script ver. 2025.02.05
File name: AVdsbr.exe
Start-up time: 2025.04.16-21:13:49
Launched from: E:\AV_block_remover\
System: x64 Windows 10 Pro
Build number: 19045
AVBr has been run with local Administrator rights.
Elevation of privileges of rights is successful.
System booted up in Normal Mode.
Last update was on: 2025.04.16
Current date is: 2025.04.16
Current version is: 2025.04.16
Script running will be continued after 20 seconds.
C:\ProgramData\ReaItekHD\ - Exists
C:\ProgramData\BookManager\ - Exists
C:\ProgramData\FingerPrint\ - Exists
C:\ProgramData\Microsoft\Check\ - Exists
C:\ProgramData\Microsoft\Intel\ - Exists
C:\ProgramData\Microsoft\temp\ - Exists
C:\ProgramData\PuzzleMedia\ - Exists
C:\ProgramData\RobotDemo\ - Exists
C:\ProgramData\RunDLL\ - Exists
C:\ProgramData\Setup\ - Exists
C:\ProgramData\System32\ - Exists
C:\ProgramData\Windows Tasks Service\ - Exists
C:\ProgramData\WindowsTask\ - Exists
C:\ProgramData\install\ - Exists
C:\ProgramData\microsoft\clr_optimization_v4.0.30318_64\ - Exists
C:\Users\Светик\AppData\Roaming\RMS_settings\ - Exists
C:\Users\Светик\AppData\Roaming\Sysfiles\ - Exists
C:\Program Files\Internet Explorer\bin\ - Exists
C:\Program Files\RDP Wrapper\ - Exists
C:\WINDOWS\Fonts\Mysql\ - Exists
C:\WINDOWS\speechstracing\ - Exists
C:\ProgramData\360safe\ - Exists
C:\ProgramData\AVAST Software\ - Exists
C:\ProgramData\Avira\ - Exists
C:\ProgramData\Doctor Web\ - Exists
C:\ProgramData\ESET\ - Exists
C:\ProgramData\Evernote\ - Exists
C:\ProgramData\grizzly\ - Exists
C:\ProgramData\Kaspersky Lab Setup Files\ - Exists
C:\ProgramData\Kaspersky Lab\ - Exists
C:\ProgramData\Malwarebytes\ - Exists
C:\ProgramData\MB3Install\ - Exists
C:\ProgramData\McAfee\ - Exists
C:\ProgramData\Norton\ - Exists
Run an application takeown.exe /f "C:\ProgramData\Norton" /A /r /d y
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton" /reset /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton" /grant *S-1-5-32-545:RX /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton" /grant *S-1-5-32-544:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton" /grant *S-1-5-18:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton" /grant *S-1-5-11:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\ProgramData\Norton\*" /reset /T /C /L
Exit code = 0
C:\ProgramData\princeton-produce\ - Exists
C:\ProgramData\WavePad\ - Exists
C:\Program Files\AVAST Software\ - Exists
C:\Program Files\AVG\ - Exists
C:\Program Files\Bitdefender Agent\ - Exists
C:\Program Files\ByteFence\ - Exists
C:\Program Files\Cezurity\ - Exists
C:\Program Files\Common Files\AV\ - Exists
C:\Program Files\Common Files\Doctor Web\ - Exists
C:\Program Files\Common Files\McAfee\ - Exists
C:\Program Files\COMODO\ - Exists
C:\Program Files\CPUID\HWMonitor\ - Exists
C:\Program Files\DrWeb\ - Exists
C:\Program Files\Enigma Software Group\ - Exists
C:\Program Files\EnigmaSoft\ - Exists
C:\Program Files\ESET\ - Exists
C:\Program Files\Google\Chrome\ - Exists
Run an application takeown.exe /f "C:\Program Files\Google\Chrome" /A /r /d y
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /reset /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-5-32-545:RX /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-5-32-544:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-5-18:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-5-11:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-15-2-1:(OI)(CI)RX /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome" /grant *S-1-15-2-2:(OI)(CI)RX /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files\Google\Chrome\*" /reset /T /C /L
Exit code = 0
C:\Program Files\HitmanPro\ - Exists
C:\Program Files\Kaspersky Lab\ - Exists
C:\Program Files\Loaris Trojan Remover\ - Exists
C:\Program Files\Malwarebytes\ - Exists
C:\Program Files\NETGATE\ - Exists
C:\Program Files\Process Hacker 2\ - Exists
C:\Program Files\Process Lasso\ - Exists
C:\Program Files\QuickCPU\ - Exists
C:\Program Files\Rainmeter\ - Exists
C:\Program Files\Ravantivirus\ - Exists
C:\Program Files\ReasonLabs\ - Exists
C:\Program Files\RogueKiller\ - Exists
C:\Program Files\SpyHunter\ - Exists
C:\Program Files\SUPERAntiSpyware\ - Exists
C:\Program Files\Transmission\ - Exists
C:\Program Files (x86)\360\ - Exists
C:\Program Files (x86)\AVAST Software\ - Exists
C:\Program Files (x86)\AVG\ - Exists
C:\Program Files (x86)\Cezurity\ - Exists
C:\Program Files (x86)\GPU Temp\ - Exists
C:\Program Files (x86)\GRIZZLY Antivirus\ - Exists
C:\Program Files (x86)\IObit\Advanced SystemCare\ - Exists
C:\Program Files (x86)\IObit\IObit Malware Fighter\ - Exists
C:\Program Files (x86)\Kaspersky Lab\ - Exists
C:\Program Files (x86)\Microsoft JDX\ - Exists
C:\Program Files (x86)\Moo0\ - Exists
C:\Program Files (x86)\MSI\MSI Center\ - Exists
C:\Program Files (x86)\Panda Security\ - Exists
C:\Program Files (x86)\SpeedFan\ - Exists
Run an application takeown.exe /f "C:\Program Files (x86)\SpeedFan" /A /r /d y
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /reset /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-545:RX /C /L /inheritance:r
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-32-544:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-18:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-5-11:(OI)(CI)F /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-1:(OI)(CI)RX /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan" /grant *S-1-15-2-2:(OI)(CI)RX /C /L
Exit code = 0
Run an application icacls.exe "C:\Program Files (x86)\SpeedFan\*" /reset /T /C /L
Exit code = 0
C:\Program Files (x86)\SpyHunter\ - Exists
C:\Program Files (x86)\Transmission\ - Exists
C:\Program Files (x86)\Wise\ - Exists
C:\AdwCleaner\ - Exists
C:\FRST\ - Exists
C:\KVRT2020_Data\ - Exists
C:\KVRT_Data\ - Exists
C:\_MinerSearchLogs\ - Exists
C:\Users\Светик\Desktop\AutoLogger\ - Exists
C:\Users\Светик\Desktop\AV_block_remover\ - Exists
C:\Users\Светик\Downloads\AutoLogger\ - Exists
C:\Users\Светик\Downloads\AV_block_remover\ - Exists
C:\Program Files\7-Zip\ - Exists
C:\Program Files\CPUID\ - Exists
C:\Program Files\Google\ - Exists
C:\Program Files (x86)\Google\ - Exists
C:\Program Files (x86)\IObit\ - Exists
C:\Program Files (x86)\MSI\ - Exists
HKEY_USERS\S-1-5-21-2025111457-2542931633-2603457532-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun - Exists
Create SWPRV service:
[SC] CreateService: успех
Exit code = 0
[SC] ChangeServiceConfig2: успех
Exit code = 0
SOFTWARE\tektonit\ - deleted
PowerShellVersion: 5.1.19041.1
Starting the export of Applocker policies.
Exit code = 0

