Смотрите видео ниже, чтобы узнать, как установить наш сайт в качестве веб-приложения на домашнем экране.
Примечание: Эта возможность может быть недоступна в некоторых браузерах.
begin
TerminateProcessByName('c:\users\Перун\appdata\local\gmsd_ru_005010161\upgmsd_ru_005010161.exe');
TerminateProcessByName('c:\program files (x86)\manager\manager.exe');
TerminateProcessByName('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\knsx6222.tmp');
TerminateProcessByName('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\jnsw7b83.tmp');
TerminateProcessByName('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\hnsr9a2c.tmp');
TerminateProcessByName('c:\program files (x86)\gmsd_ru_005010161\gmsd_ru_005010161.exe');
TerminateProcessByName('c:\users\Перун\appdata\roaming\daemon2.exe');
TerminateProcessByName('C:\Program Files\Content Defender\ContentDefender.exe');
QuarantineFile('C:\Users\Перун\AppData\Roaming\ASPackage\ASPackage.exe', '');
QuarantineFile('C:\Windows\system32\drivers\contentdefenderdrv.sys', '');
QuarantineFile('c:\users\Перун\appdata\local\gmsd_ru_005010161\upgmsd_ru_005010161.exe', '');
QuarantineFile('c:\program files (x86)\manager\manager.exe', '');
QuarantineFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\knsx6222.tmp', '');
QuarantineFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\jnsw7b83.tmp', '');
QuarantineFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\hnsr9a2c.tmp', '');
QuarantineFile('c:\program files (x86)\gmsd_ru_005010161\gmsd_ru_005010161.exe', '');
QuarantineFile('c:\users\Перун\appdata\roaming\daemon2.exe', '');
QuarantineFile('C:\Program Files\Content Defender\ContentDefender.exe', '');
DeleteFile('C:\Program Files\Content Defender\ContentDefender.exe', '32');
DeleteFile('c:\users\Перун\appdata\roaming\daemon2.exe', '32');
DeleteFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\hnsr9a2c.tmp', '32');
DeleteFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\jnsw7b83.tmp', '32');
DeleteFile('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50\knsx6222.tmp', '32');
DeleteFile('c:\program files (x86)\manager\manager.exe', '32');
DeleteFile('C:\Windows\system32\drivers\contentdefenderdrv.sys', '32');
DeleteFile('C:\Program Files (x86)\gmsd_ru_005010161\gmsd_ru_005010161.exe', '32');
DeleteFile('C:\Users\Перун\AppData\Local\gmsd_ru_005010161\upgmsd_ru_005010161.exe', '32');
DeleteFile('C:\Users\Перун\AppData\Roaming\ASPackage\ASPackage.exe', '32');
DeleteService('juhqoykm');
DeleteService('contentdefenderdrv');
DeleteFileMask('C:\Users\Перун\AppData\Roaming\ASPackage', '*', true);
DeleteFileMask('C:\Users\Перун\AppData\Local\gmsd_ru_005010161', '*', true);
DeleteFileMask('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50', '*', true);
DeleteFileMask('C:\Program Files\Content Defender', '*', true);
DeleteFileMask('c:\program files (x86)\manager', '*', true);
DeleteFileMask('C:\ProgramData\OtIdpvb', '*', true);
DeleteFileMask('C:\ProgramData\EBgobrimMj', '*', true);
DeleteFileMask('C:\ProgramData\OJhkXaHdXvnTCXU', '*', true);
DeleteDirectory('C:\Users\Перун\AppData\Roaming\ASPackage');
DeleteDirectory('C:\Users\Перун\AppData\Local\gmsd_ru_005010161');
DeleteDirectory('c:\program files (x86)\1f7974a0-1448804936-11d9-876e-f46d045fbd50');
DeleteDirectory('C:\Program Files\Content Defender');
DeleteDirectory('c:\program files (x86)\manager');
DeleteDirectory('C:\ProgramData\OtIdpvb');
DeleteDirectory('C:\ProgramData\EBgobrimMj');
DeleteDirectory('C:\ProgramData\OJhkXaHdXvnTCXU');
ExecuteFile('schtasks.exe', '/delete /TN "Uninstaller_SkipUac_Перун" /F', 0, 15000, true);
ExecuteSysClean;
ExecuteRepair(10);
ExecuteRepair(9);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Это сделайте и новый лог прикрепите.Для повторной диагностики запустите снова AutoLogger. В первом диалоговом окне нажмите "ОК", удерживая нажатой клавишу "Shift".
