

Zajonc753 · Answer

It's ok now (:

RADU23 · Answer

Delete the C: \ FRST folder and that's all.

Antivirus-Removed Virus & Persistent Winscomrssrv.dll Message: Troubleshooting Tips

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Post #8

Post #9

Post #10

Post #11

Post #12

Topic summary