API tools faq
paste
sirota

kavremvr-srvc 2023-01-26 10-27-12 (pid 2904)

sirota
Jan 26th, 2023
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 57.59 KB | None | 0 0
raw download clone embed print report
  1. 2904:16e0 10:27:12.710 Starting server...
  2. 2904:16e0 10:27:12.736 Failed to write dbghelp.dll
  3. 2904:16e0 10:27:12.736 Initializing application...
  4. 2904:16e0 10:27:12.803 Loading ini files...
  5. 2904:16e0 10:27:12.808 Loading resource data 'RES_INI_X64'...
  6. 2904:16e0 10:27:12.866 Loading resource data finished, 569369 bytes
  7. 2904:16e0 10:27:12.866 Loading resource data 'RES_INI_X32X64'...
  8. 2904:16e0 10:27:12.870 Loading resource data finished, 2088563 bytes
  9. 2904:16e0 10:27:12.870 Parsing ini files data...
  10. 2904:16e0 10:27:12.925 Ini files data parsed, 103 files parsed
  11. 2904:16e0 10:27:12.926 Dumping data to files...
  12. 2904:16e0 10:27:12.967 Data dumped to files
  13. 2904:1204 10:27:13.723 SetUserEnvironment
  14. 2904:1204 10:27:13.723 Dumping current environment...
  15. 2904:1204 10:27:13.723 CreateFileA () failed, error 3
  16. 2904:1204 10:27:13.723 Set environment from string...
  17. 2904:1204 10:27:13.724 change_current_enviroment start
  18. 2904:1204 10:27:13.785 Server malloc
  19. 2904:1204 10:27:13.785 Server free
  20. 2904:1884 10:27:13.787 Detect products with no-detect=0, remove-all=0...
  21. 2904:1884 10:27:13.787 ShutdownDetector started watch thread (00000394)
  22. 2904:1884 10:27:13.789 Kaspersky Removal Tool 1.0.2686
  23. 2904:1884 10:27:13.789 KLeaner initialized
  24. 2904:1884 10:27:13.789 OS info...
  25. 2904:0830 10:27:13.789 Watch thread started
  26. 2904:1884 10:27:13.902 OS version = 10.0.19045, 64 bit
  27. 2904:1884 10:27:13.902 OS info = Майкрософт Windows 10 Pro, CSDVersion="", Version=10.0.19045, BuildNumber=19045
  28. 2904:1884 10:27:13.902 TraceSystemInfo: Time ticks=806562 ticks64=806562 idle=2757.7500000 kernel=2998.6875000 user=227.3906250
  29. 2904:1884 10:27:13.902 TraceSystemInfo: System oemId=00000009 pageSize=4096 MinAppAddress=00010000 MaxAppAddress=FFFEFFFF ActiveProcessorMask=0000000F NumberOfProcessors=4 ProcessorType=8664 AllocationGranularity=65536 ProcessorLevel=6 ProcessorRevision=40458
  30. 2904:1884 10:27:13.902 TraceSystemInfo: Memory Load=56 Phys=1807126528/4161114112 PageFile=2646114304/4899311616 Virtual=2064248832/2147352576 AvailExtendedVirtual=0
  31. 2904:1884 10:27:13.903 TraceSystemInfo: Performance commit(total=550097,limit=1196121,peak=553504 phis(total=1015897,avail=441192) syscache=460579 kernel(total=91987,paged=53326,nonpaged=38661) page=4096 handles=49571 processes=138 threads=1270
  32. 2904:1884 10:27:13.903 TraceTokenInformation: class=1(User) length=20 [User[Sid=S-1-5-18,Attributes=0]]
  33. 2904:1884 10:27:13.903 TraceTokenInformation: class=2(Groups) length=88 [GroupCount=4,[Sid=S-1-5-32-544,Attributes=E],[Sid=S-1-1-0,Attributes=7],[Sid=S-1-5-11,Attributes=7],[Sid=S-1-16-16384,Attributes=60]]
  34. 2904:1884 10:27:13.905 TraceTokenInformation: class=3(Privileges) length=340 [PrivilegeCount=28,[Luid=SeAssignPrimaryTokenPrivilege,Attributes=0],[Luid=SeLockMemoryPrivilege,Attributes=3],[Luid=SeIncreaseQuotaPrivilege,Attributes=0],[Luid=SeTcbPrivilege,Attributes=3],[Luid=SeSecurityPrivilege,Attributes=0],[Luid=SeTakeOwnershipPrivilege,Attributes=0],[Luid=SeLoadDriverPrivilege,Attributes=0],[Luid=SeSystemProfilePrivilege,Attributes=3],[Luid=SeSystemtimePrivilege,Attributes=0],[Luid=SeProfileSingleProcessPrivilege,Attributes=3],[Luid=SeIncreaseBasePriorityPrivilege,Attributes=3],[Luid=SeCreatePagefilePrivilege,Attributes=3],[Luid=SeCreatePermanentPrivilege,Attributes=3],[Luid=SeBackupPrivilege,Attributes=0],[Luid=SeRestorePrivilege,Attributes=0],[Luid=SeShutdownPrivilege,Attributes=0],[Luid=SeDebugPrivilege,Attributes=3],[Luid=SeAuditPrivilege,Attributes=3],[Luid=SeSystemEnvironmentPrivilege,Attributes=0],[Luid=SeChangeNotifyPrivilege,Attributes=3],[Luid=SeUndockPrivilege,Attributes=0],[Luid=SeManageVolumePrivilege,Attributes=0],[Luid=SeImpersonatePrivilege,Attributes=3],[Luid=SeCreateGlobalPrivilege,Attributes=3],[Luid=SeIncreaseWorkingSetPrivilege,Attributes=3],[Luid=SeTimeZonePrivilege,Attributes=3],[Luid=SeCreateSymbolicLinkPrivilege,Attributes=3],[Luid=SeDelegateSessionUserImpersonatePrivilege,Attributes=3]]
  35. 2904:1884 10:27:13.906 TraceTokenInformation: class=4(Owner) length=20 [Owner=S-1-5-32-544]
  36. 2904:1884 10:27:13.906 TraceTokenInformation: class=5(PrimaryGroup) length=16 [PrimaryGroup=S-1-5-18]
  37. 2904:1884 10:27:13.906 TraceTokenInformation: class=11(RestrictedSids) length=4 [GroupCount=0]
  38. 2904:1884 10:27:13.906 TraceTokenInformation: class=12(SessionId) length=4 [0(00000000)]
  39. 2904:1884 10:27:13.906 TraceTokenInformation: class=14(SessionReference) length=1 GetInfo fail error=87
  40. 2904:1884 10:27:13.906 TraceTokenInformation: class=15(SandBoxInert) length=4 [0(00000000)]
  41. 2904:1884 10:27:13.906 TraceTokenInformation: class=16(AuditPolicy) length=1 GetInfo fail error=1314
  42. 2904:1884 10:27:13.906 KLeaner is looking in C:\Users\User\AppData\Local\Temp\{688085E2-798F-4A79-A05A-50B50F778617}\jkbasuy1\xsxfr\ for *.ini...
  43. 2904:1884 10:27:13.907 file found: df0.ini
  44. 2904:1884 10:27:13.914 no detect
  45. 2904:1884 10:27:13.914 file found: df1.ini
  46. 2904:1884 10:27:13.921 no detect
  47. 2904:1884 10:27:13.922 file found: df10.ini
  48. 2904:1884 10:27:13.927 no detect
  49. 2904:1884 10:27:13.927 file found: df100.ini
  50. 2904:1884 10:27:13.935 no detect
  51. 2904:1884 10:27:13.935 file found: df101.ini
  52. 2904:1884 10:27:13.942 no detect
  53. 2904:1884 10:27:13.942 file found: df102.ini
  54. 2904:1884 10:27:13.945 This OS is not supported
  55. 2904:1884 10:27:13.945 no detect
  56. 2904:1884 10:27:13.945 file found: df11.ini
  57. 2904:1884 10:27:13.955 This OS is not supported
  58. 2904:1884 10:27:13.955 no detect
  59. 2904:1884 10:27:13.955 file found: df12.ini
  60. 2904:1884 10:27:13.964 This OS is not supported
  61. 2904:1884 10:27:13.964 no detect
  62. 2904:1884 10:27:13.964 file found: df13.ini
  63. 2904:1884 10:27:13.976 no detect
  64. 2904:1884 10:27:13.976 file found: df14.ini
  65. 2904:1884 10:27:13.982 This OS is not supported
  66. 2904:1884 10:27:13.982 no detect
  67. 2904:1884 10:27:13.982 file found: df15.ini
  68. 2904:1884 10:27:13.989 This OS is not supported
  69. 2904:1884 10:27:13.989 no detect
  70. 2904:1884 10:27:13.989 file found: df16.ini
  71. 2904:1884 10:27:13.995 This OS is not supported
  72. 2904:1884 10:27:13.995 no detect
  73. 2904:1884 10:27:13.995 file found: df17.ini
  74. 2904:1884 10:27:14.001 This OS is not supported
  75. 2904:1884 10:27:14.001 no detect
  76. 2904:1884 10:27:14.001 file found: df18.ini
  77. 2904:1884 10:27:14.007 This OS is not supported
  78. 2904:1884 10:27:14.007 no detect
  79. 2904:1884 10:27:14.007 file found: df19.ini
  80. 2904:1884 10:27:14.013 no detect
  81. 2904:1884 10:27:14.013 file found: df2.ini
  82. 2904:1884 10:27:14.025 no detect
  83. 2904:1884 10:27:14.025 file found: df20.ini
  84. 2904:1884 10:27:14.031 no detect
  85. 2904:1884 10:27:14.031 file found: df21.ini
  86. 2904:1884 10:27:14.039 no detect
  87. 2904:1884 10:27:14.040 file found: df22.ini
  88. 2904:1884 10:27:14.046 no detect
  89. 2904:1884 10:27:14.046 file found: df23.ini
  90. 2904:1884 10:27:14.054 no detect
  91. 2904:1884 10:27:14.054 file found: df24.ini
  92. 2904:1884 10:27:14.085 no detect
  93. 2904:1884 10:27:14.085 file found: df25.ini
  94. 2904:1884 10:27:14.092 no detect
  95. 2904:1884 10:27:14.092 file found: df26.ini
  96. 2904:1884 10:27:14.169 no detect
  97. 2904:1884 10:27:14.169 file found: df27.ini
  98. 2904:1884 10:27:14.182 no detect
  99. 2904:1884 10:27:14.182 file found: df28.ini
  100. 2904:1884 10:27:14.190 no detect
  101. 2904:1884 10:27:14.190 file found: df29.ini
  102. 2904:1884 10:27:14.197 no detect
  103. 2904:1884 10:27:14.197 file found: df3.ini
  104. 2904:1884 10:27:14.203 no detect
  105. 2904:1884 10:27:14.204 file found: df30.ini
  106. 2904:1884 10:27:14.217 no detect
  107. 2904:1884 10:27:14.217 file found: df31.ini
  108. 2904:1884 10:27:14.232 no detect
  109. 2904:1884 10:27:14.232 file found: df32.ini
  110. 2904:1884 10:27:14.240 no detect
  111. 2904:1884 10:27:14.240 file found: df33.ini
  112. 2904:1884 10:27:14.660 no detect
  113. 2904:1884 10:27:14.661 file found: df34.ini
  114. 2904:1884 10:27:14.674 no detect
  115. 2904:1884 10:27:14.674 file found: df35.ini
  116. 2904:1884 10:27:14.684 no detect
  117. 2904:1884 10:27:14.684 file found: df36.ini
  118. 2904:1884 10:27:14.691 no detect
  119. 2904:1884 10:27:14.691 file found: df37.ini
  120. 2904:1884 10:27:14.701 no detect
  121. 2904:1884 10:27:14.701 file found: df38.ini
  122. 2904:1884 10:27:14.709 no detect
  123. 2904:1884 10:27:14.709 file found: df39.ini
  124. 2904:1884 10:27:14.717 found Kaspersky Endpoint Security 11.11 for Windows
  125. 2904:1884 10:27:14.717 Processing section env_before_removing...
  126. 2904:1884 10:27:14.717 setup_env: 'env-string-expand-utf' 'HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\settings->ProductSettingsKeyPath'
  127. 2904:1884 10:27:14.717 environment string list
  128. 2904:1884 10:27:14.717 environment: 'ALLUSERSPROFILE=C:\ProgramData'
  129. 2904:1884 10:27:14.717 environment: 'APPDATA=C:\Users\User\AppData\Roaming'
  130. 2904:1884 10:27:14.717 environment: 'CommonProgramFiles=C:\Program Files (x86)\Common Files'
  131. 2904:1884 10:27:14.717 environment: 'CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files'
  132. 2904:1884 10:27:14.717 environment: 'CommonProgramW6432=C:\Program Files\Common Files'
  133. 2904:1884 10:27:14.717 environment: 'COMPUTERNAME=MCB-308-5'
  134. 2904:1884 10:27:14.717 environment: 'ComSpec=C:\WINDOWS\system32\cmd.exe'
  135. 2904:1884 10:27:14.717 environment: 'DriverData=C:\Windows\System32\Drivers\DriverData'
  136. 2904:1884 10:27:14.717 environment: 'HOMEDRIVE=C:'
  137. 2904:1884 10:27:14.717 environment: 'HOMEPATH=\Users\User'
  138. 2904:1884 10:27:14.717 environment: 'LOCALAPPDATA=C:\Users\User\AppData\Local'
  139. 2904:1884 10:27:14.717 environment: 'LOGONSERVER=\\MCB-308-5'
  140. 2904:1884 10:27:14.717 environment: 'MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\'
  141. 2904:1884 10:27:14.717 environment: 'NUMBER_OF_PROCESSORS=4'
  142. 2904:1884 10:27:14.717 environment: 'OneDrive=C:\Users\User\OneDrive'
  143. 2904:1884 10:27:14.717 environment: 'OS=Windows_NT'
  144. 2904:1884 10:27:14.717 environment: 'ParentFolder=D:\'
  145. 2904:1884 10:27:14.717 environment: 'Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\User\AppData\Local\Microsoft\WindowsApps'
  146. 2904:1884 10:27:14.717 environment: 'PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC'
  147. 2904:1884 10:27:14.717 environment: 'PROCESSOR_ARCHITECTURE=x86'
  148. 2904:1884 10:27:14.717 environment: 'PROCESSOR_ARCHITEW6432=AMD64'
  149. 2904:1884 10:27:14.717 environment: 'PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 10, GenuineIntel'
  150. 2904:1884 10:27:14.717 environment: 'PROCESSOR_LEVEL=6'
  151. 2904:1884 10:27:14.717 environment: 'PROCESSOR_REVISION=9e0a'
  152. 2904:1884 10:27:14.717 environment: 'ProductSettingsKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\settings'
  153. 2904:1884 10:27:14.717 environment: 'ProgramData=C:\ProgramData'
  154. 2904:1884 10:27:14.717 environment: 'ProgramFiles=C:\Program Files (x86)'
  155. 2904:1884 10:27:14.717 environment: 'ProgramFiles(x86)=C:\Program Files (x86)'
  156. 2904:1884 10:27:14.717 environment: 'ProgramW6432=C:\Program Files'
  157. 2904:1884 10:27:14.717 environment: 'PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules'
  158. 2904:1884 10:27:14.717 environment: 'PUBLIC=C:\Users\Public'
  159. 2904:1884 10:27:14.717 environment: 'SystemDrive=C:'
  160. 2904:1884 10:27:14.717 environment: 'SystemRoot=C:\WINDOWS'
  161. 2904:1884 10:27:14.717 environment: 'TEMP=C:\Users\User\AppData\Local\Temp'
  162. 2904:1884 10:27:14.717 environment: 'TMP=C:\Users\User\AppData\Local\Temp'
  163. 2904:1884 10:27:14.717 environment: 'USERDOMAIN=MCB-308-5'
  164. 2904:1884 10:27:14.717 environment: 'USERDOMAIN_ROAMINGPROFILE=MCB-308-5'
  165. 2904:1884 10:27:14.717 environment: 'USERNAME=User'
  166. 2904:1884 10:27:14.717 environment: 'USERPROFILE=C:\Users\User'
  167. 2904:1884 10:27:14.717 environment: 'windir=C:\WINDOWS'
  168. 2904:1884 10:27:14.717 environment: '__COMPAT_LAYER=DetectorsAppHealth Installer'
  169. 2904:1884 10:27:14.717 Checking password in ProductSettingsKeyPath...
  170. 2904:1884 10:27:14.718 Password protection on uninstall enabled.
  171. 2904:1884 10:27:14.718 Password is set
  172. 2904:1884 10:27:14.718 file found: df4.ini
  173. 2904:1884 10:27:14.723 no detect
  174. 2904:1884 10:27:14.723 file found: df40.ini
  175. 2904:1884 10:27:14.729 no detect
  176. 2904:1884 10:27:14.729 file found: df41.ini
  177. 2904:1884 10:27:14.737 no detect
  178. 2904:1884 10:27:14.737 file found: df42.ini
  179. 2904:1884 10:27:14.743 no detect
  180. 2904:1884 10:27:14.743 file found: df43.ini
  181. 2904:1884 10:27:14.756 no detect
  182. 2904:1884 10:27:14.756 file found: df44.ini
  183. 2904:1884 10:27:14.762 no detect
  184. 2904:1884 10:27:14.762 file found: df45.ini
  185. 2904:1884 10:27:14.769 no detect
  186. 2904:1884 10:27:14.770 file found: df46.ini
  187. 2904:1884 10:27:14.775 no detect
  188. 2904:1884 10:27:14.775 file found: df47.ini
  189. 2904:1884 10:27:14.783 no detect
  190. 2904:1884 10:27:14.783 file found: df48.ini
  191. 2904:1884 10:27:14.792 no detect
  192. 2904:1884 10:27:14.792 file found: df49.ini
  193. 2904:1884 10:27:14.801 no detect
  194. 2904:1884 10:27:14.801 file found: df5.ini
  195. 2904:1884 10:27:14.807 no detect
  196. 2904:1884 10:27:14.807 file found: df50.ini
  197. 2904:1884 10:27:14.838 no detect
  198. 2904:1884 10:27:14.838 file found: df51.ini
  199. 2904:1884 10:27:14.845 no detect
  200. 2904:1884 10:27:14.845 file found: df52.ini
  201. 2904:1884 10:27:14.852 no detect
  202. 2904:1884 10:27:14.853 file found: df53.ini
  203. 2904:1884 10:27:14.859 no detect
  204. 2904:1884 10:27:14.860 file found: df54.ini
  205. 2904:1884 10:27:14.865 Detecting upgrade code 'A6317151A20E6524DB14F80340A3A183,MinVersion=0x00000000,MaxVersion=0xFFFFFFFF'
  206. 2904:1884 10:27:14.866 upgrade-code='A6317151A20E6524DB14F80340A3A183' MinVersion=true,0 MaxVersion=true,-1
  207. 2904:1884 10:27:14.866 RegOpenKeyEx(000003D0H\A6317151A20E6524DB14F80340A3A183) failed. Error 2: Не удается найти указанный файл.
  208. 2904:1884 10:27:14.866 Fail! get upgrade code key error: err 2
  209. 2904:1884 10:27:14.866 no detect
  210. 2904:1884 10:27:14.866 file found: df55.ini
  211. 2904:1884 10:27:14.872 This OS is not supported
  212. 2904:1884 10:27:14.872 no detect
  213. 2904:1884 10:27:14.873 file found: df56.ini
  214. 2904:1884 10:27:14.879 This OS is not supported
  215. 2904:1884 10:27:14.879 no detect
  216. 2904:1884 10:27:14.879 file found: df57.ini
  217. 2904:1884 10:27:14.886 no detect
  218. 2904:1884 10:27:14.886 file found: df58.ini
  219. 2904:1884 10:27:14.893 no detect
  220. 2904:1884 10:27:14.894 file found: df59.ini
  221. 2904:1884 10:27:14.901 This OS is not supported
  222. 2904:1884 10:27:14.902 no detect
  223. 2904:1884 10:27:14.902 file found: df6.ini
  224. 2904:1884 10:27:15.667 no detect
  225. 2904:1884 10:27:15.667 file found: df60.ini
  226. 2904:1884 10:27:15.675 Detecting upgrade code 'C4C5F8868570986459B06B66D9B75386,MinVersion=0x00000000,MaxVersion=0xFFFFFFFF'
  227. 2904:1884 10:27:15.675 upgrade-code='C4C5F8868570986459B06B66D9B75386' MinVersion=true,0 MaxVersion=true,-1
  228. 2904:1884 10:27:15.675 RegOpenKeyEx(00000408H\C4C5F8868570986459B06B66D9B75386) failed. Error 2: Не удается найти указанный файл.
  229. 2904:1884 10:27:15.675 Fail! get upgrade code key error: err 2
  230. 2904:1884 10:27:15.675 no detect
  231. 2904:1884 10:27:15.675 file found: df61.ini
  232. 2904:1884 10:27:15.681 This OS is not supported
  233. 2904:1884 10:27:15.681 no detect
  234. 2904:1884 10:27:15.681 file found: df62.ini
  235. 2904:1884 10:27:15.688 Detecting upgrade code '36C901A98B0374C4BA1F81D4D83648E1,MinVersion=0x00000000,MaxVersion=0xFFFFFFFF'
  236. 2904:1884 10:27:15.688 upgrade-code='36C901A98B0374C4BA1F81D4D83648E1' MinVersion=true,0 MaxVersion=true,-1
  237. 2904:1884 10:27:15.688 RegOpenKeyEx(00000458H\36C901A98B0374C4BA1F81D4D83648E1) failed. Error 2: Не удается найти указанный файл.
  238. 2904:1884 10:27:15.688 Fail! get upgrade code key error: err 2
  239. 2904:1884 10:27:15.688 no detect
  240. 2904:1884 10:27:15.688 file found: df63.ini
  241. 2904:1884 10:27:15.769 no detect
  242. 2904:1884 10:27:15.769 file found: df64.ini
  243. 2904:1884 10:27:15.776 no detect
  244. 2904:1884 10:27:15.776 file found: df65.ini
  245. 2904:1884 10:27:15.808 no detect
  246. 2904:1884 10:27:15.808 file found: df66.ini
  247. 2904:1884 10:27:15.816 no detect
  248. 2904:1884 10:27:15.816 file found: df67.ini
  249. 2904:1884 10:27:15.823 no detect
  250. 2904:1884 10:27:15.823 file found: df68.ini
  251. 2904:1884 10:27:15.828 no detect
  252. 2904:1884 10:27:15.828 file found: df69.ini
  253. 2904:1884 10:27:15.833 no detect
  254. 2904:1884 10:27:15.834 file found: df7.ini
  255. 2904:1884 10:27:15.839 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4\Installer\shortcuts) failed. Error 2: Не удается найти указанный файл.
  256. 2904:1884 10:27:15.839 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4\Installer\shortcuts) failed. Error 2: Не удается найти указанный файл.
  257. 2904:1884 10:27:15.839 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4\Installer\shortcuts) failed. Error 2: Не удается найти указанный файл.
  258. 2904:1884 10:27:15.839 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4\Installer\shortcuts) failed. Error 2: Не удается найти указанный файл.
  259. 2904:1884 10:27:15.839 no detect
  260. 2904:1884 10:27:15.839 file found: df70.ini
  261. 2904:1884 10:27:15.845 no detect
  262. 2904:1884 10:27:15.845 file found: df71.ini
  263. 2904:1884 10:27:15.849 no detect
  264. 2904:1884 10:27:15.849 file found: df72.ini
  265. 2904:1884 10:27:15.856 no detect
  266. 2904:1884 10:27:15.856 file found: df73.ini
  267. 2904:1884 10:27:15.860 no detect
  268. 2904:1884 10:27:15.861 file found: df74.ini
  269. 2904:1884 10:27:15.865 no detect
  270. 2904:1884 10:27:15.866 file found: df75.ini
  271. 2904:1884 10:27:15.872 no detect
  272. 2904:1884 10:27:15.872 file found: df76.ini
  273. 2904:1884 10:27:15.879 no detect
  274. 2904:1884 10:27:15.879 file found: df77.ini
  275. 2904:1884 10:27:15.885 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4) failed. Error 2: Не удается найти указанный файл.
  276. 2904:1884 10:27:15.885 RegOpenKeyEx(80000002H\SOFTWARE\KasperskyLab\AntiRansom4) failed. Error 2: Не удается найти указанный файл.
  277. 2904:1884 10:27:15.885 no detect
  278. 2904:1884 10:27:15.886 file found: df78.ini
  279. 2904:1884 10:27:15.890 Detecting upgrade code 'EC4327A59EB71784E9300F4BA9C7E3A2,MinVersion=0x00000000,MaxVersion=0xFFFFFFFF'
  280. 2904:1884 10:27:15.890 upgrade-code='EC4327A59EB71784E9300F4BA9C7E3A2' MinVersion=true,0 MaxVersion=true,-1
  281. 2904:1884 10:27:15.890 RegOpenKeyEx(00000408H\EC4327A59EB71784E9300F4BA9C7E3A2) failed. Error 2: Не удается найти указанный файл.
  282. 2904:1884 10:27:15.890 Fail! get upgrade code key error: err 2
  283. 2904:1884 10:27:15.890 no detect
  284. 2904:1884 10:27:15.890 file found: df79.ini
  285. 2904:1884 10:27:15.896 Detecting upgrade code 'C0D16C9919DE969458D3A48B6E8D97A2,MinVersion=0x00000000,MaxVersion=0xFFFFFFFF'
  286. 2904:1884 10:27:15.896 upgrade-code='C0D16C9919DE969458D3A48B6E8D97A2' MinVersion=true,0 MaxVersion=true,-1
  287. 2904:1884 10:27:15.896 RegOpenKeyEx(00000408H\C0D16C9919DE969458D3A48B6E8D97A2) failed. Error 2: Не удается найти указанный файл.
  288. 2904:1884 10:27:15.896 Fail! get upgrade code key error: err 2
  289. 2904:1884 10:27:15.896 no detect
  290. 2904:1884 10:27:15.897 file found: df8.ini
  291. 2904:1884 10:27:15.904 no detect
  292. 2904:1884 10:27:15.905 file found: df80.ini
  293. 2904:1884 10:27:15.911 no detect
  294. 2904:1884 10:27:15.911 file found: df81.ini
  295. 2904:1884 10:27:15.917 no detect
  296. 2904:1884 10:27:15.917 file found: df82.ini
  297. 2904:1884 10:27:15.924 no detect
  298. 2904:1884 10:27:15.924 file found: df83.ini
  299. 2904:1884 10:27:15.931 no detect
  300. 2904:1884 10:27:15.931 file found: df84.ini
  301. 2904:1884 10:27:15.938 apply_local_context_command: 'local.x64' 'false'
  302. 2904:1884 10:27:15.938 no detect
  303. 2904:1884 10:27:15.938 file found: df85.ini
  304. 2904:1884 10:27:15.945 no detect
  305. 2904:1884 10:27:15.945 file found: df86.ini
  306. 2904:1884 10:27:15.951 no detect
  307. 2904:1884 10:27:15.952 file found: df87.ini
  308. 2904:1884 10:27:15.959 no detect
  309. 2904:1884 10:27:15.959 file found: df88.ini
  310. 2904:1884 10:27:15.965 no detect
  311. 2904:1884 10:27:15.966 file found: df89.ini
  312. 2904:1884 10:27:15.973 no detect
  313. 2904:1884 10:27:15.973 file found: df9.ini
  314. 2904:1884 10:27:16.103 no detect
  315. 2904:1884 10:27:16.103 file found: df90.ini
  316. 2904:1884 10:27:16.111 no detect
  317. 2904:1884 10:27:16.111 file found: df91.ini
  318. 2904:1884 10:27:16.123 no detect
  319. 2904:1884 10:27:16.123 file found: df92.ini
  320. 2904:1884 10:27:16.130 no detect
  321. 2904:1884 10:27:16.130 file found: df93.ini
  322. 2904:1884 10:27:16.137 no detect
  323. 2904:1884 10:27:16.137 file found: df94.ini
  324. 2904:1884 10:27:16.144 no detect
  325. 2904:1884 10:27:16.144 file found: df95.ini
  326. 2904:1884 10:27:16.151 no detect
  327. 2904:1884 10:27:16.151 file found: df96.ini
  328. 2904:1884 10:27:16.158 no detect
  329. 2904:1884 10:27:16.158 file found: df97.ini
  330. 2904:1884 10:27:16.165 no detect
  331. 2904:1884 10:27:16.165 file found: df98.ini
  332. 2904:1884 10:27:16.173 no detect
  333. 2904:1884 10:27:16.173 file found: df99.ini
  334. 2904:1884 10:27:16.215 RegOpenKeyEx(80000002H\SOFTWARE\Kaspersky Lab\Thread Feed Service\DataPath) failed. Error 2: Не удается найти указанный файл.
  335. 2904:1884 10:27:16.215 no detect
  336. 2904:1884 10:27:16.215 Searching finished, product detected.
  337. 2904:1884 10:27:16.215 Server malloc
  338. 2904:1884 10:27:16.215 Save detected products succ.
  339. 2904:1884 10:27:16.215 KLeaner deinitialized
  340. 2904:1884 10:27:16.215 Stopping shutdown detector...
  341. 2904:1884 10:27:16.215 Waiting for watch thread stop...
  342. 2904:0830 10:27:16.215 Watch thread finished
  343. 2904:1884 10:27:16.215 Watch thread was stopped
  344. 2904:1884 10:27:16.215 Server free
  345. 2904:1884 10:27:57.959 Server malloc
  346. 2904:1884 10:27:57.959 Removing selected products...
  347. 2904:1884 10:27:57.959 Removing selected product: Kaspersky Endpoint Security 11.11 for Windows.
  348. 2904:1884 10:27:57.960 ShutdownDetector started watch thread (00000440)
  349. 2904:1884 10:27:57.961 Kaspersky Removal Tool 1.0.2686
  350. 2904:1884 10:27:57.961 KLeaner initialized
  351. 2904:0c90 10:27:57.961 Watch thread started
  352. 2904:1884 10:27:57.961 MsiparamsCount 0
  353. 2904:1884 10:27:57.961 OS version = 10.0.19045, 64 bit
  354. 2904:1884 10:27:57.961 OS info = Майкрософт Windows 10 Pro, CSDVersion="", Version=10.0.19045, BuildNumber=19045
  355. 2904:1884 10:27:57.961 TraceSystemInfo: Time ticks=850609 ticks64=850609 idle=2918.1093750 kernel=3169.9218750 user=232.3593750
  356. 2904:1884 10:27:57.961 TraceSystemInfo: System oemId=00000009 pageSize=4096 MinAppAddress=00010000 MaxAppAddress=FFFEFFFF ActiveProcessorMask=0000000F NumberOfProcessors=4 ProcessorType=8664 AllocationGranularity=65536 ProcessorLevel=6 ProcessorRevision=40458
  357. 2904:1884 10:27:57.961 TraceSystemInfo: Memory Load=56 Phys=1827196928/4161114112 PageFile=2654232576/4899311616 Virtual=2059661312/2147352576 AvailExtendedVirtual=0
  358. 2904:1884 10:27:57.962 TraceSystemInfo: Performance commit(total=548115,limit=1196121,peak=553504 phis(total=1015897,avail=446093) syscache=457999 kernel(total=91903,paged=53394,nonpaged=38509) page=4096 handles=49127 processes=137 threads=1193
  359. 2904:1884 10:27:57.963 TraceTokenInformation: class=1(User) length=20 [User[Sid=S-1-5-18,Attributes=0]]
  360. 2904:1884 10:27:57.963 TraceTokenInformation: class=2(Groups) length=88 [GroupCount=4,[Sid=S-1-5-32-544,Attributes=E],[Sid=S-1-1-0,Attributes=7],[Sid=S-1-5-11,Attributes=7],[Sid=S-1-16-16384,Attributes=60]]
  361. 2904:1884 10:27:57.967 TraceTokenInformation: class=3(Privileges) length=340 [PrivilegeCount=28,[Luid=SeAssignPrimaryTokenPrivilege,Attributes=0],[Luid=SeLockMemoryPrivilege,Attributes=3],[Luid=SeIncreaseQuotaPrivilege,Attributes=0],[Luid=SeTcbPrivilege,Attributes=3],[Luid=SeSecurityPrivilege,Attributes=0],[Luid=SeTakeOwnershipPrivilege,Attributes=0],[Luid=SeLoadDriverPrivilege,Attributes=0],[Luid=SeSystemProfilePrivilege,Attributes=3],[Luid=SeSystemtimePrivilege,Attributes=0],[Luid=SeProfileSingleProcessPrivilege,Attributes=3],[Luid=SeIncreaseBasePriorityPrivilege,Attributes=3],[Luid=SeCreatePagefilePrivilege,Attributes=3],[Luid=SeCreatePermanentPrivilege,Attributes=3],[Luid=SeBackupPrivilege,Attributes=0],[Luid=SeRestorePrivilege,Attributes=0],[Luid=SeShutdownPrivilege,Attributes=0],[Luid=SeDebugPrivilege,Attributes=3],[Luid=SeAuditPrivilege,Attributes=3],[Luid=SeSystemEnvironmentPrivilege,Attributes=0],[Luid=SeChangeNotifyPrivilege,Attributes=3],[Luid=SeUndockPrivilege,Attributes=0],[Luid=SeManageVolumePrivilege,Attributes=0],[Luid=SeImpersonatePrivilege,Attributes=3],[Luid=SeCreateGlobalPrivilege,Attributes=3],[Luid=SeIncreaseWorkingSetPrivilege,Attributes=3],[Luid=SeTimeZonePrivilege,Attributes=3],[Luid=SeCreateSymbolicLinkPrivilege,Attributes=3],[Luid=SeDelegateSessionUserImpersonatePrivilege,Attributes=3]]
  362. 2904:1884 10:27:57.967 TraceTokenInformation: class=4(Owner) length=20 [Owner=S-1-5-32-544]
  363. 2904:1884 10:27:57.967 TraceTokenInformation: class=5(PrimaryGroup) length=16 [PrimaryGroup=S-1-5-18]
  364. 2904:1884 10:27:57.967 TraceTokenInformation: class=11(RestrictedSids) length=4 [GroupCount=0]
  365. 2904:1884 10:27:57.967 TraceTokenInformation: class=12(SessionId) length=4 [0(00000000)]
  366. 2904:1884 10:27:57.967 TraceTokenInformation: class=14(SessionReference) length=1 GetInfo fail error=87
  367. 2904:1884 10:27:57.967 TraceTokenInformation: class=15(SandBoxInert) length=4 [0(00000000)]
  368. 2904:1884 10:27:57.967 TraceTokenInformation: class=16(AuditPolicy) length=1 GetInfo fail error=1314
  369. 2904:1884 10:27:57.967 KLeaner is looking in C:\Users\User\AppData\Local\Temp\{688085E2-798F-4A79-A05A-50B50F778617}\jkbasuy1\xsxfr\ for *.ini...
  370. 2904:1884 10:27:57.967 file found: df0.ini
  371. 2904:1884 10:27:57.969 no detect
  372. 2904:1884 10:27:57.969 file found: df1.ini
  373. 2904:1884 10:27:57.972 no detect
  374. 2904:1884 10:27:57.973 file found: df10.ini
  375. 2904:1884 10:27:57.974 no detect
  376. 2904:1884 10:27:57.974 file found: df100.ini
  377. 2904:1884 10:27:57.976 no detect
  378. 2904:1884 10:27:57.976 file found: df101.ini
  379. 2904:1884 10:27:57.978 no detect
  380. 2904:1884 10:27:57.978 file found: df102.ini
  381. 2904:1884 10:27:57.978 This OS is not supported
  382. 2904:1884 10:27:57.978 no detect
  383. 2904:1884 10:27:57.978 file found: df11.ini
  384. 2904:1884 10:27:57.980 This OS is not supported
  385. 2904:1884 10:27:57.980 no detect
  386. 2904:1884 10:27:57.980 file found: df12.ini
  387. 2904:1884 10:27:57.983 This OS is not supported
  388. 2904:1884 10:27:57.983 no detect
  389. 2904:1884 10:27:57.983 file found: df13.ini
  390. 2904:1884 10:27:57.985 no detect
  391. 2904:1884 10:27:57.985 file found: df14.ini
  392. 2904:1884 10:27:57.986 This OS is not supported
  393. 2904:1884 10:27:57.986 no detect
  394. 2904:1884 10:27:57.986 file found: df15.ini
  395. 2904:1884 10:27:57.989 This OS is not supported
  396. 2904:1884 10:27:57.989 no detect
  397. 2904:1884 10:27:57.989 file found: df16.ini
  398. 2904:1884 10:27:57.990 This OS is not supported
  399. 2904:1884 10:27:57.990 no detect
  400. 2904:1884 10:27:57.990 file found: df17.ini
  401. 2904:1884 10:27:57.992 This OS is not supported
  402. 2904:1884 10:27:57.992 no detect
  403. 2904:1884 10:27:57.992 file found: df18.ini
  404. 2904:1884 10:27:57.993 This OS is not supported
  405. 2904:1884 10:27:57.993 no detect
  406. 2904:1884 10:27:57.993 file found: df19.ini
  407. 2904:1884 10:27:57.995 no detect
  408. 2904:1884 10:27:57.995 file found: df2.ini
  409. 2904:1884 10:27:57.997 no detect
  410. 2904:1884 10:27:57.997 file found: df20.ini
  411. 2904:1884 10:27:58.000 no detect
  412. 2904:1884 10:27:58.000 file found: df21.ini
  413. 2904:1884 10:27:58.002 no detect
  414. 2904:1884 10:27:58.002 file found: df22.ini
  415. 2904:1884 10:27:58.005 no detect
  416. 2904:1884 10:27:58.005 file found: df23.ini
  417. 2904:1884 10:27:58.007 no detect
  418. 2904:1884 10:27:58.007 file found: df24.ini
  419. 2904:1884 10:27:58.010 no detect
  420. 2904:1884 10:27:58.010 file found: df25.ini
  421. 2904:1884 10:27:58.012 no detect
  422. 2904:1884 10:27:58.012 file found: df26.ini
  423. 2904:1884 10:27:58.014 no detect
  424. 2904:1884 10:27:58.014 file found: df27.ini
  425. 2904:1884 10:27:58.017 no detect
  426. 2904:1884 10:27:58.017 file found: df28.ini
  427. 2904:1884 10:27:58.020 no detect
  428. 2904:1884 10:27:58.020 file found: df29.ini
  429. 2904:1884 10:27:58.022 no detect
  430. 2904:1884 10:27:58.022 file found: df3.ini
  431. 2904:1884 10:27:58.023 no detect
  432. 2904:1884 10:27:58.023 file found: df30.ini
  433. 2904:1884 10:27:58.025 no detect
  434. 2904:1884 10:27:58.025 file found: df31.ini
  435. 2904:1884 10:27:58.028 no detect
  436. 2904:1884 10:27:58.028 file found: df32.ini
  437. 2904:1884 10:27:58.030 no detect
  438. 2904:1884 10:27:58.031 file found: df33.ini
  439. 2904:1884 10:27:58.031 no detect
  440. 2904:1884 10:27:58.032 file found: df34.ini
  441. 2904:1884 10:27:58.034 no detect
  442. 2904:1884 10:27:58.034 file found: df35.ini
  443. 2904:1884 10:27:58.036 no detect
  444. 2904:1884 10:27:58.036 file found: df36.ini
  445. 2904:1884 10:27:58.038 no detect
  446. 2904:1884 10:27:58.038 file found: df37.ini
  447. 2904:1884 10:27:58.042 no detect
  448. 2904:1884 10:27:58.042 file found: df38.ini
  449. 2904:1884 10:27:58.044 no detect
  450. 2904:1884 10:27:58.045 file found: df39.ini
  451. 2904:1884 10:27:58.047 found Kaspersky Endpoint Security 11.11 for Windows
  452. 2904:1884 10:27:58.047 Processing section env_before_removing...
  453. 2904:1884 10:27:58.047 setup_env: 'env-string-expand-utf' 'HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\settings->ProductSettingsKeyPath'
  454. 2904:1884 10:27:58.047 environment string list
  455. 2904:1884 10:27:58.048 environment: 'ALLUSERSPROFILE=C:\ProgramData'
  456. 2904:1884 10:27:58.048 environment: 'APPDATA=C:\Users\User\AppData\Roaming'
  457. 2904:1884 10:27:58.048 environment: 'CommonProgramFiles=C:\Program Files (x86)\Common Files'
  458. 2904:1884 10:27:58.048 environment: 'CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files'
  459. 2904:1884 10:27:58.048 environment: 'CommonProgramW6432=C:\Program Files\Common Files'
  460. 2904:1884 10:27:58.048 environment: 'COMPUTERNAME=MCB-308-5'
  461. 2904:1884 10:27:58.048 environment: 'ComSpec=C:\WINDOWS\system32\cmd.exe'
  462. 2904:1884 10:27:58.048 environment: 'DriverData=C:\Windows\System32\Drivers\DriverData'
  463. 2904:1884 10:27:58.048 environment: 'HOMEDRIVE=C:'
  464. 2904:1884 10:27:58.048 environment: 'HOMEPATH=\Users\User'
  465. 2904:1884 10:27:58.048 environment: 'LOCALAPPDATA=C:\Users\User\AppData\Local'
  466. 2904:1884 10:27:58.048 environment: 'LOGONSERVER=\\MCB-308-5'
  467. 2904:1884 10:27:58.048 environment: 'MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\'
  468. 2904:1884 10:27:58.048 environment: 'NUMBER_OF_PROCESSORS=4'
  469. 2904:1884 10:27:58.048 environment: 'OneDrive=C:\Users\User\OneDrive'
  470. 2904:1884 10:27:58.048 environment: 'OS=Windows_NT'
  471. 2904:1884 10:27:58.048 environment: 'ParentFolder=D:\'
  472. 2904:1884 10:27:58.048 environment: 'Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\User\AppData\Local\Microsoft\WindowsApps'
  473. 2904:1884 10:27:58.048 environment: 'PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC'
  474. 2904:1884 10:27:58.048 environment: 'PROCESSOR_ARCHITECTURE=x86'
  475. 2904:1884 10:27:58.048 environment: 'PROCESSOR_ARCHITEW6432=AMD64'
  476. 2904:1884 10:27:58.048 environment: 'PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 10, GenuineIntel'
  477. 2904:1884 10:27:58.048 environment: 'PROCESSOR_LEVEL=6'
  478. 2904:1884 10:27:58.048 environment: 'PROCESSOR_REVISION=9e0a'
  479. 2904:1884 10:27:58.048 environment: 'ProductSettingsKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\settings'
  480. 2904:1884 10:27:58.048 environment: 'ProgramData=C:\ProgramData'
  481. 2904:1884 10:27:58.048 environment: 'ProgramFiles=C:\Program Files (x86)'
  482. 2904:1884 10:27:58.048 environment: 'ProgramFiles(x86)=C:\Program Files (x86)'
  483. 2904:1884 10:27:58.048 environment: 'ProgramW6432=C:\Program Files'
  484. 2904:1884 10:27:58.048 environment: 'PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules'
  485. 2904:1884 10:27:58.048 environment: 'PUBLIC=C:\Users\Public'
  486. 2904:1884 10:27:58.048 environment: 'SystemDrive=C:'
  487. 2904:1884 10:27:58.048 environment: 'SystemRoot=C:\WINDOWS'
  488. 2904:1884 10:27:58.048 environment: 'TEMP=C:\Users\User\AppData\Local\Temp'
  489. 2904:1884 10:27:58.048 environment: 'TMP=C:\Users\User\AppData\Local\Temp'
  490. 2904:1884 10:27:58.048 environment: 'USERDOMAIN=MCB-308-5'
  491. 2904:1884 10:27:58.048 environment: 'USERDOMAIN_ROAMINGPROFILE=MCB-308-5'
  492. 2904:1884 10:27:58.048 environment: 'USERNAME=User'
  493. 2904:1884 10:27:58.048 environment: 'USERPROFILE=C:\Users\User'
  494. 2904:1884 10:27:58.048 environment: 'windir=C:\WINDOWS'
  495. 2904:1884 10:27:58.048 environment: '__COMPAT_LAYER=DetectorsAppHealth Installer'
  496. 2904:1884 10:27:58.048 Checking password in ProductSettingsKeyPath...
  497. 2904:1884 10:27:58.048 Password protection on uninstall enabled.
  498. 2904:1884 10:27:58.048 Password is set
  499. 2904:1884 10:27:58.048 removing Kaspersky Endpoint Security 11.11 for Windows...
  500. 2904:1884 10:27:58.048 TraceSystemInfo: Time ticks=850703 ticks64=850703 idle=2918.3281250 kernel=3170.2031250 user=232.4531250
  501. 2904:1884 10:27:58.048 TraceSystemInfo: System oemId=00000009 pageSize=4096 MinAppAddress=00010000 MaxAppAddress=FFFEFFFF ActiveProcessorMask=0000000F NumberOfProcessors=4 ProcessorType=8664 AllocationGranularity=65536 ProcessorLevel=6 ProcessorRevision=40458
  502. 2904:1884 10:27:58.048 TraceSystemInfo: Memory Load=56 Phys=1826340864/4161114112 PageFile=2654265344/4899311616 Virtual=2059661312/2147352576 AvailExtendedVirtual=0
  503. 2904:1884 10:27:58.049 TraceSystemInfo: Performance commit(total=548107,limit=1196121,peak=553504 phis(total=1015897,avail=445884) syscache=457981 kernel(total=91903,paged=53394,nonpaged=38509) page=4096 handles=49124 processes=137 threads=1193
  504. 2904:1884 10:27:58.049 TraceTokenInformation: class=1(User) length=20 [User[Sid=S-1-5-18,Attributes=0]]
  505. 2904:1884 10:27:58.050 TraceTokenInformation: class=2(Groups) length=88 [GroupCount=4,[Sid=S-1-5-32-544,Attributes=E],[Sid=S-1-1-0,Attributes=7],[Sid=S-1-5-11,Attributes=7],[Sid=S-1-16-16384,Attributes=60]]
  506. 2904:1884 10:27:58.052 TraceTokenInformation: class=3(Privileges) length=340 [PrivilegeCount=28,[Luid=SeAssignPrimaryTokenPrivilege,Attributes=0],[Luid=SeLockMemoryPrivilege,Attributes=3],[Luid=SeIncreaseQuotaPrivilege,Attributes=0],[Luid=SeTcbPrivilege,Attributes=3],[Luid=SeSecurityPrivilege,Attributes=0],[Luid=SeTakeOwnershipPrivilege,Attributes=0],[Luid=SeLoadDriverPrivilege,Attributes=0],[Luid=SeSystemProfilePrivilege,Attributes=3],[Luid=SeSystemtimePrivilege,Attributes=0],[Luid=SeProfileSingleProcessPrivilege,Attributes=3],[Luid=SeIncreaseBasePriorityPrivilege,Attributes=3],[Luid=SeCreatePagefilePrivilege,Attributes=3],[Luid=SeCreatePermanentPrivilege,Attributes=3],[Luid=SeBackupPrivilege,Attributes=0],[Luid=SeRestorePrivilege,Attributes=0],[Luid=SeShutdownPrivilege,Attributes=0],[Luid=SeDebugPrivilege,Attributes=3],[Luid=SeAuditPrivilege,Attributes=3],[Luid=SeSystemEnvironmentPrivilege,Attributes=0],[Luid=SeChangeNotifyPrivilege,Attributes=3],[Luid=SeUndockPrivilege,Attributes=0],[Luid=SeManageVolumePrivilege,Attributes=0],[Luid=SeImpersonatePrivilege,Attributes=3],[Luid=SeCreateGlobalPrivilege,Attributes=3],[Luid=SeIncreaseWorkingSetPrivilege,Attributes=3],[Luid=SeTimeZonePrivilege,Attributes=3],[Luid=SeCreateSymbolicLinkPrivilege,Attributes=3],[Luid=SeDelegateSessionUserImpersonatePrivilege,Attributes=3]]
  507. 2904:1884 10:27:58.052 TraceTokenInformation: class=4(Owner) length=20 [Owner=S-1-5-32-544]
  508. 2904:1884 10:27:58.052 TraceTokenInformation: class=5(PrimaryGroup) length=16 [PrimaryGroup=S-1-5-18]
  509. 2904:1884 10:27:58.052 TraceTokenInformation: class=11(RestrictedSids) length=4 [GroupCount=0]
  510. 2904:1884 10:27:58.052 TraceTokenInformation: class=12(SessionId) length=4 [0(00000000)]
  511. 2904:1884 10:27:58.052 TraceTokenInformation: class=14(SessionReference) length=1 GetInfo fail error=87
  512. 2904:1884 10:27:58.052 TraceTokenInformation: class=15(SandBoxInert) length=4 [0(00000000)]
  513. 2904:1884 10:27:58.052 TraceTokenInformation: class=16(AuditPolicy) length=1 GetInfo fail error=1314
  514. 2904:1884 10:27:58.052 adjust_privilege(SeRestorePrivilege)
  515. 2904:1884 10:27:58.052 adjust_privilege(SeBackupPrivilege)
  516. 2904:1884 10:27:58.052 adjusting privileges - OK
  517. 2904:1884 10:27:58.052 Processing section main...
