Pojavljivanje prozora prilikom paljenja racunara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Znači, odradiš registraciju dll-a, ali tog ključa u registru i dalje nema?


Skini ova dva file-a.

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Dvoklik na file-ove i potvrdi unos u registry.



Postoje li sada ovi ključevi u registru:

HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sad postoje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zatvoriš MCS (iz traya), pa opet pokreneš Real Time Monitor (u start meniju) ili prosto spojiš neki flash drive. Radi?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I dalje se pojavljuje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde još nešto da pokušamo... Restartuj Windows u Safe Mode i tamo pokreni Real Time Monitor. Radi?

Ako ne... Start > cmd (desni klik - Run As Administrator)

regsvr32 vbscript.dll

Registracija uspešna? Probaj da pokreneš Real Time Monitor. Radi?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I u safe modu se pojavljuje. Registracija je bila uspesna ali i dalje se pojavljuje

• 1Ovo se svidja korisniku: TwinHeadedEagle
  
  Registruj se da bi pohvalio/la poruku!

[Link mogu videti samo ulogovani korisnici]

Skini, pokreni, u prozor programa iskopiraj sledeće:

:regfind
B54F3741-5B07-11cf-A4B0-00AA004A55E8

Klikni Look i sačekaj da se otvori logfile. Iskopiraj dobijeni log u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SystemLook 30.07.11 by jpshortstuff
Log created at 20:50 on 20/10/2012 by admin
Administrator - Elevation successful

========== regfind ==========

Searching for "B54F3741-5B07-11cf-A4B0-00AA004A55E8"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS\CLSID]
@="{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID]
@="{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"
[HKEY_USERS\S-1-5-21-4232926109-2270386077-2592286719-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"

-= EOF =-

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript /s
HKEY_CURRENT_USER\Environment /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment /s

:filefind
vbscript.dll


Iskopiraj u SystemLook i klikni Look. Postavi ovde log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 20 Okt 2012 21:30

SystemLook 30.07.11 by jpshortstuff
Log created at 21:29 on 20/10/2012 by admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}]
@="VB Script Language"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
@= (REG_NONE)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
@= (REG_NONE)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
@="%SystemRoot%\system32\vbscript.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\OLEScript]
@= (REG_NONE)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
@="VBScript"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS]
@="VB Script Language"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS\CLSID]
@="{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS\OLEScript]
@= (REG_NONE)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript]
@="VB Script Language"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\CLSID]
@="{B54F3741-5B07-11cf-A4B0-00AA004A55E8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript\OLEScript]
@= (REG_NONE)


[HKEY_CURRENT_USER\Environment]
"TEMP"="%USERPROFILE%\AppData\Local\Temp"
"TMP"="%USERPROFILE%\AppData\Local\Temp"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"Path"="C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\Common Files\Acronis\SnapAPI\"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="x86"
"TEMP"="%SystemRoot%\TEMP"
"TMP"="%SystemRoot%\TEMP"
"USERNAME"="SYSTEM"
"windir"="%SystemRoot%"
"PSModulePath"="%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"
"NUMBER_OF_PROCESSORS"="4"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_IDENTIFIER"="x86 Family 6 Model 23 Stepping 10, GenuineIntel"
"PROCESSOR_REVISION"="170a"
"windows_tracing_logfile"="C:\BVTBin\Tests\installpackage\csilogfile.log"
"windows_tracing_flags"="3"
"SAN_DIR"="D:\Programi\SiSoftware Sandra Professional Home 2011"
"RGSCLauncher"="D:\Igrice\GTA4\Grand Theft Auto IV\Rockstar Games Social Club"
"RGSC"="D:\Igrice\GTA4\Grand Theft Auto IV\Rockstar Games Social Club\1_0_0_0"


========== filefind ==========

Searching for "vbscript.dll"
C:\Windows\System32\vbscript.dll --a---- 420864 bytes [23:46 22/09/2012] [06:47 24/08/2012] DBBBE5B64E2FE1AF8BE76CCAA2B54DFC
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7601.17514_none_4a616d3a8c291c54\vbscript.dll --a---- 427520 bytes [21:29 20/11/2010] [21:29 20/11/2010] B6C47E0FB844FDB75A8DAE5A6487CB8F
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7601.17562_none_4a295d0a8c53755b\vbscript.dll --a---- 428032 bytes [15:27 21/08/2011] [05:43 18/02/2011] 34C07D9BED227103E32E21FBCC2F1FBD
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.1.7601.21663_none_4ab3fa1fa5702e7c\vbscript.dll --a---- 428032 bytes [15:27 21/08/2011] [05:16 18/02/2011] EED26FCE45CA530C3CEB4279FF5C306F
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16421_none_60d9a60d482d54be\vbscript.dll --a---- 420864 bytes [18:01 14/02/2012] [18:01 14/02/2012] 5E7A2CF7719161C5E6C0E47D67AD45AE
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.16450_none_60b835ff48468f3a\vbscript.dll --a---- 420864 bytes [23:46 22/09/2012] [06:47 24/08/2012] DBBBE5B64E2FE1AF8BE76CCAA2B54DFC
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_9.4.8112.20557_none_6148d4d0615de065\vbscript.dll --a---- 420864 bytes [23:46 22/09/2012] [07:08 24/08/2012] FD44BF4FB0FF0BE01AAAE82785B00F23

-= EOF =-

Dopuna: 24 Okt 2012 14:26

Moze pomoc?