PUP.Optional.Bandoo - Nicolas Coolman

Contents

1
2 Caractéristiques :
3 Actions principales :
4 Aperçu ZHPDiag :
5 Liens :
6 Alias :
7 Supprimer (Remove) :

Bandoo est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits. Il ne se désinstalle que partiellement.

Caractéristiques :

– Il appartient à une famille de PUP Optionnels (Potentially Unwanted Program).
– Vendeur : PUP.Optional.

Actions principales :

– Il s’installe de nombreux processus qui se lancnt au démarrage du système (RP),
– Il pirate la page de démarrage du navigateur Google Chrome (G0),
– Il installe un programme d’extension pour le navigateur Google Chrome (G2),
– Il pirate la page de démarrage du navigateur Mozilla Firefox (M0),
– Il installe un plugin de navigateur Mozilla Firefox (M3),
– Il Démarre le processus PeerToPeer datamanager de la société iMesh, Inc,
– Il ajoute le programme Discordia Telega Fast Dial aux extension de Mozilla Firefox,
– Il modifie la page de recherche du navigateur Internet Explorer (R1)
– Il ajoute la toolbar Searchqu aux programmes d’extension de Mozilla Firefox,
– Il modifie la page de démarrage de Microsoft Internet Explorer,
– Il ajoute plusieurs Browser Helper Objects (BHO) de Serchqu et Bandoo (O2),
– Il ajoute la toolbar Serchqu à Microsoft Internet Explorer (O3),
– Il crée une clé Run afin d’être lancé à chaque demarrage du système (O4),
– Il place un raccourci Quick Launch sous Microsoft Internet Explorer (O4 GS),
– Il s’installe en tant que valeur de registre AppInit_DLLs (O20),
– Il s’installe en tant que service pour être lancé à chaque démarrage du système (O23) (SS),
– Il ajoute une valeur de registre APPInit pour lancer le processus PeerToPeer datamanager de la société iMesh, Inc,
– Il démarre une tâche planifiée en automatique (O39),
– Il s’installe en tant que programme Bandoo (O42),
– Il s’installe en tant que programme Windows Searchqu Toolbar de Discordia Limited (O42),
– Il crée un nouveau dossier sous Program Files (043),
– Il crée les clés Run software « SearchquMediabarTb » et « Bandoo »,
– Il installe les programmes Bandoo et Searchqu sous « Program Files » et « ProgramData » (O42),
– Il installe les programmes Bandoo dans des sous dossiers aléatoires de « Program Files », au format « wi{Random}9130~1\datamngr » (O43),
– Il s’installe dans le dossier Windows prefetcher (O45),
– Il créé une clé de registre ShareTools MSconfig StartupReg (O53),
– Il crée dans le Registre plusieurs clés Legacy pointant sur des services malwares (O64),
– Il installe Searchqu dans une clé de registres « SearchScopes » (O69),
– Il crée une connexion entrante active dans les exceptions d’application du parefeu Windows (O87),
– Il pollue la base de Registre avec de nombreuses clés (O88 ),

Aperçu ZHPDiag :

