PUP.DealPly, MinerGate

by ezclean posted Jan 12, 2021
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

PUP. DealPly

 

*file
C:\windows\tasks\dealplyliveupdatetaskmachinecore.job
C:\program files\dealplylive\update\1.3.23.0\psuser.dll
C:\program files\dealplylive\update\1.3.23.0\psmachine.dll
C:\program files\dealplylive\update\1.3.23.0\npgoogleupdate3.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_zh-tw.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_zh-cn.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_vi.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ur.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_uk.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_tr.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_th.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_te.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ta.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_sw.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_sv.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_sr.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_sl.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_sk.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ru.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ro.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_pt-pt.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_pt-br.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_pl.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_no.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_nl.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ms.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_mr.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ml.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_lv.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_lt.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ko.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_kn.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ja.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_iw.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_it.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_is.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_id.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_hu.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_hr.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_hi.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_gu.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_fr.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_fil.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_fi.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_fa.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_et.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_es.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_es-419.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_en.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_en-gb.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_el.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_de.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_da.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_cs.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ca.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_bn.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_bg.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_ar.dll
C:\program files\dealplylive\update\1.3.23.0\goopdateres_am.dll
C:\program files\dealplylive\update\1.3.23.0\goopdate.dll
C:\program files\dealplylive\update\1.3.23.0\dealplyliveondemand.exe
C:\program files\dealplylive\update\1.3.23.0\dealplylivebroker.exe
C:\program files\dealplylive\update\dealplylive.exe

