script ver. 2023.07.30
File name: AVbr.exe
Start-up time: 2023.08.16-17:18:53
Launched from: C:\Users\MGBM\OneDrive\Рабочий стол\AV_block_remover\AV_block_remover\
System: x64 Windows 10 Home
Build number: 19045
AVBr has been run with local Administrator rights.
Elevation of privileges of rights is successful.
System booted up in Normal Mode.
Last update was on: 2023.08.15
Current date is: 2023.08.16
This version is up to date: 2023.08.15
Script running will be continued after 20 seconds.
C:\ProgramData\Malwarebytes\ - Exists
Run an application takeown.exe /f "C:\ProgramData\Malwarebytes\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\ProgramData\Malwarebytes\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\ProgramData\Malwarebytes\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Malwarebytes\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Malwarebytes\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Malwarebytes\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Malwarebytes\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
C:\ProgramData\McAfee\ - Exists
Run an application takeown.exe /f "C:\ProgramData\McAfee\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\ProgramData\McAfee\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\ProgramData\McAfee\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\ProgramData\McAfee\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\McAfee\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\McAfee\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\McAfee\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
C:\Program Files\7-Zip\ - Exists
Run an application takeown.exe /f "C:\Program Files\7-Zip\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\Program Files\7-Zip\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\7-Zip\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
C:\Program Files\Malwarebytes\ - Exists
Run an application takeown.exe /f "C:\Program Files\Malwarebytes\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\Program Files\Malwarebytes\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Malwarebytes\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
C:\Program Files\Process Hacker 2\ - Exists
Run an application takeown.exe /f "C:\Program Files\Process Hacker 2\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\Program Files\Process Hacker 2\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\Program Files\Process Hacker 2\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\Process Hacker 2\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Process Hacker 2\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Process Hacker 2\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Process Hacker 2\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
C:\FRST\ - Exists
Run an application takeown.exe /f "C:\FRST\" /A /r /d y
Exit code = 1
Run an application icacls.exe "C:\FRST\\" /reset /T /C /L
Exit code = 123
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-545:RX /T /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-545
OI)(CI)RX /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-32-544
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-18
OI)(CI)F /T /C /L
Exit code = 0
Run an application icacls.exe "C:\FRST\" /grant:r *S-1-5-11
OI)(CI)F /T /C /L
Exit code = 0
Create SWPRV service:
[SC] CreateService: ошибка: 1073:
Указанная служба уже существует.
Exit code = 1073
[SC] ChangeServiceConfig2: успех
Exit code = 0
PowerShellVersion: 5.1.19041.1
This edition of the system does not have the AppLocker module.
iTamperProtection = 5
Export firewall rules.
ОК.
Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe"
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe"
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe"
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe"
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389
Ни одно правило не соответствует указанным критериям.
Exit code = 1
Hosts file MD5 = "33FDEAE0B6DC040CE65734589723B8ED"
Hosts reset selected.
Registry search of AV blocked signatures.
GRM = 3
Now the computer will be rebooted.
===================================================================================
The following logs were found in folder after previous runs of AVbr:
AV_block_remove_2023.08.16-17.18.log