Widows Script Host - jak odstranit pozůstatek od aplikace?

[P1azer]

Zdravím,
mám problém na jednom PC. Železo je v Mostě a já jsem v Brně, takže přístup jen přes vzdálenou plochu, popřípadě rozchodit VNC. Otázkou je, jestli nějaké logování a pod. neovlivní chod zařízení (nějaký restart by asi nevadil), ale jinak zařízení funguje jako záznam hovorů (v ověřovacím provozu) a nerad bych nějak dodrbal analogovou kartu pro nahrávání. Nějak jsem měl problém s pluginem WMP pro chrome, tak jsem zkoušel sehnat starší verze nebo jinej browser a jedna z aplikací asi nechala v PC bordel, viz
Windows Script Host
Objevuje se po každém nalogovoní,
budu rád za každou pomoc. Díky

Jinak PC není připojeno k internetu, pouze k "soukromé" tech. síti.

EDIT: tak tady log.
Logfile of random's system information tool 1.09 (written by random/random)
Run by dcom at 2014-03-13 13:59:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 908 GB (97%) free of 938 GB
Total RAM: 3965 MB (66% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-11-06 290688]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-10-16 684064]
"msriujySrv"=C:\Windows\inf\msriujy.vbe [2013-08-27 1558]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-13 13:59:13 ----D---- C:\rsit
2014-03-13 13:59:13 ----D---- C:\Program Files (x86)\trend micro
2014-03-13 11:07:30 ----D---- C:\Users\dcom\AppData\Roaming\vlc
2014-03-13 11:05:59 ----D---- C:\Users\dcom\AppData\Roaming\Mozilla
2014-03-13 11:01:04 ----D---- C:\PFiles
2014-03-13 10:57:43 ----D---- C:\Users\dcom\AppData\Roaming\Opera Software
2014-03-13 10:57:42 ----D---- C:\Program Files (x86)\Opera
2014-03-13 10:43:58 ----D---- C:\ProgramData\Mozilla
2014-03-13 10:32:27 ----D---- C:\Program Files (x86)\VideoLAN
2014-02-18 11:22:49 ----A---- C:\Windows\SysWOW64\services.lnk
2014-02-18 11:22:49 ----A---- C:\Windows\SysWOW64\libtag_c.dll
2014-02-18 11:22:49 ----A---- C:\Windows\SysWOW64\libtag.dll

======List of files/folders modified in the last 1 month======

2014-03-13 13:59:13 ----D---- C:\Program Files (x86)
2014-03-13 13:59:05 ----D---- C:\Windows\Temp
2014-03-13 13:27:39 ----SHD---- C:\Windows\Installer
2014-03-13 12:13:53 ----D---- C:\Program Files (x86)\Google
2014-03-13 12:13:49 ----D---- C:\Windows\Tasks
2014-03-13 12:12:36 ----SHD---- C:\System Volume Information
2014-03-13 11:21:49 ----D---- C:\Windows\inf
2014-03-13 10:43:58 ----HD---- C:\ProgramData
2014-03-13 10:07:37 ----D---- C:\ProgramData\PDFC
2014-03-13 09:14:22 ----D---- C:\Windows\System32
2014-03-13 09:09:37 ----A---- C:\Windows\SysWOW64\log.txt
2014-03-13 09:07:37 ----D---- C:\ProgramData\firebird
2014-03-13 09:07:27 ----D---- C:\temp
2014-03-13 09:01:38 ----SHD---- C:\$RECYCLE.BIN
2014-03-13 09:01:36 ----RD---- C:\Users
2014-03-13 08:39:49 ----D---- C:\Windows\Prefetch
2014-03-13 08:15:58 ----D---- C:\Audio
2014-03-13 08:02:54 ----D---- C:\RECLOGS
2014-02-18 11:22:49 ----D---- C:\Windows\SysWOW64

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys []
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys []
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\drivers\iusb3hcs.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\drivers\iusb3hub.sys []
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\drivers\iusb3xhc.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\drivers\HECIx64.sys []
R3 Ntidrv;AudioCodes 64-bit SmartWORKS Driver; C:\Windows\system32\DRIVERS\SwrxDriver.sys []
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 tpg64win7;Gigabit PCI Express Network Adapter Driver; C:\Windows\system32\DRIVERS\tpg64win7.sys []
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [2013-03-19 154112]
R2 HPXMedia;HPXMedia; C:\Program Files (x86)\AudioCodes USA\HPXMedia\Server\Bin\HMPService.exe [2011-10-04 1986560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-04-11 277784]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-10-16 1135136]
R2 RecArchModule;AZD Recorder Archive module; C:\Program Files (x86)\AZDRecorDat\Archive\RecArchMod.exe [2014-03-10 2644992]
R2 RecExtDiagModule;AZD Recorder External Diagnostic; C:\Program Files (x86)\AZDRecorDat\ExtDiag\RecExtDiagMod.exe [2014-02-27 2258432]
R2 RecWatchDogModule;AZD Recorder WatchDog; C:\Program Files (x86)\AZDRecorDat\WatchDog\RecWatchDogMod.exe [2014-03-10 2315264]
R2 SmartRecService;AZD SmartRecorder; C:\Program Files (x86)\AZDRecorDat\SmartWorks\AZDSmartRecorder.exe [2014-03-10 2313728]
R2 SmrtWrksSrvc;SmartWORKS Service; C:\Program Files (x86)\Ai-Logix\SmartWORKS\SmrtwrksSrvc.exe [2011-10-19 2890848]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-03-30 311296]
R2 vncserver;VNC Server; C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-03-04 4774208]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [2013-03-19 5708800]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-13 253600]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-04-05 276248]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim

To delate nejaky servis?? Na firemni PC??

Predpokladam ze zdarma to asi nedelate ze

[P1azer]

Aha, už to vidím v pravidlech fóra.
Je to firemní PC, ale čas s trávený nad ním placený nemám, nemám tohle v náplni práce.

Tak to můžete smazat, díky za Váš čas.

[vyosek]

Firemni PC na foru neresime, jestli chcete, muzete vyuzit nasich placenych sluzeb...Forum mame jako podporu pro domaci uzivatele...

Diky za pochopeni