KMSEmulator.exe

Responder
diegopascual
Mensajes: 3
Registrado: 31 May 2015, 17:58

KMSEmulator.exe

Mensaje por diegopascual » 31 May 2015, 18:05

Buenas tardes,



He usado el buscador antes de postear mi pregunta, y no encontré nada. Cada vez que enciendo el ordenador se me ejecuta este programa, y aunque lo detecta el AVG y lo elimina, al volver a encender vuelve a salirme. He investigado por google y he leído que es un troyano, pero como os conozco y se de vuestra profesionalidad, he querido volcar aquí el tema para ver si así me podéis ayudar, a mí y a otros que lo tengan.



He pasado ya el ElistarA pero espero a que me digáis que hacer a partir de ahora.



saludos

Diego

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: KMSEmulator.exe

Mensaje por msc hotline sat » 01 Jun 2015, 11:12

Pues con el Bloc de Notas, abre el fichero-informe creado por el ELISTARA



C:\infosat.txt



y con un COPIAR Y PEGAR nos posteas su contenido como respuesta de este Tema



A la vista de lo que alli indique, te indicaremos lo que procede hacer.



saludos



ms, 1-6-2015





PD: Aparte, añade .VIR a la extensión de este fichero:



C:\windows\KMSEmulator.exe



y envianoslo para analizar, como se indica en :



https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



ms.

diegopascual
Mensajes: 3
Registrado: 31 May 2015, 17:58

Re: KMSEmulator.exe

Mensaje por diegopascual » 01 Jun 2015, 17:49

Buenas tardes, le adjunto el informe:



(31-5-2015 15:34:46 (GMT))

EliStartPage v32.40 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 29 de Mayo del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)

Usuario: Diego

ID de Usuario: S-1-5-21-918233350-3551997187-1039736710-1000

Cadenas Víricas: 24033



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(31-5-2015 15:35:44 (GMT))

EliStartPage v32.40 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 29 de Mayo del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)

Usuario: Diego

ID de Usuario: S-1-5-21-918233350-3551997187-1039736710-1000

Cadenas Víricas: 24033



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(31-5-2015 15:48:31 (GMT))

EliStartPage v32.40 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 29 de Mayo del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium (6.1.0) (64 bits)

Usuario: Diego

ID de Usuario: S-1-5-21-918233350-3551997187-1039736710-1000

Cadenas Víricas: 24033



Lista de Acciones (por Exploración):

Explorando "C:\"

C:\SWSetup\Drivers\Audio\WDM\ALCMTR.EXE --> Eliminado, SpyRealtek



Nº Total de Directorios: 36694

Nº Total de Ficheros: 226161

Nº de Ficheros Analizados: 47593

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1



Respecto al adjunto del virus, en mi intento de eliminarlo le apliqué destruir con AVG cuando estaba en la papelera, y ya no lo encuentro en C: que es donde estaba antes. Pero me sigue apareciendo el aviso de que sigue el virus.



Gracias

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: KMSEmulator.exe

Mensaje por msc hotline sat » 01 Jun 2015, 19:18

Pues visto que el ELISTARA aun no controla este posible malware, procederemos a investigarlo con el SPROCES.EXE



Descarga dicha utilidad, lanzala y pulsa en SALIR, tras ello en menos de 10 segundos indicará haber creado un informe en C:\SPROCLOG.TXT



Procede igual que has hecho con el infosat.txt, lo pegas en tu proximo post de respuesta a este Tema y lo analizaremos, indicandote como proceder.



Y el fichero en cuestión, mira si lo encuentras en C:\windows, para lo que puedes usar el ELIMOVER entrando c:\windows\KMSEmulator.exe y marcando añadir .VIR a la extension de dicho fichero





Luego nos lo envias desde C:\muestras, como hemos indicado en el post anterior.



saludos



ms, 1-6-2015

diegopascual
Mensajes: 3
Registrado: 31 May 2015, 17:58

Re: KMSEmulator.exe

Mensaje por diegopascual » 01 Jun 2015, 23:00

Hola,



Me he descargado las dos aplicaciones, el ELIMOVER no ha detectado nada, y aquí pego el informe del SPROCES:



(1-6-2015 20:57:38 GMT)

SProces v8.5 (c)2015 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Home Premium (v6.1) (64 bits)

Internet Explorer: (v9.11.9600.17801) 0

Equipo: DIEGO-HP

Usuario: Diego

Sesión de Usuario: Diego



82 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\AVGRSA.EXE

C:\WINDOWS\SYSTEM32\AVGCSRVA.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\AVG WEB TUNEUP\WTUSYSTEMSUPPORT.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\WLANEXT.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\WINDOWS\SYSTEM32\DWM.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ARMSVC.EXE

C:\WINDOWS\SYSTEM32\AERTSR64.EXE

C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ATH_COEXAGENT.EXE

C:\WINDOWS\SYSTEM32\ADMINSERVICE.EXE

C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE

C:\WINDOWS\SYSTEM32\HKCMD.EXE

C:\WINDOWS\SYSTEM32\IGFXPERS.EXE

C:\WINDOWS\SYSTEM32\RTKNGUI64.EXE

C:\WINDOWS\SYSTEM32\SYNTPENH.EXE

C:\WINDOWS\SYSTEM32\BTVSTACK.EXE

C:\WINDOWS\SYSTEM32\ATHBTTRAY.EXE

C:\PROGRAM FILES (X86)\AVG\AVG2015\AVGIDSAGENT.EXE

C:\USERS\DIEGO\APPDATA\ROAMING\SPOTIFY\SPOTIFYWEBHELPER.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\AVG\AVG2015\AVGWDSVC.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SHARED\HPDRVMNTSVC.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP QUICK LAUNCH\HPWMISVC.EXE

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP QUICK LAUNCH\HPMSGSVC.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP ON SCREEN DISPLAY\HPOSD.EXE

C:\PROGRAM FILES (X86)\REALTEK\REALTEK PCIE CARD READER\RICONMAN.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\AVG\AVG2015\AVGUI.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\KORG\KORG USB-MIDI DRIVER\ESHELPER2.EXE

C:\WINDOWS\SYSTEM32\AVGNSA.EXE

C:\WINDOWS\SYSTEM32\AVGEMCA.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\AVG SECURE SEARCH\VTOOLBARUPDATER\18.4.0\TOOLBARUPDATER.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\CYBERLINK\YOUCAM\YCMMIRAGE.EXE

C:\WINDOWS\SYSWOW64\CTFMON.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\OSPPSVC.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE

C:\WINDOWS\SYSTEM32\SYNTPHELPER.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\HPWA_MAIN.EXE

C:\WINDOWS\SYSTEM32\HPHC_SERVICE.EXE

C:\WINDOWS\SYSTEM32\HPWA_SERVICE.EXE

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE

C:\WINDOWS\SYSTEM32\WMPNETWK.EXE

C:\WINDOWS\SYSTEM32\HPCASLNOTIFICATION.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUCHECK.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE

C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE

C:\USERS\DIEGO\DOWNLOADS\SPROCES\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

F2 - REG:system.ini: UserInit=userinit.exe (HKLM x86)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO (x86): Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO (x86): Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll

O2 - BHO (x86): IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO (x86): AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll

O2 - BHO (x86): URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO (x86): Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll

O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Diego\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_EE61CD3E1138C10841703F73164FC478] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Wow6432Node\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Wow6432Node\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Wow6432Node\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Wow6432Node\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

O4 - HKLM\..\Wow6432Node\..\Run: [RegistrarUsrDNIeCertStoreDLL] "C:\Archivos de programa\DNIe\udcs.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s

O4 - HKLM\..\Wow6432Node\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - (no file) (HKLM)

O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) (HKLM)

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (HKLM x86)

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (HKLM x86)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM x86)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics (x86)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: IGFXCUI - IGFXDEV.DLL

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O21 - SSODL (x86): WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O22 - ShellExecuteHooks (x86): Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL



Información Adicional:

----------------------

Acceso Rapido ('Diego'): Google Chrome.lnk = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Acceso Rapido ('Diego'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe

Acceso Rapido ('Diego'): Shows Desktop.lnk =

Acceso Rapido ('Diego'): Window Switcher.lnk =

Acceso Rapido ('Diego'): µTorrent.lnk = C:\Users\Diego\AppData\Roaming\uTorrent\uTorrent.exe

Ext.Google Chrome. ('Diego') Id: aapocclcgogkmnckokdopfmhonfmgoek

Ext.Google Chrome. ('Diego') Id: aohghmighlieiainnegkcijnfilokake

Ext.Google Chrome. ('Diego') Id: apdfllckaahabafndbhieahigkjlhalf

Ext.Google Chrome. ('Diego') Id: blpcfgokakmgnkcojhhkbfbldkacnbeo

Ext.Google Chrome. ('Diego') Id: coobgpohoikkiipiblmjeljniedjpjpf

Ext.Google Chrome. ('Diego') Id: felcaaldnbdncclmgdcncolpebgiejap

Ext.Google Chrome. ('Diego') Id: gmlllbghnfkpflemihljekbapjopfjik

Ext.Google Chrome. ('Diego') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('Diego') Id: nmmhkkegccagdldgiimedpiccmgmieda

Ext.Google Chrome. ('Diego') Id: pjkljhegncpnkpknbcohdijeoejaedia

DataBases Google Chrome. ('Diego'): Databases.db

DataBases Google Chrome. ('Diego'): Databases.db-journal



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

O23 - Service: WatchDog de AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

O23 - Service: Servicio de Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

O23 - Service: vToolbarUpdater18.4.0 - AVG Secure Search - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe

O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys

O23 - Service: Atheros Virtual Bluetooth Class (AthBTPort) - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btath_flt.sys

O23 - Service: Atheros Extensible Wireless LAN device driver (athr) - Atheros Communications, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\athrx.sys

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys

O23 - Service: Broadcom 802.11 Network Adapter Driver (BCM43XX) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\bcmwl664.sys

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys

O23 - Service: Bluetooth A2DP Audio Driver (BTATH_A2DP) - Atheros - C:\WINDOWS\SYSTEM32\drivers\btath_a2dp.sys

O23 - Service: Atheros Bluetooth Bus (BTATH_BUS) - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btath_bus.sys

O23 - Service: Bluetooth HCRP Server driver (BTATH_HCRP) - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btath_hcrp.sys

O23 - Service: Bluetooth LWFLT Device (BTATH_LWFLT) - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btath_lwflt.sys

O23 - Service: Bluetooth AVRCP Device (BTATH_RCP) - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btath_rcp.sys

O23 - Service: BtFilter - Atheros - C:\WINDOWS\SYSTEM32\DRIVERS\btfilter.sys

O23 - Service: CyberLink WebCam Virtual Driver (clwvd) - CyberLink Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\clwvd.sys

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys

O23 - Service: Focusrite USB 2.0 Audio Driver (ffusb2audio) - Focusrite Audio Engineering Limited. - C:\WINDOWS\SYSTEM32\DRIVERS\ffusb2audio.sys

O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys

O23 - Service: Intel(R) Management Engine Interface (HECIx64) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\HECIx64.sys

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys

O23 - Service: iaStorV - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys

O23 - Service: igfx - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\igdkmd64.sys

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys

O23 - Service: Sonido Intel(R) para pantallas (IntcDAud) - Intel(R) Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\IntcDAud.sys

O23 - Service: Komplete Audio 6 WDM Audio (ka6avs) - Native Instruments GmbH - C:\WINDOWS\SYSTEM32\Drivers\ka6avs.sys

O23 - Service: Komplete Audio 6 (ka6usb_svc) - Native Instruments GmbH - C:\WINDOWS\SYSTEM32\Drivers\ka6usb.sys

O23 - Service: KORG USB-MIDI Driver for Windows (KORGUMDS) - KORG INC. - C:\WINDOWS\SYSTEM32\Drivers\KORGUM64.SYS

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys

O23 - Service: MBAMSwissArmy - Unknown owner - C:\Windows\system32\drivers\MBAMSwissArmy.sys (file missing)

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys

O23 - Service: NVIDIA nForce Networking Controller Driver (NVENETFD) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nvm62x64.sys

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys

O23 - Service: Realtek PCIE CardReader Driver (RSPCIESTOR) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\RtsPStor.sys

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys

O23 - Service: SrvHsfHDA - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\VSTAZL6.SYS

O23 - Service: SrvHsfV92 - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\VSTDPV6.SYS

O23 - Service: SrvHsfWinac - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\VSTCNXT6.SYS

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys

O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics Incorporated - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys

O23 - Service: Anchorfree HSS VPN Adapter (taphss6) - Anchorfree Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\taphss6.sys

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys



Listado de Servicios (Deshabilitados):

--------------------------------------



87 Servicios.

18 de Carga Automatica.

69 de Carga Manual.

0 Deshabilitados.



Listado de Programas Instalados:

--------------------------------

AVG 2015 -> "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" /AppMode=SETUP /Uninstall /UDS=1

Paquete de controladores de Windows - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) -> C:\PROGRA~1\DIFX\4A7292F75FEBBD3C\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\ffusb2audio.inf_amd64_neutral_945ca58ec8095ae1\ffusb2audio.inf

Focusrite USB 2.0 Audio Driver 2.5.1 -> "C:\Program Files\Focusrite\USB 2.0 Audio Driver\unins000.exe"

Synaptics Pointing Device Driver -> rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Bluetooth Win7 Suite (64) -> MsiExec.exe /X{230D1595-57DA-4933-8C4E-375797EBB7E1}

HP Wireless Assistant -> MsiExec.exe /X{6E9E4EF4-39D1-497D-AF5D-1C5B5CD7C384}

AVG 2015 -> MsiExec.exe /I{E23970BE-3D5D-4B64-A7D6-0B6E108AB609}

AVG 2015 -> MsiExec.exe /I{F3C5374F-2483-48B7-A839-5B05CD77A8AC}

Adobe Flash Player 17 ActiveX -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe -maintain activex

Adobe Flash Player 17 NPAPI -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -maintain plugin

AVG Web TuneUp -> C:\Program Files (x86)\AVG Web TuneUp\UNINSTALL.exe /PROMPT /UNINSTALL

Bit4id - miniLector -> C:\Windows\uninstminilector.exe

FormatFactory 3.3.5.0 -> C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe

Google Chrome -> "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

CyberLink YouCam -> "C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Instalable módulo criptográfico DNIe -> "C:\Program Files (x86)\InstallShield Installation Information\{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}\setup.exe" -runfromtemp -l0x040a -removeonly

Native Instruments Komplete Audio 6 -> "C:\ProgramData\{18C4D5C0-CC59-4A81-AA4B-E33E05061100}\Komplete Audio 6 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE

Oxford Plus versión 1.0.34 -> "C:\Users\Diego\AppData\Local\Oxford Plus\unins000.exe"

Scarlett MixControl 1.8 -> "C:\Program Files (x86)\Focusrite\Scarlett MixControl\unins000.exe"

Succeed in English iPack 3 -> C:\Program Files (x86)\Oxford University Press\Succeed in English iPack 3\uninstall.exe

WinRAR 5.11 (32-bit) -> C:\Program Files (x86)\WinRAR\uninstall.exe

yWriter5 -> "C:\Program Files (x86)\yWriter5\unins000.exe"

PDFCreator -> C:\Program Files (x86)\PDFCreator\unins000.exe

CyberLink YouCam -> "C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Instalable módulo criptográfico DNIe -> MsiExec.exe /I{0EEEC9BE-0571-4AD9-9F5F-2957EA414D3C}

HP On Screen Display -> MsiExec.exe /I{124DB96E-CBF5-44FB-AB59-7D2444DEC777}

Skype™ 7.4 -> MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}

ActiveCheck component for HP Active Support Library -> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Java 8 Update 25 -> MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0}

ESU for Microsoft Windows 7 -> MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}

Intel(R) Rapid Storage Technology -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall

Cisco LEAP Module -> MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}

Google Update Helper -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

Cisco EAP-FAST Module -> MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}

Intel(R) Management Engine Components -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall

Hewlett-Packard Asset Agent for Health Check -> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

FileLab Plugin 1.1.33 -> MsiExec.exe /X{6AC5F630-9453-433D-90FF-BB3A8E4F8960}

EZkeys Classic Electrics -> MsiExec.exe /X{6FA39E2A-1535-459C-A10F-AF267BCBB1B7}

MSXML 4.0 SP2 (KB954430) -> MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Realtek Ethernet Controller Driver -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

HP Software Framework -> MsiExec.exe /X{91C46605-E342-42AE-A6ED-98904527C49A}

Adobe Refresh Manager -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}

Adobe Reader XI (11.0.11) - Español -> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-AB0000000001}

Microsoft SOAP Toolkit 3.0 -> MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}

EZkeys Grand Piano -> MsiExec.exe /X{BEBC94B6-CC95-4160-B753-DD6C5D9374FA}

Realtek PCIE Card Reader -> "C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly

Atheros Driver Installation Program -> "C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\Setup.exe" -runfromtemp -l0x040a

Recovery Manager -> MsiExec.exe /I{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}

KORG USB-MIDI Driver Tools for Windows -> MsiExec.exe /I{CACF2945-0BD5-43D3-B0CF-FA7D25DB2C1E}

EZkeys Mellotoon -> MsiExec.exe /X{D2BC209A-C589-471C-9041-07F6EB1E7913}

HP Quick Launch -> MsiExec.exe /I{EB58480C-0721-483C-B354-9D35A147999F}

Cisco PEAP Module -> MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}

Intel(R) Graphics Media Accelerator Driver -> C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall

Realtek High Definition Audio Driver -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

MSXML 4.0 SP2 (KB973688) -> MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Intel(R) Control Center -> C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Spotify -> "C:\Users\Diego\AppData\Roaming\Spotify\Spotify.exe" /uninstall

µTorrent -> "C:\Users\Diego\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL









Gracias

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: KMSEmulator.exe

Mensaje por msc hotline sat » 02 Jun 2015, 10:24

Efectivamente el KMSEMULATOR.EXE no aparece ya en ninguno de los informes, por lo que creemos que ya lo ha eliminado.



Si se repitiera el problema, arranque en MODO SEGURO y lance su antivirus en dicho modo, que igual por eso no lo termina de eliminar y se le regenera.



saludos



ms, 2-6-2015

Responder

Volver a “Foro Virus - Cuentanos tu problema”