Étiqueté : , ,

Vous lisez 0 fil de discussion
  • Auteur
    Messages
    • #25932
      Nicolas Coolman
      Maître des clés

      Logiciel Superflu

      iMesh, Logiciel Potentiellement Superflu (LPS).

      Certains programmes ou applications comme iMesh peuvent être qualifiés de superflus. Il s’agit principalement de programmes légitimes qui ne sont pas forcément nécessaires au bon fonctionnement de votre système.

      Ils s'installent en tant que programme et/ou en tant qu'extension de navigateur. Ils peuvent démarrer automatiquement depuis le Registre via une clé "Run", un service ou une tâche planifiée. Il peut se lancer au démarrage de votre navigateur après modification de ses paramètres. Quelquefois le lancement se fait de façon silencieuse, c'est à dire qu'il travaille en tâche de fond. L'analyse virale de ce logiciel ne montre pas de détection malveillante. En savoir plus

      Plus précisément, iMesh est un logiciel Peer To Peer qui utilise les réseaux FastTrack et Gnutella. Il ne se désinstalle que partiellement. Il présente un risque potentiel lié à l’ouverture d’une multitude de ports. Sa désinstallation nécessite celle de Médiabar. Les paramètres des navigateurs ne sont pas rétablis après sa désinstallation.

      Actions principales :
      – Il s’installe en tant que processus lancé au démarrage du système (RP),
      – Il pirate la page de démarrage du navigateur Opera (B0),
      – Il remplace la page de recherche du navigateur Opera (B1),
      – Il modifie la page de démarrage du navigateur Internet Explorer (R0),
      – Il pirate la page de démarrage du navigateur Mozilla Firefox (M0),
      Il installe un programme d’extension pour le navigateur Mozilla Firefox (M2),
      – Il installe un plugin de navigateur Mozilla Firefox (M3),
      – Il s’installe en tant que valeur de registre AppInit_DLLs (O20),
      Il s’installe en tant que Browser Helper Object (BHO) de Navigateur internet (O2),
      Il s’installe en tant que barre d’outil (Toolbar) de Navigateur internet (O3),
      Il s’installe dans la Base de Registres afin d’être lancé à chaque démarrage du système (O4),
      Créé de multiples raccourcis d’application, Desktop, QuickLaunch, Taskbar, Programs (O4GS),
      Il s’installe en tant que programme (O42)
      – Il crée des clés de Registre “Software”,
      Il modifie le fournisseur de recherche Internet (O69),
      – Il crée plusieurs connexions entrantes actives dans les exceptions d’application du parefeu Windows (O87),
      – Il pollue la base de Registre avec de nombreuses clés (O88 ),
      – Il place un fichier de package MSI dans le dossier système Installer (O93)

