Avira Virenlabor

‹ zurück

PUA/AD.InstallCore.B

Zusammenfassung
  • Name
    PUA/AD.InstallCore.B
  • Entdeckt am
    11.11.2017
  • VDF Version
    7.14.34.24 (2017-11-11 11:45)
Vollständige Beschreibung

Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Diese Art von Gefährdung, Potenziell Unerwünschte Anwendungen (PUAs), kann die Privatsphäre des Nutzers und die Sicherheit des lokalen Systems beeinträchtigen.Es handelt sich dabei um seriöse Anwendungen, bei deren Installation der Anwender häufig mithilfe von Social Engineering dazu gebracht werden soll, zusätzlich zur gewünschten Software weitere Programme zu installieren. Eine Anwendung wird als PUA eingestuft, wenn eine Software, eine Werbung oder eine Webseite eine oder mehrere unerwünschte Verhaltensweisen und/oder Eigenschaften aufweist. Eine vollständige PUA-Liste erhalten Sie hier: http://www.avira.com/en/potentially-unwanted-applications. Der Fund bedeutet nicht, dass die Datei schädlich ist. Wenn die Datei jedoch ohne das Wissen des Anwenders auf dem System installiert wurde, könnte seine Privatsphäre oder die Systemsicherheit gefährdet sein. Die Deaktivierung solcher Meldungen wird nur fortgeschrittenen Benutzern empfohlen, die mit den Risiken und der Verwendung dieser Anwendungen vertraut sind.

  • VDF
    7.14.34.24 (2017-11-11 11:45)
  • Screenshots
  • Netzwerkaktivität
    • rp.quickcl*****.com/
  • Prozesse
    • %executed_sample%
  • Dateien
    Die folgenden Dateien werden erstellt:
    • %TEMPDIR%\00032451.log
    • %TEMPDIR%\inH2059211918\csshover3.htc
    • %TEMPDIR%\inH2059211918\form.bmp.Mask
    • %TEMPDIR%\inH2059211918\css\ie6_main.css
    • %TEMPDIR%\inH2059211918\css\main.css
    • %TEMPDIR%\inH2059211918\css\sdk-ui\browse.css
    • %TEMPDIR%\inH2059211918\css\sdk-ui\button.css
    • %TEMPDIR%\inH2059211918\css\sdk-ui\checkbox.css
    • %TEMPDIR%\inH2059211918\css\sdk-ui\progress-bar.css
    • %TEMPDIR%\inH2059211918\css\sdk-ui\images\button-bg.png
    • %TEMPDIR%\inH2059211918\css\sdk-ui\images\progress-bg-corner.png
    • %TEMPDIR%\inH2059211918\css\sdk-ui\images\progress-bg.png
    • %TEMPDIR%\inH2059211918\css\sdk-ui\images\progress-bg2.png
    • %TEMPDIR%\inH2059211918\images\BG.png
    • %TEMPDIR%\inH2059211918\images\Close.png
    • %TEMPDIR%\inH2059211918\images\Close_Hover.png
    • %TEMPDIR%\inH2059211918\images\Color_Button.png
    • %TEMPDIR%\inH2059211918\images\Color_Button_Hover.png
    • %TEMPDIR%\inH2059211918\images\Grey_Button.png
    • %TEMPDIR%\inH2059211918\images\Grey_Button_Hover.png
    • %TEMPDIR%\inH2059211918\images\Icon_Generic.png
    • %TEMPDIR%\inH2059211918\images\Loader.gif
    • %TEMPDIR%\inH2059211918\images\Minimize.png
    • %TEMPDIR%\inH2059211918\images\Minimize_Hover.png
    • %TEMPDIR%\inH2059211918\images\Pause_Button.png
    • %TEMPDIR%\inH2059211918\images\Progress.png
    • %TEMPDIR%\inH2059211918\images\ProgressBar.png
    • %TEMPDIR%\inH2059211918\images\Quick_Specs.png
    • %TEMPDIR%\inH2059211918\images\Resume_Button.png
    • %TEMPDIR%\inH2059211918\images\sponsored.png
    • %TEMPDIR%\inH2059211918\locale\CS.locale
    • %TEMPDIR%\inH2059211918\locale\DA.locale
    • %TEMPDIR%\inH2059211918\locale\DE.locale
    • %TEMPDIR%\inH2059211918\locale\EL.locale
    • %TEMPDIR%\inH2059211918\locale\EN.locale
    • %TEMPDIR%\inH2059211918\locale\ES.locale
    • %TEMPDIR%\inH2059211918\locale\FR.locale
    • %TEMPDIR%\inH2059211918\locale\ID.locale
    • %TEMPDIR%\inH2059211918\locale\IT.locale
    • %TEMPDIR%\inH2059211918\locale\JA.locale
    • %TEMPDIR%\inH2059211918\locale\KO.locale
    • %TEMPDIR%\inH2059211918\locale\NL.locale
    • %TEMPDIR%\inH2059211918\locale\NO.locale
    • %TEMPDIR%\inH2059211918\locale\PL.locale
    • %TEMPDIR%\inH2059211918\locale\PT.locale
    • %TEMPDIR%\inH2059211918\locale\RU.locale
    • %TEMPDIR%\inH2059211918\locale\SV.locale
    • %TEMPDIR%\inH2059211918\locale\TR.locale
    • %TEMPDIR%\inH2059211918\locale\ZH.locale
    • %TEMPDIR%\00036038.log
    • %TEMPDIR%\inH2059211918\bootstrap_54420.html
    • %TEMPDIR%\is-SNPGB.tmp\%executed_sample_name%.tmp
    • %TEMPDIR%\is-VCUH4.tmp\_isetup\_setup64.tmp
    • %TEMPDIR%\is-VCUH4.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Dicesehor\is-MGIBJ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0O0G5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KG686.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EH66I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-ICTTQ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-PGKE8.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-04CDN.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P2HD9.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0CJMC.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-2ILS0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KJQHF.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P8QR0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-G4H20.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0BFP5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EOVI5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-OV59G.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-BDS1E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-MHO9E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-N122I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-7I9MG.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\unins000.dat
    Die folgenden Dateien werden geändert:
    • %APPDATA%\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    • %TEMPDIR%\is-SNPGB.tmp\%executed_sample_name%.tmp
    • %TEMPDIR%\is-VCUH4.tmp\_isetup\_setup64.tmp
    • %TEMPDIR%\is-VCUH4.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Dicesehor\is-MGIBJ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0O0G5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KG686.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EH66I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-ICTTQ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-PGKE8.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-04CDN.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P2HD9.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0CJMC.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-2ILS0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KJQHF.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P8QR0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-G4H20.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0BFP5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EOVI5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-OV59G.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-BDS1E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-MHO9E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-N122I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-7I9MG.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\unins000.dat
    Die folgenden Dateien werden gelöscht:
    • %TEMPDIR%\00032451.log
    • %TEMPDIR%\00036038.log
    Die folgenden Treiber werden geladen:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_dicesehor_b65ff3c479df97a8.cdf-ms
    • %PROGRAM FILES% (x86)\Dicesehor\is-MGIBJ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0O0G5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KG686.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EH66I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-ICTTQ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-PGKE8.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-04CDN.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P2HD9.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0CJMC.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-2ILS0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KJQHF.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P8QR0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-G4H20.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0BFP5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EOVI5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-OV59G.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-BDS1E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-MHO9E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-N122I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-7I9MG.tmp
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %TEMPDIR%\is-SNPGB.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Dicesehor\Pederabot.exe
