выполняем скрипт в uVS
- скопировать содержимое кода в буфер обмена;
- стартуем uVS(start.exe), далее выбираем: текущий пользователь, меню - скрипты - выполнить скрипт из буфера обмена;
- закрываем все браузеры перед выполнением скрипта;
при деинсталляции программ - соглашаемся на деинсталляцию_удаление подтверждаем "да"
Код:
;uVS v3.87.8 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v388c
OFFSGNSAVE
hide %SystemRoot%\ACTIVATOR.EXE
;------------------------autoscript---------------------------
chklst
delvir
delref %SystemDrive%\PROGRAM FILES (X86)\ELEX-TECH\YAC\ISAFESVC.EXE
del %SystemDrive%\PROGRAM FILES (X86)\ELEX-TECH\YAC\ISAFESVC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\GMSVCDLL.DLL
del %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\GMSVCDLL.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\GMSVC.DLL
del %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\GMSVC.DLL
delref %SystemDrive%\USERS\USER\APPDATA\ROAMING\CUBE4\PYTHON\PYTHONW.EXE
del %SystemDrive%\USERS\USER\APPDATA\ROAMING\CUBE4\PYTHON\PYTHONW.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER.EXE
delref %SystemRoot%\TEMP\OUAA1B8.TMP\SECONDU71\GUBED.EXE
del %SystemRoot%\TEMP\OUAA1B8.TMP\SECONDU71\GUBED.EXE
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DAONEDLCHKBICMHEPIMIAHFALHEEDJGBH%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DBEJNPNKHFGFKCPGIKIINOJLMDCJIMOBI%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCCFIFBOJENKENPKMNBNNDEADPFDIFFOF%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DCPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DGDLJKKMGHDKCKHAOGAEMGBGDFOPHKFCO%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DILHAPDFJLMHFDGDBEFPINEBIJMHJIJPN%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOELPKEPJLGMEHAJEHFEICFBJDIOBDKFJ%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTPS://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DOJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD%26INSTALLSOURCE%3DONDEMAND%26UC
delref %SystemDrive%\PROGRAM FILES (X86)\MPCK\WINCOM_5PC.EXE
del %SystemDrive%\PROGRAM FILES (X86)\MPCK\WINCOM_5PC.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\LUDASHI\LPI\HPSVC.DLL
del %SystemDrive%\PROGRAM FILES (X86)\LUDASHI\LPI\HPSVC.DLL
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:UCDRV-X64.SYS
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\CPEGCOPCFAJIIIBIDLAELHJJBLPEFBJK\2.0.4.11_0\СТАРТОВАЯ — ЯНДЕКС
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\CHROMEDEFAULTDATA\EXTENSIONS\OJLCEBDKBPJDPILIGKDBBKDKFJMCHBFD\12.0.11_0\ПОИСК MAIL.RU
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\N34FXW49FA\CASTER.EXE
del %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\N34FXW49FA\CASTER.EXE
delref %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\M7XCOIUJC5\CASTER.EXE
del %SystemDrive%\USERS\USER\APPDATA\LOCAL\TEMP\M7XCOIUJC5\CASTER.EXE
deldirex %SystemDrive%\PROGRAM FILES (X86)\ELEX-TECH\YAC
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X86
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X86
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X64
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY:X64
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCDRV-X64.SYS
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCDRV-X64.SYS
delref %Sys32%\DRIVERS:UCDRV-X64.SYS
del %Sys32%\DRIVERS:UCDRV-X64.SYS
delref %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\360VERIFY.DLL
del %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\360VERIFY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\LDSGAMECENTER.EXE
del %SystemDrive%\PROGRAM FILES (X86)\LDSGAMECENTER\LDSGAMECENTER.EXE
delref %Sys32%\DRIVERS:X86
del %Sys32%\DRIVERS:X86
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X64.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X86.EXE
del %SystemDrive%\PROGRAM FILES (X86)\UCBROWSER\SECURITY\UCLAUNCHER-X86.EXE
delref %Sys32%\DRIVERS:X64
del %Sys32%\DRIVERS:X64
; AnySend
exec C:\Users\user\AppData\Roaming\ASPackage\Uninstall.exe
deltmp
delnfr
;-------------------------------------------------------------
restart
перезагрузка, пишем о старых и новых проблемах.
----------
далее,
выполните быстрое сканирование (угроз) в Malwarebytes