KMSpico is a software that usually installs without your knowledge with free software downloads. KMSpico is an activator of Microsoft Windows and Microsoft Office license. It propagates via shared networks Peer To Peer sites of cracks and keygens. Identified the 03/07/2013.

KMSpico

Features:

– It belongs to a family of PUP (Potentially Unwanted Program).
– Vendor : PUP.Optional

Main actions :

– It installs as a process launched at startup of the system (RP),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It starts a task planned in automatic (O39),
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It installs a process of variable size to the level of the system folders (O44)
– It moved to the Windows prefetcher folder (O45).
– It installs as a registry key Image File Execution Options (IFEO) (O50)
– It creates multiple files users (O61),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

ZHPDiag report:

[MD5.627025E35FE0C2C4ECECBBF078979D98] – (.@ByELDI – Service_KMS.) — C:\Program Files\KMSpico\Service_KMS.exe [954048] [PID.2920] O23 – Service: Service KMSELDI (Service KMSELDI) . (.Pas de propriétaire – Service_KMS.) – C:\Program Files\KMSpico\Service_KMS.exe
O23 – Service: Service KMSELDI (Service KMSELDI) . (.@ByELDI – Service_KMS.) – C:\Program Files\KMSpico\Service_KMS.exe[MD5.521D1505B5908B196EB86CD7BCEE2ADC] [APT] [AutoPico Daily Restart] (…) — C:\Program Files\KMSpico\AutoPico.exe [283136] [MD5.E6BB53D93618C372A852EF984153B954] [APT] [AutoPico Daily Restart] (.@ByELDI.) — C:\Program Files\KMSpico\AutoPico.exe [954560] O39 – APT: AutoPico Daily Restart – (.@ByELDI.) — C:\Windows\System32\Tasks\AutoPico Daily Restart [3358] O42 – Logiciel: KMSpico 6 – (…) [HKLM][64Bits] — KMSpico v6_is1
O42 – Logiciel: KMSpico v9.1.3 – (…) [HKLM][64Bits] — KMSpico_is1
O42 – Logiciel: KMSpico v9.3.3 – (…) [HKLM][64Bits] — {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1
O43 – CFD: 2013-08-28 – 04:51:41 – [6.189] —-D C:\Program Files\KMSpico
O44 – LFC:[MD5.4848465BE4166472CDE7CD6ADD75EDC8] – 03/07/2013 – 10:59:04 –H– . (…) — C:\Windows\SysNative\KMSWrapper64.dll [87094] O44 – LFC:[MD5.4848465BE4166472CDE7CD6ADD75EDC8] – 03/07/2013 – 10:59:04 RSHAD . (…) — C:\Windows\System32\KMSWrapper64.dll [87094] O50 – IFEO:Image File Execution Options – SppExtComObj.exe – C:\Windows\SECOH-QAD.exe
O61 – LFC: 11/06/2014 – 12:15:57 R–A- . (…) — C:\Users\Coolman\Downloads\KMSpico 9.1.3 Final\KMSpico_setup.exe [2935928] O87 – FAEL: “{99B61BCF-CC78-4A3C-9DCB-45CEF263B034}” [In-None-P6-TRUE] .(.@ByELDI – Service_KMS.) — C:\Program Files\KMSpico\Service_KMS.exe
O87 – FAEL: “{8E37387C-25DA-4EA3-8F5D-34EEF5321D02}” [In-None-P17-TRUE] .(.@ByELDI – Service_KMS.) — C:\Program Files\KMSpico\Service_KMS.exe
SR – | Auto 284160 | (Service KMSELDI) . (…) – C:\Program Files\KMSpico\Service_KMS.exe[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico v6_is1] [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
C:\Program Files\KMSpico

Remove:

– Remove software in Windows Configuration Panel,
Remove with ZHPcleaner
ZHPCleaner_EN2
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:23+00:00 Categories: PUP|Tags: |Comments Off on PUP.Optional.KMSpico