*reg_keys
HKCU\software\dealplylive
HKLM\software\classes\appid\{80fabb17-63af-4655-9f07-b6509ee37af2}
HKLM\software\classes\appid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
HKLM\software\classes\appid\dealplylive.exe
HKLM\software\classes\clsid\{0d89de71-3d99-4288-84dc-f18f1047a7d8}
HKLM\software\classes\clsid\{1e0c9b2a-6447-452c-b012-2314a0c29412}
HKLM\software\classes\clsid\{34a8ceb6-89bb-49f1-b5e4-0d0d6c21f3b1}
HKLM\software\classes\clsid\{3a4dbd3a-98cc-41ce-ad21-352d42b6f754}
HKLM\software\classes\clsid\{4f8a50f6-69de-4be3-a33a-a1079b9ac0db}
HKLM\software\classes\clsid\{501cb57a-d4e2-4855-96ad-edb0a9083395}
HKLM\software\classes\clsid\{6ff2c4dd-77a4-4bb5-ba4c-b42defbf9137}
HKLM\software\classes\clsid\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
HKLM\software\classes\clsid\{80fabb17-63af-4655-9f07-b6509ee37af2}
HKLM\software\classes\clsid\{83aba270-8390-4ca6-ae48-fc089f55629e}
HKLM\software\classes\clsid\{8b218a5f-1a3d-4347-94ef-a79575eb8094}
HKLM\software\classes\clsid\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
HKLM\software\classes\clsid\{9bdb5e09-4bba-4422-8c2b-529b281c32b8}
HKLM\software\classes\clsid\{c536f080-57b7-46d6-8894-c647553f2889}
HKLM\software\classes\clsid\{ca5d945f-e738-4d0b-a0b5-25ac51c64659}
HKLM\software\classes\clsid\{f48fc5b2-094a-44c7-b48c-289738c9582d}
HKLM\software\classes\clsid\{f7698761-4aba-45c2-a5bb-d2163922c725}
HKLM\software\classes\clsid\{ffcc53e6-2655-47fc-a89b-54e8d7f305d1}
HKLM\software\classes\dealplylive.oneclickctrl.9
HKLM\software\classes\dealplylive.oneclickprocesslaunchermachine
HKLM\software\classes\dealplylive.oneclickprocesslaunchermachine.1.0
HKLM\software\classes\dealplylive.update3webcontrol.3
HKLM\software\classes\dealplyliveupdate.cocreateasync
HKLM\software\classes\dealplyliveupdate.cocreateasync.1.0
HKLM\software\classes\dealplyliveupdate.coreclass
HKLM\software\classes\dealplyliveupdate.coreclass.1
HKLM\software\classes\dealplyliveupdate.coremachineclass
HKLM\software\classes\dealplyliveupdate.coremachineclass.1
HKLM\software\classes\dealplyliveupdate.credentialdialogmachine
HKLM\software\classes\dealplyliveupdate.credentialdialogmachine.1.0
HKLM\software\classes\dealplyliveupdate.ondemandcomclassmachine
HKLM\software\classes\dealplyliveupdate.ondemandcomclassmachine.1.0
HKLM\software\classes\dealplyliveupdate.ondemandcomclassmachinefallback
HKLM\software\classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
HKLM\software\classes\dealplyliveupdate.ondemandcomclasssvc
HKLM\software\classes\dealplyliveupdate.ondemandcomclasssvc.1.0
HKLM\software\classes\dealplyliveupdate.processlauncher
HKLM\software\classes\dealplyliveupdate.processlauncher.1.0
HKLM\software\classes\dealplyliveupdate.update3comclassservice
HKLM\software\classes\dealplyliveupdate.update3comclassservice.1.0
HKLM\software\classes\dealplyliveupdate.update3webmachine
HKLM\software\classes\dealplyliveupdate.update3webmachine.1.0
HKLM\software\classes\dealplyliveupdate.update3webmachinefallback
HKLM\software\classes\dealplyliveupdate.update3webmachinefallback.1.0
HKLM\software\classes\dealplyliveupdate.update3websvc
HKLM\software\classes\dealplyliveupdate.update3websvc.1.0
HKLM\software\classes\interface\{066d89e6-b457-4a57-888a-b0aeb11d5bf1}
HKLM\software\classes\interface\{0e8990f4-2fc9-403c-883b-535d6271e740}
HKLM\software\classes\interface\{1644e2e1-e15e-4e9e-9b25-5668536dd6a7}
HKLM\software\classes\interface\{2ba83048-8b7c-4186-843b-d97fc1a6ae95}
HKLM\software\classes\interface\{469960f8-8172-4386-bbb1-df3590027d58}
HKLM\software\classes\interface\{753c5ed0-b9ab-4f1e-8dac-668e701ca569}
HKLM\software\classes\interface\{80995911-5cf2-483f-a260-c736e8d0c691}
HKLM\software\classes\interface\{821ed2b3-866e-4177-870e-52d995d123d0}
HKLM\software\classes\interface\{9b4e4bf6-9346-4969-8428-c3cb81cd7a30}
HKLM\software\classes\interface\{9bac5a3b-33fd-4db9-a4f1-b749498d4017}
HKLM\software\classes\interface\{a6670033-7a4b-4f59-b8a9-a7cebf3ce960}
HKLM\software\classes\interface\{b1285825-f24f-4651-9f8a-2012460ad2fc}
HKLM\software\classes\interface\{b3d38ae9-c808-4811-8417-f114839d6392}
HKLM\software\classes\interface\{b8e64931-27ef-42bc-af3b-0e2b25d17567}
HKLM\software\classes\interface\{be952bdf-6fdf-4a62-b318-e15d4487a2ef}
HKLM\software\classes\interface\{c0233f6c-3110-4aea-a798-c81da43ced9e}
HKLM\software\classes\interface\{cc5b7648-aaf8-4642-b53d-b7b5e4ae7241}
HKLM\software\classes\interface\{d325b617-d6f9-4c72-90b2-a38e6d15c16e}
HKLM\software\classes\interface\{df51ad29-5239-441a-b921-e655c8162060}
HKLM\software\classes\interface\{e515494b-7548-462a-b7e7-a3e6f8c4899c}
HKLM\software\classes\interface\{e9ecfff9-2011-439f-92eb-be145acd87da}
HKLM\software\classes\interface\{fbb92627-0daa-4b69-97cc-9879236fe039}
HKLM\software\classes\installer\products\93bad29ac2e44034a96bcb446eb8552e
HKLM\software\dealplylive
HKLM\software\microsoft\internet explorer\low rights\elevationpolicy\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
HKLM\software\microsoft\internet explorer\low rights\elevationpolicy\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
HKLM\software\microsoft\internet explorer\low rights\elevationpolicy\{c536f080-57b7-46d6-8894-c647553f2889}
HKLM\software\microsoft\windows\currentversion\ext\preapproved\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
HKLM\software\microsoft\windows\currentversion\ext\preapproved\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
HKLM\software\microsoft\windows\currentversion\ext\stats\{7f1796b2-bec6-427b-b734-f9c75ed94a80}
HKLM\software\microsoft\windows\currentversion\ext\stats\{8c338ddb-19fc-4c1f-b74d-6931ee55f7a1}
HKLM\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\93bad29ac2e44034a96bcb446eb8552e
HKLM\software\microsoft\windows\currentversion\uninstall\{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}
HKLM\software\microsoft\windows nt\currentversion\image file execution options\dealplylive.exe
HKLM\software\mozillaplugins\@tools.dpliveupdate.com/dealplylive update;version=3
HKLM\software\mozillaplugins\@tools.dpliveupdate.com/dealplylive update;version=9
HKLM\system\currentcontrolset\services\dealplylive
HKLM\system\currentcontrolset\services\dealplylivem
HKLM\software\classes\mime\database\content type\application/x-vnd.dpliveupdate.oneclickctrl.9
HKLM\software\classes\mime\database\content type\application/x-vnd.dpliveupdate.update3webcontrol.3

 

 

PUP.MinerGate


*file
C:\users\public\Desktop\minergate.lnk
C:\programdata\microsoft\windows\start menu\programs\minergate\uninstall.lnk
C:\programdata\microsoft\windows\start menu\programs\minergate\minergate.lnk
C:\program files\minergate\uninstall.exe
C:\program files\minergate\minergate.exe
C:\programdata\microsoft\windows\start menu\programs\minergate
C:\program files\minergate

*reg_key
HKLM\software\microsoft\windows\currentversion\uninstall\minergate
HKLM\software\minergate inc

 

11111.png