      Aperçu ZHPDiag :
      [MD5.1F0B282799E63927DF7F2F58467F3B57] – (.iMesh, Inc – Data Manager.) — C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe [1115568]
      B0 – SPO: operaprefs.ini [Coolman] Home URL=https://search.imesh.com/
      B1 – OSP: search.ini [Coolman] URL=https://search.imesh.com/web?src=opb&systemid=1&q=%s
      M3 – MFPP: Plugins – [Coolman] — C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\u2tiac6d.default\searchplugins\iMeshWebSearch.xml
      M3 – MFPP: Plugins – [Coolman] — C:\Program Files (x86)\Mozilla FireFox\searchplugins\iMeshWebSearch.xml
      M0 – MFSP: prefs.js [Coolman – u2tiac6d.default] https://search.imesh.com/
      M2 – MFEP: prefs.js [Coolman – u2tiac6d.default\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] [] MediaBar v4.1.0.00 (.Visicom Media Inc..)
      M2 – MFEP: prefs.js [Coolman – u2tiac6d.default\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}] [] Wincore Mediabar v4.5.1.00 (.Visicom Media Inc..)
      M2 – MFEP: prefs.js [Coolman – u2tiac6d.default\{28D35620-51D9-11DE-9D13-2DB156D89593}] [] MediaBar v3.1 (.iMesh Inc. Portions copyright © Visicom Media. Dynamic Toolbar..)
      P2 – FPN: [HKCU] [iMeshPlugin] – (…) — C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (.not file.)
      R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.imesh.com
      R0 – HKUS\S-1-5-21-3643301615-960752750-2091460937-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.imesh.com
      O2 – BHO: UrlHelper Class [64Bits] – {474597C5-AB09-49d6-A4D5-2E8D7341384E} . (.iMesh, Inc – IEHelper.) — C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
      O2 – BHO: MediaBar [64Bits] – {28387537-e3f9-4ed7-860c-11e69af4a8a0} . (.. – dtx Dynamic Link Library.) — C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
      O2 – BHO: UrlHelper Class – {474597C5-AB09-49d6-A4D5-2E8D7341384E} . (…) — C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (.not file.)
      O2 – BHO: MediaBar – {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.. – MediaBar Link Library.) — C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O3 – Toolbar: MediaBar – {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.. – MediaBar Link Library.) — C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
      O4 – HKLM\..\Run: [DataMngr] . (.iMesh, Inc – Data Manager.) — C:\Program Files\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe
      O4 – HKCU\..\Run: [iMesh] C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O4 – Global Startup: C:\Users\touf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk . (.iMesh, Inc.) — C:\Program Files\iMesh Applications\iMesh\iMesh.exe
      O4 – GS\QuickLaunch [Coolman]: iMesh.lnk . (…) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O20 – AppInit_DLLs: . (.iMesh, Inc – Data Manager.) – C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
      O42 – Logiciel: iMesh – (.iMesh Inc..) [HKLM] — iMesh => Infection PUP (PUP.iMesh)
      O42 – Logiciel: iMesh – (.iMesh Inc..) [HKLM] — {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
      O42 – Logiciel: Wincore MediaBar – (.iMesh Inc..) [HKLM] — Wincore MediaBar
      O42 – Logiciel: Wincore MediaBar – (.Musiclab, LLC.) [HKLM] — Wincore MediaBar
      [HKCU\Software\AppDataLow\Software\imeshmediabartb]
      [HKCU\Software\iMesh]
      [HKLM\Software\Wow6432Node\iMeshSRTB
      O43 – CFD: 28/03/2011 – 20:25:34 – [42783782] —-D- C:\Program Files\iMesh Applications
      O43 – CFD: 18/09/2010 – 04:45:30 – [90654] —-D- C:\ProgramData\iMesh
      O43 – CFD: 12/05/2011 – 18:13:22 – [68067781] —-D- C:\Users\Coolman\Appdata\Local\iMesh
      O43 – CFD: 20/02/2011 – 17:05:34 – [52824107] —-D- C:\Program Files (x86)\iMesh Applications
      O69 – SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} [DefaultScope] – (Web Search) – https://search.imesh.com
      [MD5.622A00562875BD9908AA159654460007] [SPRF] (.iMesh Inc. – iMesh.) — C:\Users\Coolman\AppData\Local\Temp\iMesh_setup.exe [2346072]
      [MD5.9A879B12783B8B4EBFA524915B70A6FA] [SPRF] (.iMesh Inc. – iMesh.) — C:\Users\Coolman\AppData\Local\Temp\iMesh_1067452.exe [14681792]
      [MD5.9A879B12783B8B4EBFA524915B70A6FA] [SPRF] (.iMesh Inc. – iMesh.) — C:\Users\Coolman\AppData\Local\Temp\iMesh_setup.exe [14681792] )
      O87 – FAEL: “TCP Query User{917C69E1-E77B-4E3B-AB26-4D71E75B69CD}C:\program files\imesh applications\imesh\imesh.exe” | In – Public – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\program files\imesh applications\imesh\imesh.exe
      O87 – FAEL: “UDP Query User{7FD06392-F866-47C9-B604-0727962F86DC}C:\program files\imesh applications\imesh\imesh.exe” | In – Public – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\program files\imesh applications\imesh\imesh.exe