—-\\ Processus lancés
[fusion_builder_container hundred_percent= »yes » overflow= »visible »][fusion_builder_row][fusion_builder_column type= »1_1″ background_position= »left top » background_color= » » border_size= » » border_color= » » border_style= »solid » spacing= »yes » background_image= » » background_repeat= »no-repeat » padding= » » margin_top= »0px » margin_bottom= »0px » class= » » id= » » animation_type= » » animation_speed= »0.3″ animation_direction= »left » hide_on_mobile= »no » center_content= »no » min_height= »none »][MD5.CF0AEEE7BC550E5867B36572562C1965] – (.iMesh, Inc – Data Manager.) — C:\PROGRA~1\WIA6EB~1\DataMngr\DATAMN~1.EXE [796608] [MD5.4699DFBA43A630238131979451750573] – (.Discordia Limited – Bandoo Core.) — C:\PROGRA~1\Bandoo\BndCore.exe [1577920] [MD5.60EF3D4C23711B286E7301350424403A] – (.Discordia, LTD – Data Manager.) — C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [985488] [MD5.6D9C23901E2D9C6C1A0721E88A97E7D4] – (.Bandoo Media Inc. – Bandoo Core.) — C:\PROGRA~1\Bandoo\BndCore.exe [1579408] [MD5.C772EC1FE79437B9086ACF708EAAE94B] – (.Bandoo Media Inc. – Bandoo Core.) — C:\Program Files\Bandoo\BndCore.exe [1680784] [PID.3972] [MD5.29D3E7E54992225D853F8665D573EC5D] – (.Bandoo Media Inc. – Bandoo Coordinator.) — C:\PROGRA~1\Bandoo\Bandoo.exe [1942416] [MD5.40A329FE101AE594F879D2133E223D0A] – (.Discordia, LTD – Data Manager.) — C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1115536] [MD5.C0909655D4BDF541DA23E828B7B05A7A] – (.Bandoo Media, inc – Data Manager.) — C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE [1546640] [MD5.952EC643565C42DFC27B88BF69C36556] – (.Bandoo Media, inc – Data Manager.) — C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe [1694608] [PID.3956]

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G0 – GCSP: Preference [User Data\Default][HomePage] https://www.searchnu.com
G0 – GCSP: Preference [User Data\Default] https://www.searchnu.com
G2 – GCE: Preference [User Data\Default] [jbajpeofkjjeiamcglnmldoboonfkiol] iLivid New Tabs v.5.0.0.7254 (Désactivé )

—\\ Pages de démarrage d’Internet Explorer (R0)
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.searchqu.com/
R0 – HKUS\S-1-5-21-247770664-1108384299-3145525524-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.searchqu.com

—\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.searchqu.com/sidebar.html?src=ssb&sysid=402

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M0 – MFSP: prefs.js [Coolman – n5vs13la.default] https://www.searchqu.com/
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\[email protected] – Copie] [fastdial] Fast Dial v2.23b2 (.telega.)
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\[email protected]] [] Bandoo for Firefox v5.0 (.telega.)
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\[email protected]] [] Bandoo for Firefox v5.1 (.EA Digital Illusions CE AB.)
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\{7FF99715-3016-4381-84CE-E4E4C9673020}] [] Searchqu Toolbar v1.0 (.Discordia Ltd. Portions copyright © Visicom Media. Dynamic Toolbar..)
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\[email protected]] [] Fun4IM for Firefox v5.0 (.Volo-Net.)
M3 – MFPP: Plugins – [Coolman] — C:\Users\Coolman.Demo336667\AppData\Roaming\Mozilla\Firefox\Profiles\p1f042is.default\searchplugins\SearchquWebSearch.xml
M3 – MFPP: Plugins – [Coolman] — C:\Program Files (x86)\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
M0 – MFSP: prefs.js [Coolman – n5vs13la.default] https://www.searchqu.com/406
M2 – MFEP: prefs.js [Coolman – n5vs13la.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar {version} (.Visicom Media Inc..)
M3 – MFPP: Plugins – [Coolman] — C:\Users\Coolman\AppData\Roaming\Mozilla\Firefox\Profiles\\n5vs13la.default\searchplugins\SearchquWebSearch.xml
M3 – MFPP: Plugins – [Coolman] — C:\Program Files\Mozilla FireFox\searchplugins\completebartb.xml