  518. 2904:1884 10:27:58.052 The 'Kaspersky Endpoint Security 11.11 for Windows' has been detected
  519. 2904:1884 10:27:58.052 setup_env: 'name' 'Kaspersky Endpoint Security 11.11 for Windows'
  520. 2904:1884 10:27:58.052 setup_env: action handler not found
  521. 2904:1884 10:27:58.052 setup_env: 'fullname' 'Kaspersky Endpoint Security 11.11 for Windows'
  522. 2904:1884 10:27:58.052 setup_env: action handler not found
  523. 2904:1884 10:27:58.053 setup_env: 'detect-msi' '{BF39B547-8E24-4E11-8179-183B2F7C83EB}'
  524. 2904:1884 10:27:58.053 setup_env: action handler not found
  525. 2904:1884 10:27:58.053 setup_env: 'type' 'uninstall'
  526. 2904:1884 10:27:58.053 setup_env: action handler not found
  527. 2904:1884 10:27:58.053 setup_env: 'uninstallmode' 'custom_support_password'
  528. 2904:1884 10:27:58.053 setup_env: action handler not found
  529. 2904:1884 10:27:58.053 setup_env: 'password-protection-type' 'login_password'
  530. 2904:1884 10:27:58.053 setup_env: action handler not found
  531. 2904:1884 10:27:58.053 setup_env: 'os' 'winnt'
  532. 2904:1884 10:27:58.053 setup_env: action handler not found
  533. 2904:1884 10:27:58.053 setup_env: 'x64' 'by_os'
  534. 2904:1884 10:27:58.053 setup_env: action handler not found
  535. 2904:1884 10:27:58.053 environment string list
  536. 2904:1884 10:27:58.053 environment: 'ALLUSERSPROFILE=C:\ProgramData'
  537. 2904:1884 10:27:58.053 environment: 'APPDATA=C:\Users\User\AppData\Roaming'
  538. 2904:1884 10:27:58.053 environment: 'CommonProgramFiles=C:\Program Files (x86)\Common Files'
  539. 2904:1884 10:27:58.053 environment: 'CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files'
  540. 2904:1884 10:27:58.053 environment: 'CommonProgramW6432=C:\Program Files\Common Files'
  541. 2904:1884 10:27:58.053 environment: 'COMPUTERNAME=MCB-308-5'
  542. 2904:1884 10:27:58.053 environment: 'ComSpec=C:\WINDOWS\system32\cmd.exe'
  543. 2904:1884 10:27:58.053 environment: 'DriverData=C:\Windows\System32\Drivers\DriverData'
  544. 2904:1884 10:27:58.053 environment: 'HOMEDRIVE=C:'
  545. 2904:1884 10:27:58.053 environment: 'HOMEPATH=\Users\User'
  546. 2904:1884 10:27:58.053 environment: 'LOCALAPPDATA=C:\Users\User\AppData\Local'
  547. 2904:1884 10:27:58.053 environment: 'LOGONSERVER=\\MCB-308-5'
  548. 2904:1884 10:27:58.053 environment: 'MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\'
  549. 2904:1884 10:27:58.053 environment: 'NUMBER_OF_PROCESSORS=4'
  550. 2904:1884 10:27:58.053 environment: 'OneDrive=C:\Users\User\OneDrive'
  551. 2904:1884 10:27:58.053 environment: 'OS=Windows_NT'
  552. 2904:1884 10:27:58.053 environment: 'ParentFolder=D:\'
  553. 2904:1884 10:27:58.053 environment: 'Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\User\AppData\Local\Microsoft\WindowsApps'
  554. 2904:1884 10:27:58.053 environment: 'PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC'
  555. 2904:1884 10:27:58.053 environment: 'PROCESSOR_ARCHITECTURE=x86'
  556. 2904:1884 10:27:58.053 environment: 'PROCESSOR_ARCHITEW6432=AMD64'
  557. 2904:1884 10:27:58.053 environment: 'PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 10, GenuineIntel'
  558. 2904:1884 10:27:58.053 environment: 'PROCESSOR_LEVEL=6'
  559. 2904:1884 10:27:58.053 environment: 'PROCESSOR_REVISION=9e0a'
  560. 2904:1884 10:27:58.053 environment: 'ProgramData=C:\ProgramData'
  561. 2904:1884 10:27:58.053 environment: 'ProgramFiles=C:\Program Files (x86)'
  562. 2904:1884 10:27:58.053 environment: 'ProgramFiles(x86)=C:\Program Files (x86)'
  563. 2904:1884 10:27:58.053 environment: 'ProgramW6432=C:\Program Files'
  564. 2904:1884 10:27:58.053 environment: 'PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules'
  565. 2904:1884 10:27:58.053 environment: 'PUBLIC=C:\Users\Public'
  566. 2904:1884 10:27:58.053 environment: 'SystemDrive=C:'
  567. 2904:1884 10:27:58.053 environment: 'SystemRoot=C:\WINDOWS'
  568. 2904:1884 10:27:58.053 environment: 'TEMP=C:\Users\User\AppData\Local\Temp'
  569. 2904:1884 10:27:58.053 environment: 'TMP=C:\Users\User\AppData\Local\Temp'
  570. 2904:1884 10:27:58.053 environment: 'USERDOMAIN=MCB-308-5'
  571. 2904:1884 10:27:58.053 environment: 'USERDOMAIN_ROAMINGPROFILE=MCB-308-5'
  572. 2904:1884 10:27:58.053 environment: 'USERNAME=User'
  573. 2904:1884 10:27:58.053 environment: 'USERPROFILE=C:\Users\User'
  574. 2904:1884 10:27:58.053 environment: 'windir=C:\WINDOWS'
  575. 2904:1884 10:27:58.053 environment: '__COMPAT_LAYER=DetectorsAppHealth Installer'
  576. 2904:1884 10:27:58.053 context: RemoveKLSelfDefense=1, x64=1, ProductIdX64=1, selfDefenseAction=0, extensionLevel=0
  577. 2904:1884 10:27:58.053 Processing section script...
  578. 2904:1884 10:27:58.053 start script::process
  579. 2904:1884 10:27:58.053 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  580. 2904:1884 10:27:58.053 OriginalDLL: value missing, err 2
  581. 2904:1884 10:27:58.053 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  582. 2904:1884 10:27:58.053 OriginalDLL: value missing, err 2
  583. 2904:1884 10:27:58.053 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  584. 2904:1884 10:27:58.053 OriginalDLL: value missing, err 2
  585. 2904:1884 10:27:58.053 RegSvr32Dll
  586. 2904:1884 10:27:58.108 RegSvr32Dll CreateProcess ret=1 code=0
  587. 2904:1884 10:27:58.108 RegSvr32Dll WaitProcess h=0x00000398 pid=3384
  588. 2904:1884 10:27:58.195 RegSvr32Dll WaitProcess ret=0
  589. 2904:1884 10:27:58.195 RegSvr32Dll
  590. 2904:1884 10:27:58.201 RegSvr32Dll CreateProcess ret=1 code=0
  591. 2904:1884 10:27:58.201 RegSvr32Dll WaitProcess h=0x00000390 pid=5172
  592. 2904:1884 10:27:58.220 RegSvr32Dll WaitProcess ret=0
  593. 2904:1884 10:27:58.227 extracting resource to 'C:\Users\User\AppData\Local\Temp\actFBBB.tmp'...
  594. 2904:1884 10:27:58.228 Resource (404800 bytes) successfully dumped
  595. 2904:1884 10:27:58.228 cmdline: '"C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"'
  596. 2904:1884 10:27:58.228 running utility...
  597. 2904:1884 10:27:58.438 x64 utility run (exit code = 2), cmd: "C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"
  598. 2904:1884 10:27:58.438 ------Utility Stdout v ---
  599. 6792:0abc 10:27:58.329 64-bit utility started, params: 'remove vbs param'
  600. 6792:0abc 10:27:58.329 Command detected: restore original DLLs for VBS
  601. 6792:0abc 10:27:58.329 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  602. 6792:0abc 10:27:58.329 OriginalDLL: value missing, err 2
  603. 6792:0abc 10:27:58.329 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  604. 6792:0abc 10:27:58.329 OriginalDLL: value missing, err 2
  605. 6792:0abc 10:27:58.329 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  606. 6792:0abc 10:27:58.329 OriginalDLL: value missing, err 2
  607. 6792:0abc 10:27:58.329 RegSvr32Dll
  608. 6792:0abc 10:27:58.348 RegSvr32Dll CreateProcess ret=1 code=0
  609. 6792:0abc 10:27:58.348 RegSvr32Dll WaitProcess h=0x00000184 pid=4320
  610. 6792:0abc 10:27:58.417 RegSvr32Dll WaitProcess ret=0
  611. 6792:0abc 10:27:58.417 RegSvr32Dll
  612. 6792:0abc 10:27:58.421 RegSvr32Dll CreateProcess ret=1 code=0
  613. 6792:0abc 10:27:58.421 RegSvr32Dll WaitProcess h=0x00000180 pid=4456
  614. 6792:0abc 10:27:58.436 RegSvr32Dll WaitProcess ret=0
  615. 6792:0abc 10:27:58.436 64-bit utility finished, return code = 2
  616. 2904:1884 10:27:58.438 ------Utility Stdout ^ ---
  617. 2904:1884 10:27:58.438 Utility Stderr is empty
  618. 2904:1884 10:27:58.438 Module.Init(cleanapi.dll=00000000)
  619. 2904:1884 10:27:58.438 creating kleaner host object...
  620. 2904:1884 10:27:58.490 creating ActiveScriptSite...
  621. 2904:1884 10:27:58.661 parsing script...
  622. 2904:1884 10:27:58.663 execute script...
  623. 2904:1884 10:27:58.663 detect FDE...
  624. 2904:1884 10:27:58.719 GetEncryptedDiskCountKES return 0. Continue processing.
  625. 2904:1884 10:27:58.731 script execution finished
  626. 2904:1884 10:27:58.731 end script::process
  627. 2904:1884 10:27:58.731 Processing section environment...
