script ver. 2024.01.08 File name: AVbr.exe Start-up time: 2024.06.15-17:59:49 Launched from: C:\Users\Игорь\Desktop\AV_block_remover\ System: x64 Windows 7 Ultimate Build number: 7601 AVBr has been run with local Administrator rights. Elevation of privileges of rights is successful. System booted up in Normal Mode. Last update was on: 2024.06.15 Current date is: 2024.06.15 Current version is: 2024.06.15 Script running will be continued after 20 seconds. C:\ProgramData\McAfee\ - Exists Run an application takeown.exe /f "C:\ProgramData\McAfee" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\ProgramData\McAfee\*" /reset /T /C /L Exit code = 0 C:\Program Files\Common Files\AV\ - Exists Run an application takeown.exe /f "C:\Program Files\Common Files\AV" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Common Files\AV" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Common Files\AV\*" /reset /T /C /L Exit code = 0 C:\Program Files\Malwarebytes\ - Exists Run an application takeown.exe /f "C:\Program Files\Malwarebytes" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Malwarebytes" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files\Malwarebytes\*" /reset /T /C /L Exit code = 0 C:\Program Files (x86)\Google\Chrome\ - Exists Run an application takeown.exe /f "C:\Program Files (x86)\Google\Chrome" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome\*" /reset /T /C /L Exit code = 0 C:\Program Files (x86)\SpeedFan\ - Exists Run an application takeown.exe /f "C:\Program Files (x86)\SpeedFan" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 1332 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan\*" /reset /T /C /L Exit code = 0 C:\Users\Игорь\Desktop\AV_block_remover\ - Exists Exit code = 0 Run an application icacls.exe "C:\Users\Игорь\Desktop\AV_block_remover" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Users\Игорь\Desktop\AV_block_remover" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Игорь\Desktop\AV_block_remover" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Users\Игорь\Desktop\AV_block_remover\*" /reset /T /C /L Exit code = 0 C:\Program Files\7-Zip\ - Exists C:\Program Files (x86)\Google\ - Exists QzpcUHJvZ3JhbURhdGFcTWljcm9zb2Z0XFdpbmRvd3Ncdm1oTnRKMFxzdmNob3N0LmV4ZQ== Create SWPRV service: [SC] CreateService: ошибка: 1073: Указанная служба уже существует. Exit code = 1073 [SC] ChangeServiceConfig2: успех Exit code = 0 PowerShellVersion: This edition of the system does not have the AppLocker module. [!] Some of these exclusions were not deleted. Export firewall rules. ОК. Exit code = 0 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389 Ни одно правило не соответствует указанным критериям. Exit code = 1 Hosts file MD5 = "F838D5F1893D858F8F8382E33280C2B5" Hosts reset selected. Registry search of AV blocked signatures. GRM = 3 Now the computer will be rebooted. =================================================================================== The following logs were found in folder after previous runs of AVbr: AV_block_remove_2024.06.15-17.59.log