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Searchqu Toolbar – {7FF99715-3016-4381-84CE-E4E4C9673020} . (.. – Searchqu Toolbar Link Library.) — C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O2 – BHO: Bandoo IE Plugin – {EB5CEE80-030A-4ED8-8E20-454E9C68380F} . (.Discordia Limited – Bandoo IE Plugin.) — C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 – BHO: Bandoo IE Plugin – {EB5CEE80-030A-4ED8-8E20-454E9C68380F} . (.Bandoo Media Inc. – Bandoo IE Plugin.) — C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 – BHO: UrlHelper Class [64Bits] – {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} . (…) — C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
O2 – BHO: Searchqu Toolbar – {99079a25-328f-4bd4-be04-00955acaa0a7} . (.. – dtx Dynamic Link Library.) — C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O2 – BHO: UrlHelper Class – {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} . (.Bandoo Media, inc – IEHelper.) — C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll
O2 – BHO: Complete Bar [64Bits] – {64c54209-175c-454d-9291-ac46d4d952cf} . (.. – Complete Bar Link Library.) — C:\Program Files (x86)\completebartb\completebarDx.dll
O2 – BHO: Updater For Complete Bar [64Bits] – {fe618700-e0ee-441e-8b1d-18ce226bb193} . (.Visicom Media – Complete Bar Security Helper.) — C:\Program Files (x86)\completebartb\auxi\completebarAu.dll
O2 – BHO: DataMngr – {9D717F81-9148-4f12-8568-69135F087DB0} . (.Bandoo Media, inc – Url Helper.) — C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll

—\\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Searchqu Toolbar – {7FF99715-3016-4381-84CE-E4E4C9673020} . (.. – Searchqu Toolbar Link Library.) — C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
O3 – Toolbar: Searchqu Toolbar – {99079a25-328f-4bd4-be04-00955acaa0a7} . (.. – dtx Dynamic Link Library.) — C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O3 – Toolbar: Searchqu Toolbar – {99079a25-328f-4bd4-be04-00955acaa0a7} . (.dtx Dynamic Link Library.) — C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll

—\\ Applications démarrées par registre & par dossier (O4)
O4 – HKLM\..\Run: [DataMngr] . (.iMesh, Inc – Data Manager.) — C:\PROGRA~1\WIA6EB~1\DataMngr\DataMngrUI.exe
O4 – HKLM\..\Run: [DATAMNGR] . (.Bandoo Media, inc – Data Manager.) — C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.exe
O4 – HKLM\..\Run: [DATAMNGR] . (.Bandoo Media, inc – Data Manager.) — C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

—\\ Autres liens utilisateurs (O4)
O4 – Global Startup: C:\Documents And Settings\PC-01\Menu Démarrer\Programmes\fTalk.lnk . (.Bandoo Media Inc..) — C:\Documents and Settings\Coolman\Local Settings\Application Data\fTalk\ftalk.exe
O4 – GS\QuickLaunch: iLivid.lnk . (…) — C:\Users\Coolman\AppData\Local\iLivid\iLivid.exe

—\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (.iMesh, Inc – Data Manager.) – C:\PROGRA~1\WIA6EB~1\DataMngr\datamngr.dll
O20 – AppInit_DLLs: . (.Discordia Limited – BndHook.) – c:\progra~1\fun4im\bndhook.dll
O20 – AppInit_DLLs: . (…) – c:\progra~1\wi9130~1\datamngr\datamngr.dll
O20 – AppInit_DLLs: . (.Discordia, LTD – Data Manager.) – c:\progra~1\wi9130~1\datamngr\datamngr.dll
O20 – AppInit_DLLs: . (.Discordia Limited – BndHook.) – c:\progra~1\bandoo\bndhook.dll

—\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Bandoo Coordinator (Bandoo Coordinator) . (.Discordia Limited – Bandoo Coordinator.) – C:\PROGRA~1\Bandoo\Bandoo.exe
O23 – Service: (Fun4IM Coordinator) . (.Discordia Limited – Fun4IM Coordinator.) – C:\PROGRA~1\FUN4IM\BANDOO.exe
O23 – Service: (BrowserQuest Service) . (…) – C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe
O23 – Service: (Bandoo Coordinator) . (.Bandoo Media Inc. – Bandoo Coordinator.) – C:\PROGRA~1\Bandoo\Bandoo.exe