  628. 2904:1884 10:27:58.731 setup_env: 'env-string' 'Kaspersky Endpoint Security for Windows->DefaultProductName'
  629. 2904:1884 10:27:58.731 apply_local_context_command: 'local.x64' 'false'
  630. 2904:1884 10:27:58.731 setup_env: 'env-string-expand-utf' '%ProgramFiles%\Kaspersky Lab\Kaspersky Endpoint Security for Windows->DefaultProductRoot'
  631. 2904:1884 10:27:58.731 setup_env: 'env-registry-utf' 'HKEY_LOCAL_MACHINE\software\KasperskyLab\protected\KES.21.8\environment\ProductRoot->InstDir'
  632. 2904:1884 10:27:58.731 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\environment\DataRoot->BasesDir'
  633. 2904:1884 10:27:58.731 setup_env: 'env-registry-utf' 'HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES.21.8\environment\ProductName->ProductName'
  634. 2904:1884 10:27:58.731 setup_env: 'env-registry-utf' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir->CommonFilesDir'
  635. 2904:1884 10:27:58.731 setup_env: 'env-string' '{BF39B547-8E24-4E11-8179-183B2F7C83EB}->InstallUid'
  636. 2904:1884 10:27:58.731 setup_env: 'env-registry-utf' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF39B547-8E24-4E11-8179-183B2F7C83EB}\InstallLocation->InstallerUserDataInstallLocation'
  637. 2904:1884 10:27:58.731 setup_env: 'env-registry' 'HKEY_CLASSES_ROOT\Installer\Products\745B93FB42E811E4189781B3F2C738BE\ProductName->InstallerProductName'
  638. 2904:1884 10:27:58.732 setup_env: 'env-string' '745B93FB42E811E4189781B3F2C738BE->ProductId'
  639. 2904:1884 10:27:58.732 setup_env: 'env-string' '25EB107917D5AED46B14CA321C56A2DB->UpgradeCodeCompressed'
  640. 2904:1884 10:27:58.732 setup_env: 'env-string' '{9701BE52-5D71-4DEA-B641-AC23C1652ABD}->UpgradeCodeId'
  641. 2904:1884 10:27:58.732 apply_local_context_command: 'local.x64' 'default'
  642. 2904:1884 10:27:58.732 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\Path->OutlookPathNative'
  643. 2904:1884 10:27:58.732 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir->CommonPrograms'
  644. 2904:1884 10:27:58.732 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)->CommonProgramsX86'
  645. 2904:1884 10:27:58.732 apply_local_context_command: 'local.x64' 'false'
  646. 2904:1884 10:27:58.732 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData->AppDataFolder'
  647. 2904:1884 10:27:58.732 setup_env: 'env-registry' 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\Path->OutlookPathWow'
  648. 2904:1884 10:27:58.732 environment string list
  649. 2904:1884 10:27:58.732 environment: 'ALLUSERSPROFILE=C:\ProgramData'
  650. 2904:1884 10:27:58.732 environment: 'APPDATA=C:\Users\User\AppData\Roaming'
  651. 2904:1884 10:27:58.732 environment: 'AppDataFolder=C:\ProgramData'
  652. 2904:1884 10:27:58.732 environment: 'BasesDir=C:\ProgramData\Kaspersky Lab\KES.21.8'
  653. 2904:1884 10:27:58.732 environment: 'CommonFilesDir=C:\Program Files (x86)\Common Files'
  654. 2904:1884 10:27:58.732 environment: 'CommonProgramFiles=C:\Program Files (x86)\Common Files'
  655. 2904:1884 10:27:58.732 environment: 'CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files'
  656. 2904:1884 10:27:58.732 environment: 'CommonPrograms=C:\Program Files\Common Files'
  657. 2904:1884 10:27:58.732 environment: 'CommonProgramsX86=C:\Program Files (x86)\Common Files'
  658. 2904:1884 10:27:58.732 environment: 'CommonProgramW6432=C:\Program Files\Common Files'
  659. 2904:1884 10:27:58.732 environment: 'COMPUTERNAME=MCB-308-5'
  660. 2904:1884 10:27:58.732 environment: 'ComSpec=C:\WINDOWS\system32\cmd.exe'
  661. 2904:1884 10:27:58.732 environment: 'DefaultProductName=Kaspersky Endpoint Security for Windows'
  662. 2904:1884 10:27:58.732 environment: 'DefaultProductRoot=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows'
  663. 2904:1884 10:27:58.732 environment: 'DriverData=C:\Windows\System32\Drivers\DriverData'
  664. 2904:1884 10:27:58.732 environment: 'HOMEDRIVE=C:'
  665. 2904:1884 10:27:58.732 environment: 'HOMEPATH=\Users\User'
  666. 2904:1884 10:27:58.732 environment: 'InstallerProductName=Kaspersky Endpoint Security для Windows'
  667. 2904:1884 10:27:58.732 environment: 'InstallerUserDataInstallLocation=C:\Program Files (x86)\Kaspersky Lab\KES.11.11.0\'
  668. 2904:1884 10:27:58.732 environment: 'InstallUid={BF39B547-8E24-4E11-8179-183B2F7C83EB}'
  669. 2904:1884 10:27:58.732 environment: 'InstDir=C:\Program Files (x86)\Kaspersky Lab\KES.11.11.0'
  670. 2904:1884 10:27:58.732 environment: 'LOCALAPPDATA=C:\Users\User\AppData\Local'
  671. 2904:1884 10:27:58.732 environment: 'LOGONSERVER=\\MCB-308-5'
  672. 2904:1884 10:27:58.732 environment: 'MOZ_PLUGIN_PATH=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\'
  673. 2904:1884 10:27:58.732 environment: 'NUMBER_OF_PROCESSORS=4'
  674. 2904:1884 10:27:58.732 environment: 'OneDrive=C:\Users\User\OneDrive'
  675. 2904:1884 10:27:58.732 environment: 'OS=Windows_NT'
  676. 2904:1884 10:27:58.732 environment: 'OutlookPathNative=C:\Program Files\Microsoft Office\Root\Office16\'
  677. 2904:1884 10:27:58.732 environment: 'OutlookPathWow=C:\Program Files\Microsoft Office\Root\Office16\'
  678. 2904:1884 10:27:58.732 environment: 'ParentFolder=D:\'
  679. 2904:1884 10:27:58.732 environment: 'Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\User\AppData\Local\Microsoft\WindowsApps'
  680. 2904:1884 10:27:58.732 environment: 'PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC'
  681. 2904:1884 10:27:58.732 environment: 'PROCESSOR_ARCHITECTURE=x86'
  682. 2904:1884 10:27:58.732 environment: 'PROCESSOR_ARCHITEW6432=AMD64'
  683. 2904:1884 10:27:58.732 environment: 'PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 10, GenuineIntel'
  684. 2904:1884 10:27:58.732 environment: 'PROCESSOR_LEVEL=6'
  685. 2904:1884 10:27:58.732 environment: 'PROCESSOR_REVISION=9e0a'
  686. 2904:1884 10:27:58.732 environment: 'ProductId=745B93FB42E811E4189781B3F2C738BE'
  687. 2904:1884 10:27:58.732 environment: 'ProductName=Kaspersky Endpoint Security для Windows'
  688. 2904:1884 10:27:58.732 environment: 'ProgramData=C:\ProgramData'
  689. 2904:1884 10:27:58.732 environment: 'ProgramFiles=C:\Program Files (x86)'
  690. 2904:1884 10:27:58.732 environment: 'ProgramFiles(x86)=C:\Program Files (x86)'
  691. 2904:1884 10:27:58.732 environment: 'ProgramW6432=C:\Program Files'
  692. 2904:1884 10:27:58.732 environment: 'PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules'
  693. 2904:1884 10:27:58.732 environment: 'PUBLIC=C:\Users\Public'
  694. 2904:1884 10:27:58.732 environment: 'SystemDrive=C:'
  695. 2904:1884 10:27:58.732 environment: 'SystemRoot=C:\WINDOWS'
  696. 2904:1884 10:27:58.732 environment: 'TEMP=C:\Users\User\AppData\Local\Temp'
  697. 2904:1884 10:27:58.732 environment: 'TMP=C:\Users\User\AppData\Local\Temp'
  698. 2904:1884 10:27:58.732 environment: 'UpgradeCodeCompressed=25EB107917D5AED46B14CA321C56A2DB'
  699. 2904:1884 10:27:58.732 environment: 'UpgradeCodeId={9701BE52-5D71-4DEA-B641-AC23C1652ABD}'
  700. 2904:1884 10:27:58.732 environment: 'USERDOMAIN=MCB-308-5'
  701. 2904:1884 10:27:58.732 environment: 'USERDOMAIN_ROAMINGPROFILE=MCB-308-5'
  702. 2904:1884 10:27:58.732 environment: 'USERNAME=User'
  703. 2904:1884 10:27:58.732 environment: 'USERPROFILE=C:\Users\User'
  704. 2904:1884 10:27:58.732 environment: 'windir=C:\WINDOWS'
  705. 2904:1884 10:27:58.732 environment: '__COMPAT_LAYER=DetectorsAppHealth Installer'
  706. 2904:1884 10:27:58.732 Processing section script...
  707. 2904:1884 10:27:58.732 start script::process
  708. 2904:1884 10:27:58.732 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  709. 2904:1884 10:27:58.733 OriginalDLL: value missing, err 2
  710. 2904:1884 10:27:58.733 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  711. 2904:1884 10:27:58.733 OriginalDLL: value missing, err 2
  712. 2904:1884 10:27:58.733 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  713. 2904:1884 10:27:58.733 OriginalDLL: value missing, err 2
  714. 2904:1884 10:27:58.733 RegSvr32Dll
  715. 2904:1884 10:27:58.738 RegSvr32Dll CreateProcess ret=1 code=0
  716. 2904:1884 10:27:58.738 RegSvr32Dll WaitProcess h=0x00000474 pid=5824
  717. 2904:1884 10:27:58.759 RegSvr32Dll WaitProcess ret=0
  718. 2904:1884 10:27:58.759 RegSvr32Dll
  719. 2904:1884 10:27:58.768 RegSvr32Dll CreateProcess ret=1 code=0
  720. 2904:1884 10:27:58.768 RegSvr32Dll WaitProcess h=0x000004D4 pid=3292
  721. 2904:1884 10:27:58.791 RegSvr32Dll WaitProcess ret=0
  722. 2904:1884 10:27:58.791 cmdline: '"C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"'
  723. 2904:1884 10:27:58.791 running utility...
