# Scan-Kaspersky.ps1# Checks for Kaspersky products in registry, services, and

1. # Scan-Kaspersky.ps1
2. # Checks for Kaspersky products in registry, services, and drivers
3. # Output: results to screen and to a UTF-8 text file
4.  
5. $Date = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
6. $LogFile = "C:\Temp\Kaspersky_Detect_$Date.txt"
7.  
8. # Ensure output folder exists
9. if (-not (Test-Path "C:\Temp")) {
10. New-Item -Path "C:\Temp" -ItemType Directory | Out-Null
11. }
12.  
13. # Function to write results
14. function Write-Result {
15. param([string]$Message)
16. $Message | Tee-Object -FilePath $LogFile -Append
17. }
18.  
19. Write-Result "==== Kaspersky Detection Report ===="
20. Write-Result "Run Time: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
21. Write-Result ""
22.  
23. # --- 1. Registry Uninstall Keys ---
24. $UninstallPaths = @(
25. "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",
26. "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
27. )
28.  
29. foreach ($path in $UninstallPaths) {
30. if (Test-Path $path) {
31. Get-ChildItem $path | ForEach-Object {
32. $dispName = (Get-ItemProperty $_.PsPath).DisplayName -ErrorAction SilentlyContinue
33. if ($dispName -and $dispName -match "Kaspersky") {
34. Write-Result "Registry Product: $dispName"
35. Write-Result " Key: $($_.Name)"
36. Write-Result " Version: $((Get-ItemProperty $_.PsPath).DisplayVersion)"
37. Write-Result ""
38. }
39. }
40. }
41. }
42.  
43. # --- 2. Direct Kaspersky Registry Keys ---
44. $KasperskyReg = @(
45. "HKLM:\SOFTWARE\KasperskyLab",
46. "HKLM:\SOFTWARE\WOW6432Node\KasperskyLab"
47. )
48.  
49. foreach ($reg in $KasperskyReg) {
50. if (Test-Path $reg) {
51. Write-Result "Found Kaspersky registry hive: $reg"
52. }
53. }
54.  
55. # --- 3. Services ---
56. $Services = Get-Service | Where-Object { $_.Name -match "kl|kaspersky|avp" }
57. if ($Services) {
58. Write-Result "`nDetected Kaspersky-related services:"
59. $Services | ForEach-Object {
60. Write-Result (" Service: {0} ({1}) Status: {2}" -f $_.Name, $_.DisplayName, $_.Status)
61. }
62. }
63.  
64. # --- 4. Drivers ---
65. $Drivers = Get-ChildItem "C:\Windows\System32\drivers" -Filter "kl*.sys" -ErrorAction SilentlyContinue
66. if ($Drivers) {
67. Write-Result "`nDetected Kaspersky driver files:"
68. foreach ($d in $Drivers) {
69. Write-Result (" {0} - Version: {1}" -f $d.Name, (Get-Item $d.FullName).VersionInfo.FileVersion)
70. }
71. }
72.  
73. Write-Result "`n==== Scan Complete ===="
74. Write-Result "Results saved to $LogFile"
75.