      O87 – FAEL: “{489320F0-FBEC-417C-A801-FCBB318FD69F}” | In – Domain – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{60AECE66-A434-4751-9F3C-B46A2AEA564F}” | In – Domain – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{524A0624-8015-415F-BB27-98569021243D}” | In – Private – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{D4B25EF9-C21F-410B-BF76-710E368BF005}” | In – Private – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “TCP Query User{18B5423F-9E0A-486A-A3D5-1E63994DDF68}C:\program files (x86)\imesh applications\imesh\imesh.exe” | In – Public – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\program files (x86)\imesh applications\imesh\imesh.exe
      O87 – FAEL: “UDP Query User{1AA60FD7-DFF4-450D-99A2-9757D8DB4B26}C:\program files (x86)\imesh applications\imesh\imesh.exe” | In – Public – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\program files (x86)\imesh applications\imesh\imesh.exe
      O87 – FAEL: “{2E87D536-763A-4A46-B6DF-429451D2F489}” | In – Domain – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{D9210FB5-ACC6-426D-BDA2-A30F90883F75}” | In – Domain – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{28FB128D-BF87-4DE2-BCF3-6D8489B4DF0D}” | In – Private – P6 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{C789922D-EA79-4423-AF27-BCE828E29AFA}” | In – Private – P17 – TRUE | .(.iMesh, Inc – iMesh.) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{02C27928-6241-45D5-B4F4-250828CE0EB5}” |In – Public – P6 – TRUE | .(…) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{28635D09-7906-4401-AC4C-3B3F694D5961}” |In – Public – P17 – TRUE | .(…) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{9D1B8575-2CA8-403B-A257-C51B94867F38}” |In – Domain – P6 – TRUE | .(…) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      O87 – FAEL: “{35599B1B-E8C3-4521-B4B3-7662C02CCF97}” |In – Domain – P17 – TRUE | .(…) — C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
      [MD5.F7E01774495A2C78A9F61FC076C25F40] [WIS][23/09/2010] (.iMesh Inc. – iMesh.) — C:\Windows\Installer\6acbfc.msi [305152]
      [HKCR\discoveryhelper.imesh6discovery]
      [HKCR\imweb.imwebcontrol]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh]
      [HKLM\Software\Classes\AppID\iMesh.exe]
      [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery]
      [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1]
      [HKLM\Software\Classes\iMesh.AudioCD]
      [HKLM\Software\Classes\iMesh.Device]
      [HKLM\Software\Classes\iMesh.file]
      [HKLM\Software\Classes\iMesh.LauncherEventHandler]
      [HKLM\Software\Classes\iMesh.LauncherEventHandler.1]
      [HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}]
      [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}]
      [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}]
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar]
      [HKCR\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}]
      [HKCR\TypeLib\{969D2C61-9B16-407c-86B7-397BF4579BE6}]
      [HKLM\Software\Classes\AppID\{969D2C61-9B16-407c-86B7-397BF4579BE6}]
      [HKLM\Software\Classes\iMesh.AudioCD]
      [HKLM\Software\Wow6432Node\Classes\iMesh.AudioCD]
      [HKLM\Software\Classes\iMesh.Device]
      [HKLM\Software\Wow6432Node\Classes\iMesh.Device]
      [HKLM\Software\Classes\iMesh.file]
      [HKLM\Software\Wow6432Node\Classes\iMesh.file]
      [HKLM\Software\Classes\iMesh.LauncherEventHandler]
      [HKLM\Software\Wow6432Node\Classes\iMesh.LauncherEventHandler]
      [HKLM\Software\Classes\iMesh.LauncherEventHandler.1]
      [HKLM\Software\Wow6432Node\Classes\iMesh.LauncherEventHandler.1]
      [HKLM\Software\Classes\iMeshIEHelper.DNSGuard]
      [HKLM\Software\Wow6432Node\Classes\iMeshIEHelper.DNSGuard]
      [HKLM\Software\Classes\iMeshIEHelper.DNSGuard.1]
      [HKLM\Software\Wow6432Node\Classes\iMeshIEHelper.DNSGuard.1]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
      [HKCU\Software\AppDataLow\Software\iMeshMediabarTB]
      [HKLM\Software\Wow6432Node\iMeshSRTB
      C:\Program Files\iMesh Applications
      C:\Users\Coolman\Appdata\Local\iMesh
      C:\Documents and Settings\Coolman\Local Settings\Application Data\iMesh
      C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\ssm88oy1.default\SearchPlugins\iMeshWebSearch.xml

      Alias :
      Adware.iMesh
      Spyware.VMNToolbar (MediaBar)
      SUP.iMesh

      Diagnostiquer avec ZHPSuite...  Désinstaller avec Windows...  Supprimer avec ZHPCleaner...  Supprimer avec Malwarebytes...

Vous lisez 0 fil de discussion
  • Vous devez être connecté pour répondre à ce sujet.
Retour en haut