    • %PROGRAM FILES% (x86)\Dicesehor\unins000.dat
    • %APPDATA%\Local\Microsoft\Windows\WER\ERC\statecache.lock
    • %APPDATA%\Local\Microsoft\Windows\WER\ReportArchive
    • %PROGRAMDATA%\Microsoft\Windows\WER\ReportArchive
    • %APPDATA%\Local\Microsoft\Windows\WER\ERC
    Die folgenden Dateien werden ausgeführt:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_dicesehor_b65ff3c479df97a8.cdf-ms
    • %PROGRAM FILES% (x86)\Dicesehor\is-MGIBJ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0O0G5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KG686.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EH66I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-ICTTQ.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-PGKE8.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-04CDN.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P2HD9.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0CJMC.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-2ILS0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-KJQHF.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-P8QR0.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-G4H20.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-0BFP5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-EOVI5.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-OV59G.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-BDS1E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-MHO9E.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-N122I.tmp
    • %PROGRAM FILES% (x86)\Dicesehor\is-7I9MG.tmp
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %TEMPDIR%\is-SNPGB.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Dicesehor\Pederabot.exe
    • %PROGRAM FILES% (x86)\Dicesehor\unins000.dat
    • %APPDATA%\Local\Microsoft\Windows\WER\ERC\statecache.lock
    • %APPDATA%\Local\Microsoft\Windows\WER\ReportArchive
    • %PROGRAMDATA%\Microsoft\Windows\WER\ReportArchive
    • %APPDATA%\Local\Microsoft\Windows\WER\ERC
  • Registry
    Folgende Registryeinträge werden hinzugefügt:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\2D\52C64B7E (""LanguageList"": ""en-US;en;"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000") (""WpadNetworkName"": ""Network 2"")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad (""WpadLastNetwork"": ""{58BF48AF-81A4-472D-9931-7D3DA8432D34}"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "D [")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "D(<ss`%$1uR#+8")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0000": "%PROGRAM FILES% (x86)\Dicesehor\Pederabot.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFilesHash": "iWqa?[XaT/g=k")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0001": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegSvcs0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegProcs0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.101.2-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.103.2-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.100.1-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102 ("CheckSetting": "#ACBlob7[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.102.2-13435153312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100 ("CheckSetting": "#ACBlobt")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting ("LastQueuePesterTime": "131153085856669921")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0 ("CheckSetting": "#ACBlobtem")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100 ("CheckSetting": "#ACBlobdmk:[{01979c6a-42fa-414c-b8aa-eee2c8202018}.notification.0er.txt")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Dicesehor")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Dicesehor\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Icon Group": "Dicesehor")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("DisplayName": "Dicesehor version 1.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Dicesehor\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Dicesehor\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("DisplayVersion": "1.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("InstallDate": "20171111")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("MajorVersion": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("EstimatedSize": "816")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1
    Folgende Registryeinträge werden geändert:
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "D [")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "D(<ss`%$1uR#+8")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0000": "%PROGRAM FILES% (x86)\Dicesehor\Pederabot.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFilesHash": "iWqa?[XaT/g=k")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegFiles0001": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegSvcs0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("RegProcs0000": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.101.2-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.103.2-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100 ("CheckSetting": "#ACBlobN[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.100.1-13435003312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102 ("CheckSetting": "#ACBlob7[{E8433B72-5842-4d43-8645-BC2C35960837}.notification.102.2-13435153312")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100 ("CheckSetting": "#ACBlobt")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting ("LastQueuePesterTime": "131153085856669921")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0 ("CheckSetting": "#ACBlobtem")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100 ("CheckSetting": "#ACBlobdmk:[{01979c6a-42fa-414c-b8aa-eee2c8202018}.notification.0er.txt")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A} ("LastKnownState": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100 ("CheckSetting": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0 ("CheckSetting": "#ACBlob")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Dicesehor")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Dicesehor\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Icon Group": "Dicesehor")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("DisplayName": "Dicesehor version 1.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Dicesehor\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Dicesehor\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("DisplayVersion": "1.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("InstallDate": "20171111")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("MajorVersion": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1 ("EstimatedSize": "816")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dicesehor_is1
    Die Werte der folgenden Registry keys werden gelöscht:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
  • Alias
    ESET: Win32/InstallCore.Gen.A potentially unwanted application
    Kaspersky Lab: not-a-virus:AdWare.Win32.DealPly.cnpkr