begin
TerminateProcessByName('c:\users\Перун\appdata\local\1f7974a0-1448981168-11d9-876e-f46d045fbd50\qnsu42fc.tmp');
QuarantineFile('c:\users\Перун\appdata\local\1f7974a0-1448981168-11d9-876e-f46d045fbd50\qnsu42fc.tmp','');
DeleteFile('c:\users\Перун\appdata\local\1f7974a0-1448981168-11d9-876e-f46d045fbd50\qnsu42fc.tmp','32');
DeleteFileMask('c:\users\Перун\appdata\local\1f7974a0-1448981168-11d9-876e-f46d045fbd50','*',true);
DeleteDirectory('c:\users\Перун\appdata\local\1f7974a0-1448981168-11d9-876e-f46d045fbd50');
ExecuteSysClean;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
CreateRestorePoint:
() C:\Users\Перун\AppData\Local\1F7974A0-1448988383-11D9-876E-F46D045FBD50\qnsj5B8D.tmp
CloseProcesses:
HKLM-x32\...\Run: [gmsd_ru_005010162] => [X]
HKLM\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [2872320 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3510949189-3876553663-2544431871-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3510949189-3876553663-2544431871-1000\...\Run: [MAgent] => C:\Users\Перун\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bpgangmffjcofiknibcmfjionicohfgj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nbifdkmdojgmpmopdebnjcobekgdoncn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (AdBlock) - C:\Users\Перун\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-11-30]
OPR Extension: (Translator) - C:\Users\Перун\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2015-11-30]
R2 hidekoqe; C:\Users\Перун\AppData\Local\1F7974A0-1448988383-11D9-876E-F46D045FBD50\qnsj5B8D.tmp [142336 2015-10-13] () [File not signed]
2015-12-01 16:46 - 2015-12-01 16:46 - 00000000 ____D C:\Users\Перун\AppData\Local\1F7974A0-1448988383-11D9-876E-F46D045FBD50
2015-12-01 13:05 - 2015-12-01 13:05 - 00000000 ____D C:\Users\Перун\AppData\Local\gamesdesktop
2015-11-29 17:49 - 2015-11-29 17:49 - 00000176 _____ C:\Users\Перун\Desktop\Искать в Интернете.url
2015-11-29 17:49 - 2014-09-16 22:11 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-29 17:44 - 2015-11-29 17:44 - 04014552 ____R () C:\Users\Перун\Downloads\2FB1.tmp
2015-09-29 18:37 - 2015-09-29 18:37 - 0000000 _____ () C:\Users\Перун\AppData\Local\{313C0920-8AA7-4236-BDBA-896EDCA2EF65}
Task: {1417FABD-0FAE-441B-9834-58B53F68413F} - \{478C931F-77D8-445A-AE54-BAC5CF389333} -> No File <==== ATTENTION
Task: {BD170AE4-844E-4FD5-9182-A19ED761E191} - \{C96BA36E-6D7B-4D82-911E-37FFF741ED34} -> No File <==== ATTENTION
C:\Users\Перун\Desktop\Mail.Ru Агент.lnk
C:\Users\Перун\AppData\Roaming\Microsoft\Windows\Start Menu\Mail.Ru Агент.lnk
C:\Users\Перун\AppData\Roaming\Microsoft\Windows\SendTo\МойМир@Mail.ru.lnk
C:\Users\Перун\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru Агент.lnk
C:\Users\Перун\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mail.Ru Агент.lnk
C:\Users\Перун\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager\Shortcut\Mail.Ru Cloud.lnk
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MailRuUpdater" /f
EmptyTemp:
Reboot: