Laboratoire antivirus Avira

‹ Retour

PUA/InstallCore.15687

Brève description
  • Nom
    PUA/InstallCore.15687
  • La date de la découverte
    27 oct. 2017
  • Version VDF
    7.14.32.92 (2017-10-27 16:35)
Description complète

Cette classe d'indicateurs de détection, applications potentiellement indésirables (PUA), peut nuire à la vie privée de l'utilisateur et à la sécurité du système local. Il s'agit d'applications légitimes qui tentent souvent d'utiliser l'ingénierie sociale pour inciter l'utilisateur à installer des offres supplémentaires au cours de l'installation du logiciel voulu initialement par l'utilisateur. Les logiciels, publicités ou sites Internet affichant l'un ou l'autre comportement et/ou propriétés répréhensibles sont classés en tant que PUA. Une liste complète des PUA est disponible sous http://www.avira.com/en/potentially-unwanted-applications. Cette détection ne signifie pas que le fichier est malveillant. Toutefois, si le fichier a été installé sur le système sans que l'utilisateur en soit informé, la vie privée de ce dernier ou la sécurité du système peuvent être en danger. Il n'est recommandé de désactiver cette détection qu'aux seuls utilisateurs avancés connaissant les risques et la façon d'utiliser ces applications.

  • VDF
    7.14.32.92 (2017-10-27 16:35)
  • Captures d'écran
  • Activité réseau
    • rp.appchuckl*****.com/
    • http://r1---sn-4g5e6nsy*g***.com/edgedl/release2/LJCVr0SsrEs/GoogleUpdateSetup.exe?cms_redirect=yes&expire=1509385968&ip=79.232.200.179&ipbits=0&mm=28&mn=sn-4g5e6nsy&ms=nvh&mt=1509371506&mv=m&pl=26&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69408F1C3E3A9A0DBCF001F1E278AD3CECB61EA7.224620F9570AB2295F64330192158D0233DEC552&key=cms1
    • http://redirector*g***.com/edgedl/release2/LJCVr0SsrEs/GoogleUpdateSetup.exe
    • http://www.msf*****.com/ncsi.txt
    • http://r5---sn-4g5e6ns6*g***.com/edgedl/release2/chrome/OnSdVVTLywA_61.0.3163.100/61.0.3163.100_chrome_installer.exe?cms_redirect=yes&expire=1509386074&ip=79.232.200.179&ipbits=0&mm=28&mn=sn-4g5e6ns6&ms=nvh&mt=1509371574&mv=m&pl=26&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F4E6552B67712E7BEF11814CF136042EEF86BBA.3E363FBBF466D92F3CD378D5465BAE7E763A1637&key=cms1
    • http://redirector*g***.com/edgedl/release2/chrome/OnSdVVTLywA_61.0.3163.100/61.0.3163.100_chrome_installer.exe
  • Processus
    • %executed_sample%
    • %executed_sample%
  • Fichiers
    Les fichiers suivants sont créés:
    • %APPDATA%\Local\Temp\0004BAD5.log
    • %APPDATA%\Local\Temp\inH30997324879\csshover3.htc
    • %APPDATA%\Local\Temp\inH30997324879\form.bmp.Mask
    • %APPDATA%\Local\Temp\inH30997324879\css\ie6_main.css
    • %APPDATA%\Local\Temp\inH30997324879\css\main.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\browse.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\button.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\checkbox.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\progress-bar.css
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\button-bg.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg-corner.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg.png
    • %APPDATA%\Local\Temp\inH30997324879\css\sdk-ui\images\progress-bg2.png
    • %APPDATA%\Local\Temp\inH30997324879\images\BG.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Close.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Close_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Color_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Color_Button_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\default_tb.png
    • %APPDATA%\Local\Temp\inH30997324879\images\default_wi.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Grey_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Grey_Button_Hover.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Icon_Generic.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Loader.gif
    • %APPDATA%\Local\Temp\inH30997324879\images\Pause_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Progress.png
    • %APPDATA%\Local\Temp\inH30997324879\images\ProgressBar.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Quick_Specs.png
    • %APPDATA%\Local\Temp\inH30997324879\images\Resume_Button.png
    • %APPDATA%\Local\Temp\inH30997324879\images\sponsored.png
    • %APPDATA%\Local\Temp\inH30997324879\locale\CS.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\DA.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\DE.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\EL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\EN.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ES.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\FI.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\FR.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ID.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\IT.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\JA.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\KO.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\NL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\NO.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\PL.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\PT.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\RU.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\SV.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\TR.locale
    • %APPDATA%\Local\Temp\inH30997324879\locale\ZH.locale
    • %APPDATA%\Local\Temp\0004BEEB.log
    • %APPDATA%\Local\Temp\inH30997324879\bootstrap_26389.html
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_setup64.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    Les fichiers suivants sont modifiés:
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_setup64.tmp
    • %APPDATA%\Local\Temp\is-3PG68.tmp\_isetup\_shfoldr.dll
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    Les fichiers suivants sont supprimés:
    • %APPDATA%\Local\Temp\0004BAD5.log
    • %APPDATA%\Local\Temp\0004BEEB.log
    Les pilotes suivants sont chargés:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_pegof_ed5c6a474c3109c5.cdf-ms
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %APPDATA%\Local\Temp\%executed_sample%
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Pegof\Ligucokiba.exe
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    • %USERPATH%\Pictures\wall.jpg
    Les fichiers suivants sont exécutés:
    • \Device\KsecDD
    • %SYSDIR%
    • %WINDIR%\winsxs\FileMaps\program_files_x86_pegof_ed5c6a474c3109c5.cdf-ms
    • %PROGRAM FILES% (x86)\Pegof\is-84J5U.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-8F77J.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFD05.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-6VPC9.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-JOCV2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-3J3C8.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QE1QF.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-HK9UO.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-VMA6F.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-M8988.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5D1PD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-IBMOE.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-GOB1S.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-QEHOA.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-001CN.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RFU82.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-RMVR2.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-E26D6.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-5T886.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-ERUGD.tmp
    • %PROGRAM FILES% (x86)\Pegof\is-MJMVO.tmp
    • %WINDIR%\SysWOW64\en-US\KERNELBASE.dll.mui
    • %SYSDIR%\netmsg.dll
    • %APPDATA%\Local\Temp\%executed_sample%
    • %APPDATA%\Local\Temp\is-L52IE.tmp\%executed_sample_name%.tmp
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %SYSDIR%\imageres.dll
    • %SYSDIR%\shell32.dll
    • %PROGRAM FILES% (x86)\Pegof\Ligucokiba.exe
    • %PROGRAM FILES% (x86)\Pegof\unins000.dat
    • %USERPATH%\Pictures\wall.jpg
  • Registre
    Les entrées de registre suivantes sont ajoutées:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\2D\52C64B7E (""LanguageList"": ""en-US;en;"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS (""EnableFileTracing"": "dword:00000000") (""EnableConsoleTracing"": "dword:00000000") (""FileTracingMask"": "dword:ffff0000") (""ConsoleTracingMask"": "dword:ffff0000") (""MaxFileSize"": "dword:00100000") (""FileDirectory"": ""%windir%\\tracing"")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000") (""WpadNetworkName"": ""Network 2"")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 (""WpadDecisionReason"": "dword:00000001") (""WpadDecisionTime"": "%hex_values%") (""WpadDecision"": "dword:00000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad (""WpadLastNetwork"": ""{58BF48AF-81A4-472D-9931-7D3DA8432D34}"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "Q")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "u Ny k<> *8PJ"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Pegof\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Icon Group": "Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayName": "Pegof version 4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayVersion": "4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallDate": "20171031")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MajorVersion": "4")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("EstimatedSize": "818")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1
    Les entrées de registre suivantes sont modifiées:
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Owner": "Q")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("SessionHash": "u Ny k<> *8PJ"")
    • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 ("Sequence": "1")
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\26\52C64B7E ("LanguageList": "en-USen")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Setup Version": "5.5.5 (a)")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: App Path": "%PROGRAM FILES% (x86)\Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallLocation": "%PROGRAM FILES% (x86)\Pegof\")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Icon Group": "Pegof")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: User": "Administrator")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("Inno Setup: Language": "default")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayName": "Pegof version 4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("UninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe"")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("QuietUninstallString": ""%PROGRAM FILES% (x86)\Pegof\unins000.exe" /SILENT")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("DisplayVersion": "4.3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoModify": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("NoRepair": "1")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("InstallDate": "20171031")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MajorVersion": "4")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("MinorVersion": "3")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1 ("EstimatedSize": "818")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pegof_is1
    Les valeurs des clés de registre suivantes sont supprimées:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (""ProxyEnable"": "dword:00000000") ("ProxyServer": "-") ("ProxyOverride": "-") ("AutoConfigURL": "-")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "-") ("IntranetName": "-")
  • Alias
    Kaspersky Lab: not-a-virus:AdWare.Win32.DealPly.ckhyt