  724. 2904:1884 10:27:58.927 x64 utility run (exit code = 2), cmd: "C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"
  725. 2904:1884 10:27:58.927 ------Utility Stdout v ---
  726. 2708:1238 10:27:58.883 64-bit utility started, params: 'remove vbs param'
  727. 2708:1238 10:27:58.883 Command detected: restore original DLLs for VBS
  728. 2708:1238 10:27:58.883 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  729. 2708:1238 10:27:58.883 OriginalDLL: value missing, err 2
  730. 2708:1238 10:27:58.883 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  731. 2708:1238 10:27:58.883 OriginalDLL: value missing, err 2
  732. 2708:1238 10:27:58.883 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  733. 2708:1238 10:27:58.883 OriginalDLL: value missing, err 2
  734. 2708:1238 10:27:58.883 RegSvr32Dll
  735. 2708:1238 10:27:58.887 RegSvr32Dll CreateProcess ret=1 code=0
  736. 2708:1238 10:27:58.887 RegSvr32Dll WaitProcess h=0x00000180 pid=1040
  737. 2708:1238 10:27:58.901 RegSvr32Dll WaitProcess ret=0
  738. 2708:1238 10:27:58.901 RegSvr32Dll
  739. 2708:1238 10:27:58.906 RegSvr32Dll CreateProcess ret=1 code=0
  740. 2708:1238 10:27:58.906 RegSvr32Dll WaitProcess h=0x000000B4 pid=5432
  741. 2708:1238 10:27:58.924 RegSvr32Dll WaitProcess ret=0
  742. 2708:1238 10:27:58.924 64-bit utility finished, return code = 2
  743. 2904:1884 10:27:58.927 ------Utility Stdout ^ ---
  744. 2904:1884 10:27:58.927 Utility Stderr is empty
  745. 2904:1884 10:27:58.927 creating kleaner host object...
  746. 2904:1884 10:27:58.928 creating ActiveScriptSite...
  747. 2904:1884 10:27:58.933 parsing script...
  748. 2904:1884 10:27:58.933 execute script...
  749. 2904:1884 10:27:58.974 script execution finished
  750. 2904:1884 10:27:58.976 end script::process
  751. 2904:1884 10:27:58.976 Processing section script...
  752. 2904:1884 10:27:58.976 start script::process
  753. 2904:1884 10:27:58.976 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  754. 2904:1884 10:27:58.976 OriginalDLL: value missing, err 2
  755. 2904:1884 10:27:58.976 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  756. 2904:1884 10:27:58.976 OriginalDLL: value missing, err 2
  757. 2904:1884 10:27:58.976 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  758. 2904:1884 10:27:58.976 OriginalDLL: value missing, err 2
  759. 2904:1884 10:27:58.976 RegSvr32Dll
  760. 2904:1884 10:27:58.986 RegSvr32Dll CreateProcess ret=1 code=0
  761. 2904:1884 10:27:58.986 RegSvr32Dll WaitProcess h=0x000004D8 pid=1380
  762. 2904:1884 10:27:59.012 RegSvr32Dll WaitProcess ret=0
  763. 2904:1884 10:27:59.012 RegSvr32Dll
  764. 2904:1884 10:27:59.018 RegSvr32Dll CreateProcess ret=1 code=0
  765. 2904:1884 10:27:59.019 RegSvr32Dll WaitProcess h=0x000004F8 pid=4384
  766. 2904:1884 10:27:59.041 RegSvr32Dll WaitProcess ret=0
  767. 2904:1884 10:27:59.041 cmdline: '"C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"'
  768. 2904:1884 10:27:59.041 running utility...
  769. 2904:1884 10:27:59.110 x64 utility run (exit code = 2), cmd: "C:\Users\User\AppData\Local\Temp\actFBBB.tmp" remove vbs "param"
  770. 2904:1884 10:27:59.110 ------Utility Stdout v ---
  771. 6360:00e4 10:27:59.066 64-bit utility started, params: 'remove vbs param'
  772. 6360:00e4 10:27:59.066 Command detected: restore original DLLs for VBS
  773. 6360:00e4 10:27:59.066 OriginalDLL: try restore {B54F3741-5B07-11cf-A4B0-00AA004A55E8}
  774. 6360:00e4 10:27:59.066 OriginalDLL: value missing, err 2
  775. 6360:00e4 10:27:59.066 OriginalDLL: try restore {B54F3742-5B07-11cf-A4B0-00AA004A55E8}
  776. 6360:00e4 10:27:59.066 OriginalDLL: value missing, err 2
  777. 6360:00e4 10:27:59.066 OriginalDLL: try restore {B54F3743-5B07-11cf-A4B0-00AA004A55E8}
  778. 6360:00e4 10:27:59.066 OriginalDLL: value missing, err 2
  779. 6360:00e4 10:27:59.066 RegSvr32Dll
  780. 6360:00e4 10:27:59.070 RegSvr32Dll CreateProcess ret=1 code=0
  781. 6360:00e4 10:27:59.070 RegSvr32Dll WaitProcess h=0x0000017C pid=6244
  782. 6360:00e4 10:27:59.085 RegSvr32Dll WaitProcess ret=0
  783. 6360:00e4 10:27:59.085 RegSvr32Dll
  784. 6360:00e4 10:27:59.091 RegSvr32Dll CreateProcess ret=1 code=0
  785. 6360:00e4 10:27:59.091 RegSvr32Dll WaitProcess h=0x00000178 pid=5256
  786. 6360:00e4 10:27:59.108 RegSvr32Dll WaitProcess ret=0
  787. 6360:00e4 10:27:59.108 64-bit utility finished, return code = 2
  788. 2904:1884 10:27:59.110 ------Utility Stdout ^ ---
  789. 2904:1884 10:27:59.110 Utility Stderr is empty
  790. 2904:1884 10:27:59.110 creating kleaner host object...
  791. 2904:1884 10:27:59.111 creating ActiveScriptSite...
  792. 2904:1884 10:27:59.114 parsing script...
  793. 2904:1884 10:27:59.115 execute script...
  794. 2904:1884 10:27:59.268 ->Script Begin
  795. 2904:1884 10:27:59.268 (+) SEARCHING NECESSARY DIRECTORIES
  796. 2904:1884 10:27:59.268 ->Check if previous version of KES installed
  797. 2904:1884 10:27:59.626 Bases: C:\ProgramData\Kaspersky Lab\KES.21.8
  798. 2904:1884 10:27:59.626 BasesRoot: C:\ProgramData\Kaspersky Lab
  799. 2904:1884 10:27:59.626 Check ProductName
  800. 2904:1884 10:27:59.626 ProductName: Kaspersky Endpoint Security для Windows
  801. 2904:1884 10:27:59.626 Check InstallLocation
  802. 2904:1884 10:27:59.626 Try use InstDir='C:\Program Files (x86)\Kaspersky Lab\KES.11.11.0'
  803. 2904:1884 10:27:59.626 InstallLocation: C:\Program Files (x86)\Kaspersky Lab\KES.11.11.0
  804. 2904:1884 10:27:59.627 RootFolder: C:\Program Files (x86)\Kaspersky Lab
  805. 2904:1884 10:27:59.627 MainExePath: C:\Program Files (x86)\Kaspersky Lab\KES.11.11.0\avp.exe
  806. 2904:1884 10:27:59.633 CommonProgs: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
  807. 2904:1884 10:27:59.641 ProgramsFolder:
  808. 2904:1884 10:27:59.641 (+) SEARCH KLIM
  809. 2904:1884 10:27:59.657 +++++ KAVREMOVER IN PROCESS +++++
  810. 2904:1884 10:27:59.657 ->> Unregister dlls before msiexec
  811. 2904:1884 10:27:59.657 Processing section execute_before_msi...
  812. 2904:1884 10:27:59.657 (+) TRY TO RUN MSIEXEC
  813. 2904:1884 10:27:59.657 (+) TRY TO RUN MSIEXEC
  814. 2904:1884 10:27:59.657 InstallUid:
  815. 2904:1884 10:27:59.658 InstallUid: {BF39B547-8E24-4E11-8179-183B2F7C83EB}
  816. 2904:1884 10:29:15.127 ->WrongPasswdDetected: Истина
  817. 2904:1884 10:29:15.127 Removing canceled. Reason: 1002 ("wrong or empty MSI password").
  818. 2904:1884 10:29:15.127 CKLeanerHost::CancelProcessing
  819. 2904:1884 10:29:15.140 Ошибка выполнения Microsoft VBScript
  820. 2904:1884 10:29:15.140 Деление на 0
  821. 2904:1884 10:29:15.140 error: script error at line 215
  822. 2904:1884 10:29:15.140 script execution finished
  823. 2904:1884 10:29:15.140 end script::process
  824. 2904:1884 10:29:15.140 Removing cancelled
  825. 2904:1884 10:29:15.140 KLeaner deinitialized
  826. 2904:1884 10:29:15.140 Stopping shutdown detector...
  827. 2904:1884 10:29:15.140 Waiting for watch thread stop...
  828. 2904:0c90 10:29:15.140 Watch thread finished
  829. 2904:1884 10:29:15.141 Watch thread was stopped
  830. 2904:1884 10:29:15.141 RestoreSystemEnvironment
  831. 2904:1884 10:29:15.141 Set environment from string...
  832. 2904:1884 10:29:15.141 change_current_enviroment start
  833. 2904:1884 10:29:15.142 Server free
  834. 2904:1200 10:30:53.292 RestoreSystemEnvironment
  835. 2904:1200 10:30:53.292 It has no dumped system environment
  836. 2904:1b74 10:30:53.292 Removing ini files...
  837. 2904:16e0 10:30:53.577 Error = 0, return code = 1718
  838. 2904:16e0 10:30:53.577 Cannot register serviceCtrlHandler
  839. 2904:1b74 10:30:53.577 Stopping server...
  840.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!