Windows Defender settings are reset.

Notification area tooltips enabling (default state).

Returning the Windows notification center to default state (enabled).

HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications|DisableNotifications - deleting.

Enabling the security notifications of Windows applications.
DisableAntiSpyware = -1
DisableAntiVirus = -1
WDE key missing.
iTamperProtection = 0
[!] Tamper Protection is turned off. Please turn it on by this manual: https://safezone.cc/threads/42659/
Export firewall rules.
Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows\rutserv.exe"
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\Windows Tasks Service\winserv.exe"
Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AppModule.exe"

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name=all program="C:\ProgramData\WindowsTask\AMD.exe"
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Remote Desktop" protocol=tcp localport=3389

Удалены правила: 1.
ОК.

Exit code = 0
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=139

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=tcp localport=445

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=139

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Block" protocol=udp localport=445

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=139
Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=tcp localport=445

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=139

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="Port Blocking" protocol=udp localport=445

Ни одно правило не соответствует указанным критериям.

Exit code = 1
Run an application netsh.exe advfirewall firewall delete rule name="allow RDP" protocol=tcp localport=3389

Ни одно правило не соответствует указанным критериям.

Exit code = 1
User John exists.
John delete return code  = 0
Hosts file MD5 = "AA3FCEBD580483D506198955461E6FAD"
Hosts reset selected.
Registry search of AV blocked signatures.
GRM = 3
Now the computer will be rebooted.
===================================================================================
The following logs were found in folder after previous runs of AVbr:
AV_block_remove_2025.04.16-21.13.log