script ver. 2025.02.05 File name: WeBrAV.exe Start-up time: 2025.03.17-13:43:02 Launched from: \\WeLANS\SOFT\Windows\Antivirus\WeBrAV\AV_block_remover\ System: x64 Windows Server 2019 Standard Build number: 17763 AVBr has been run with local Administrator rights. Elevation of privileges of rights is successful. System booted up in Normal Mode. Last update was on: 2025.03.16 Current date is: 2025.03.17 This version is up to date: 2025.03.16 Script running will be continued after 20 seconds. C:\Program Files (x86)\Google\Chrome\ - Exists Run an application takeown.exe /f "C:\Program Files (x86)\Google\Chrome" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\Google\Chrome\*" /reset /T /C /L Exit code = 0 C:\Program Files (x86)\SpeedFan\ - Exists Run an application takeown.exe /f "C:\Program Files (x86)\SpeedFan" /A /r /d y Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /reset /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-545:RX /C /L /inheritance:r Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-544:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-18:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-11:(OI)(CI)F /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-1:(OI)(CI)RX /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-2:(OI)(CI)RX /C /L Exit code = 0 Run an application icacls.exe "C:\Program Files (x86)\SpeedFan\*" /reset /T /C /L Exit code = 0 C:\Program Files\7-Zip\ - Exists C:\Program Files (x86)\Google\ - Exists Create SWPRV service: [SC] CreateService: ошибка: 1073: Указанная служба уже существует. Exit code = 1073 [SC] ChangeServiceConfig2: успех Exit code = 0 PowerShellVersion: 5.1.17763.1 Starting the export of Applocker policies. Exit code = 0 [!] Some of these exclusions were not deleted. Export firewall rules. ОК. Exit code = 0 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe" Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445 Ни одно правило не соответствует указанным критериям. Exit code = 1 Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389 Ни одно правило не соответствует указанным критериям. Exit code = 1 Hosts file MD5 = "3688374325B992DEF12793500307566D" Hosts file passed through the clean files database. Registry search of AV blocked signatures. GRM = 3 Now the computer will be rebooted. =================================================================================== The following logs were found in folder after previous runs of AVbr: AV_block_remove_2025.03.17-13.43.log