script ver. 2024.08.11 File name: AVbr.exe Start-up time: 2024.09.23-12:47:20 Launched from: C:\AAA\AV_block_remover\ System: x64 Windows 7 Ultimate Build number: 7601 AVBr has been run with local Administrator rights. Elevation of privileges of rights is successful. System booted up in Normal Mode. Last update was on: 2024.09.16 Current date is: 2024.09.23 This version is up to date: 2024.09.16 Script running will be continued after 20 seconds. C:\ProgramData\BookManager\ - Exists C:\ProgramData\FingerPrint\ - Exists C:\ProgramData\Microsoft\Check\ - Exists C:\ProgramData\Microsoft\Intel\ - Exists C:\ProgramData\Microsoft\temp\ - Exists C:\ProgramData\PuzzleMedia\ - Exists C:\ProgramData\RobotDemo\ - Exists C:\ProgramData\RunDLL\ - Exists C:\ProgramData\Setup\ - Exists C:\ProgramData\System32\ - Exists C:\ProgramData\Windows Tasks Service\ - Exists C:\ProgramData\WindowsTask\ - Exists C:\ProgramData\install\ - Exists C:\ProgramData\microsoft\clr_optimization_v4.0.30318_64\ - Exists C:\Users\Avalon\AppData\Roaming\RMS_settings\ - Exists C:\Users\Avalon\AppData\Roaming\Sysfiles\ - Exists C:\Program Files\Internet Explorer\bin\ - Exists C:\Program Files\RDP Wrapper\ - Exists C:\Windows\Fonts\Mysql\ - Exists C:\Windows\speechstracing\ - Exists C:\ProgramData\360safe\ - Exists C:\ProgramData\AVAST Software\ - Exists C:\ProgramData\Avira\ - Exists C:\ProgramData\Doctor Web\ - Exists C:\ProgramData\ESET\ - Exists Run an application takeown.exe /f "C:\ProgramData\ESET" /A /r /d y Exit code = 1 Run an application icacls.exe "C:\ProgramData\ESET" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\ESET" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\ProgramData\ESET" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\ESET" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\ESET" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\ESET\*" /reset /T /C /L Exit code = 0 C:\ProgramData\Evernote\ - Exists C:\ProgramData\grizzly\ - Exists C:\ProgramData\Kaspersky Lab Setup Files\ - Exists C:\ProgramData\Kaspersky Lab\ - Exists C:\ProgramData\Malwarebytes\ - Exists C:\ProgramData\MB3Install\ - Exists C:\ProgramData\McAfee\ - Exists C:\ProgramData\Norton\ - Exists C:\ProgramData\princeton-produce\ - Exists C:\ProgramData\WavePad\ - Exists C:\Program Files\AVAST Software\ - Exists C:\Program Files\AVG\ - Exists C:\Program Files\Bitdefender Agent\ - Exists C:\Program Files\ByteFence\ - Exists C:\Program Files\Cezurity\ - Exists C:\Program Files\Common Files\AV\ - Exists Run an application takeown.exe /f "C:\Program Files\Common Files\AV" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Common Files\AV\*" /reset /T /C /L Exit code = 0 C:\Program Files\Common Files\Doctor Web\ - Exists C:\Program Files\Common Files\McAfee\ - Exists C:\Program Files\COMODO\ - Exists C:\Program Files\CPUID\HWMonitor\ - Exists C:\Program Files\DrWeb\ - Exists C:\Program Files\Enigma Software Group\ - Exists C:\Program Files\EnigmaSoft\ - Exists C:\Program Files\ESET\ - Exists Run an application takeown.exe /f "C:\Program Files\ESET" /A /r /d y Exit code = 1 Run an application icacls.exe "C:\Program Files\ESET" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\ESET" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\ESET\*" /reset /T /C /L Exit code = 0 C:\Program Files\HitmanPro\ - Exists C:\Program Files\Kaspersky Lab\ - Exists C:\Program Files\Loaris Trojan Remover\ - Exists C:\Program Files\Malwarebytes\ - Exists C:\Program Files\NETGATE\ - Exists C:\Program Files\Process Hacker 2\ - Exists C:\Program