Avira Virenlabor

‹ zurück

PUA/InstallCore.15687

Zusammenfassung
  • Name
    PUA/InstallCore.15687
  • Entdeckt am
    27.10.2017
  • VDF Version
    7.14.32.92 (2017-10-27 16:35)
Vollständige Beschreibung

Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Eine Anwendung wird als PUA eingestuft, wenn eine Software, eine Werbung oder eine Webseite eine oder mehrere unerwünschte Verhaltensweisen und/oder Eigenschaften aufweist. Eine vollständige PUA-Liste erhalten Sie hier: http://www.avira.com/en/potentially-unwanted-applications. Der Fund bedeutet nicht, dass die Datei schädlich ist. Wenn die Datei jedoch ohne das Wissen des Anwenders auf dem System installiert wurde, könnte seine Privatsphäre oder die Systemsicherheit gefährdet sein. Die Deaktivierung solcher Meldungen wird nur fortgeschrittenen Benutzern empfohlen, die mit den Risiken und der Verwendung dieser Anwendungen vertraut sind.

  • VDF
    7.14.32.92 (2017-10-27 16:35)
  • Screenshots
  • Netzwerkaktivität
    • rp.appchuckl*****.com/
    • http://r1---sn-4g5e6nsy*g***.com/edgedl/release2/LJCVr0SsrEs/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1509385968&ip=79.232.200.179&ipbits=0&mm=28&mn=sn-4g5e6nsy&ms=nvh&mt=1509371506&mv=m&pl=26&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69408F1C3E3A9A0DBCF001F1E278AD3CECB61EA7.224620F9570AB2295F64330192158D0233DEC552&key=cms1
    • http://redirector*g***.com/edgedl/release2/LJCVr0SsrEs/GoogleUpdateSetup.exe
    • http://www.msf*****.com/ncsi.txt
    • http://r5---sn-4g5e6ns6*g***.com/edgedl/release2/chrome/OnSdVVTLywA_61.0.3163.100/61.0.3163.100_chrome_installer.exe?cms_redirect=yes&expire=1509386074&ip=79.232.200.179&ipbits=0&mm=28&mn=sn-4g5e6ns6&ms=nvh&mt=1509371574&mv=m&pl=26&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F4E6552B67712E7BEF11814CF136042EEF86BBA.3E363FBBF466D92F3CD378D5465BAE7E763A1637&key=cms1
    • http://redirector*g***.com/edgedl/release2/chrome/OnSdVVTLywA_61.0.3163.100/61.0.3163.100_chrome_installer.exe
  • Prozesse
    • %executed_sample%
    • %executed_sample%
  • Dateien
    Die folgenden Dateien werden erstellt:
    • %APPDATA%\Local\Temp\0004BAD5.log
    • %APPDATA%\Local\Temp\inH30997324879\csshover3.htc
    • %APPDATA%\Local\Temp\inH30997324879\form.bmp.Mask
    • %APPDATA%\Local\Temp\inH30997324879\css\ie6_main.css
    • %APPDATA%\Local\Temp\inH30997324879\css\main.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\browse.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\button.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\checkbox.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\progress-bar.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\button-bg.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg-corner.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg2.png
    • %APPDATA%\Local\Temp\inH30997324879\images\BG.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Close.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Close_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Color_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Color_Button_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\default_tb.png
    • %APPDATA%\Local\Temp\inH30997324879\images\default_wi.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Grey_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Grey_Button_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Icon_Generic.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Loader.gif
    • %APPDATA%\Local\Temp\inH30997324879\images\Pause_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Progress.png
    • %APPDATA%\Local\Temp\inH30997324879\images\ProgressBar.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Quick_Specs.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Resume_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\sponsored.png
    • %APPDATA%\Local\Temp\inH30997324879\locale\CS.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\DA.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\DE.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\EL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\EN.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ES.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\FI.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\FR.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ID.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\IT.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\JA.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\KO.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\NL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\NO.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\PL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\PT.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\RU.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\SV.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\TR.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ZH.locale
    • %APPDATA%\Local\Temp\0004BEEB.log
    • %APPDATA%\Local\Temp\inH30997324879\bootstrap_26389.html
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_setup64.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    Die folgenden Dateien werden geändert:
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_setup64.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    Die folgenden Dateien werden gelöscht:
    • %APPDATA%\Local\Temp\0004BAD5.log
    • %APPDATA%\Local\Temp\0004BEEB.log
    Die folgenden Treiber werden geladen:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_pegof_ed5c6a474c3109c5.cdf-ms
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %APPDATA%\Local\Temp\%executed_sample%
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Pegof\Ligucokiba.exe
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    • %USERPATH%\Pictures\wall.jpg
    Die folgenden Dateien werden ausgeführt:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_pegof_ed5c6a474c3109c5.cdf-ms
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %APPDATA%\Local\Temp\%executed_sample%
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Pegof\Ligucokiba.exe
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    • %USERPATH%\Pictures\wall.jpg
  • Registry
    Folgende Registryeinträge werden hinzugefügt:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\2D\52C64B7E (""LanguageList"": ""en-US;en;"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000") (""WpadNetworkName"": ""Network 2"")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad (""WpadLastNetwork"": ""{58BF48AF-81A4-472D-9931-7D3DA8432D34}"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "Q")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "u Ny k<> *8PJ"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Pegof\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Icon Group": "Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayName": "Pegof version 4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayVersion": "4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallDate": "20171031")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MajorVersion": "4")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("EstimatedSize": "818")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1
    Folgende Registryeinträge werden geändert:
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "Q")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "u Ny k<> *8PJ"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Pegof\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Icon Group": "Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayName": "Pegof version 4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayVersion": "4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallDate": "20171031")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MajorVersion": "4")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("EstimatedSize": "818")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1
    Die Werte der folgenden Registry keys werden gelöscht:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
  • Alias
    Kaspersky Lab: not-a-virus:AdWare.Win32.DealPly.ckhyt