Files\Process Lasso\ - Exists C:\Program Files\QuickCPU\ - Exists C:\Program Files\Rainmeter\ - Exists C:\Program Files\Ravantivirus\ - Exists C:\Program Files\ReasonLabs\ - Exists C:\Program Files\RogueKiller\ - Exists C:\Program Files\SpyHunter\ - Exists C:\Program Files\SUPERAntiSpyware\ - Exists C:\Program Files\Transmission\ - Exists C:\Program Files (x86)\360\ - Exists C:\Program Files (x86)\AVAST Software\ - Exists C:\Program Files (x86)\AVG\ - Exists C:\Program Files (x86)\Cezurity\ - Exists C:\Program Files (x86)\Common Files\AV\ - Exists C:\Program Files (x86)\Google\Chrome\ - Exists Run an application takeown.exe /f "C:\Program Files (x86)\Google\Chrome" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome\*" /reset /T /C /L Exit code = 0 C:\Program Files (x86)\GPU Temp\ - Exists C:\Program Files (x86)\GRIZZLY Antivirus\ - Exists C:\Program Files (x86)\IObit\Advanced SystemCare\ - Exists C:\Program Files (x86)\IObit\IObit Malware Fighter\ - Exists C:\Program Files (x86)\Kaspersky Lab\ - Exists C:\Program Files (x86)\Microsoft JDX\ - Exists C:\Program Files (x86)\Moo0\ - Exists C:\Program Files (x86)\MSI\MSI Center\ - Exists C:\Program Files (x86)\Panda Security\ - Exists C:\Program Files (x86)\SpeedFan\ - Exists C:\Program Files (x86)\SpyHunter\ - Exists C:\Program Files (x86)\Transmission\ - Exists C:\Program Files (x86)\Wise\ - Exists C:\AdwCleaner\ - Exists C:\FRST\ - Exists C:\KVRT2020_Data\ - Exists C:\KVRT_Data\ - Exists C:\Users\Avalon\Desktop\AutoLogger\ - Exists Run an application takeown.exe /f "C:\Users\Avalon\Desktop\AutoLogger" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Avalon\Desktop\AutoLogger\*" /reset /T /C /L Exit code = 0 C:\Users\Avalon\Desktop\AV_block_remover\ - Exists C:\Users\Avalon\Downloads\AutoLogger\ - Exists C:\Users\Avalon\Downloads\AV_block_remover\ - Exists C:\Program Files\CPUID\ - Exists C:\Program Files (x86)\Google\ - Exists C:\Program Files (x86)\IObit\ - Exists C:\Program Files (x86)\MSI\ - Exists QzpcUHJvZ3JhbURhdGFcTWljcm9zb2Z0XFdpbmRvd3NcNkdSdXVLWEViZmU4dXJkVVxDaGVja0dsb2JhbFAuYmF0 QzpcUHJvZ3JhbURhdGFcTWljcm9zb2Z0XFdpbmRvd3NcNkdSdXVLWEViZmU4dXJkVVxHYW1lLmV4ZQ== Create SWPRV service: [SC] CreateService: успех Exit code = 0 [SC] ChangeServiceConfig2: успех Exit code = 0 SOFTWARE\tektonit\ - deleted PowerShellVersion: This edition of the system does not have the AppLocker module. Windows Defender settings are reset. DefenderApiLogger logging enabled. DefenderAuditLogger logging enabled. Enabling Windows notification center (UseActionCenterExperience). Notification area tooltips enabling (default state). Returning the Windows notification center to default state (enabled). HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications|DisableNotifications - deleting. Enabling the security notifications of Windows applications. WDE key missing. Export firewall rules. Exit code = 0 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe" Удалены правила: 1. ОК. Exit code = 0 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389 Удалены правила: 1. ОК. Exit code = 0 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389 Ни одно правило не соответствует указанным критериям. Exit code = 1 Hosts file MD5 = "600AE570BFF91442E3F928101AAFE0BA" Hosts reset selected. Registry search of AV blocked signatures. GRM = 3 Now the computer will be rebooted. =================================================================================== The following logs were found in folder after previous runs of AVbr: AV_block_remove_2024.09.23-12.47.log