—\\ Logiciels installés (O42)
O42 – Logiciel: Bandoo – (.Discordia Limited.) [HKLM] — Bandoo
O42 – Logiciel: Windows Searchqu Toolbar – (.Discordia Limited.) [HKLM] — Searchqu MediaBar
O42 – Logiciel: BrowserQuest 1.0 build 119 – (…) [HKLM] — BrowserQuest
O42 – Logiciel: Bandoo – (.Bandoo Media Inc.) [HKLM] — Bandoo
O42 – Logiciel: Windows Searchqu Toolbar – (.Bandoo Media Inc.) [HKLM] — Searchqu MediaBar
O42 – Logiciel: Windows iLivid Toolbar – (.Bandoo Media, Inc.) [HKLM][64Bits] — Searchqu 406 MediaBar
O42 – Logiciel: iLivid – (.Bandoo Media Inc..) [HKLM][64Bits] — iLivid
O42 – Logiciel: iLivid – (.Bandoo Media Inc..) [HKLM][64Bits] — {8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
O42 – Logiciel: Complete Bar – (.Visicom Media Inc..) [HKLM] — completebartb
O42 – Logiciel: Search-Results Toolbar – (.APN LLC.) [HKLM][64Bits] — ilividtoolbarguid

—\\ Contenu des dossiers Program Files (O43)
O43 – CFD:Common File Directory —-D- C:\Program Files\Bandoo
O43 – CFD:Common File Directory —-D- C:\Program Files\Windows Searchqu Toolbar
O43 – CFD: 14/02/2010 – 13:50:20 —-D- C:\Program Files\BrowserQuest
O43 – CFD: 30/11/2010 – 09:18:48 —-D- C:\Program Files\Fun4IM
O43 – CFD: 29/10/2011 – 20:15:18 – [0,014] —-D- C:\Users\Coolman\AppData\Local\Ilivid Player
O43 – CFD: 09/11/2011 – 16:07:32 – [4,731] –H-D- C:\ProgramData\{145B6A8D-C3A8-4F62-BF1A-E616EBBDF2B2}
O43 – CFD: 12/26/2011 – 12:09:42 PM – [6.036] –H-D- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
O43 – CFD: 03/10/2011 – 13:52:43 – [6,140] –H-D C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}
O43 – CFD: 03/06/2011 – 21:27:54 – [319560] —-D- C:\ProgramData\Bandoo
O43 – CFD: 03/06/2011 – 21:23:40 – [0 ] —-D- C:\Users\Coolman\AppData\Roaming\Bandoo
O43 – CFD: 16/06/2011 – 21:48:18 – [0] —-D- C:\Documents and Settings\Coolman\Application Data\searchquband
O43 – CFD: 16/06/2011 – 21:48:20 – [539] —-D- C:\Documents and Settings\Coolman\Application Data\searchqutoolbar
O43 – CFD: 13/12/2011 – 08:32:42 – [15,539] –H-D- C:\ProgramData\ {8A9C7D9D-B673-43E9-A528-F00754A75BBA}

—\\ HKCU & HKLM Software Keys
[HKCU\Software\SearchquMediabarTb] [HKLM\Software\Bandoo] [HKLM\Software\Iminent] [HKLM\Software\DataMngr] [HKCU\Software\AppDataLow\Software\searchqutb] [HKLM\Software\SearchquMediabarTb] [HKCU\Software\Datamngr] [HKCU\Software\AppDataLow\Software\completebartb] [HKCU\Software\ilividtoolbarguid] [HKLM\Software\Wow6432Node\iLividSRTB] [HKCU\Software\DataMngr_Toolbarshit] [HKCU\Software\DataMngrshit]

—\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.D3CA0909A207263B696548B0AD13D57A] – 04/05/2011 – 18:17:50 —A- . (…) — C:\Windows\System32\bandoolmx.dll [1524112]

—\\ Derniers fichiers créés par Windows Prefetcher (O45)
O45 – LFCP:[MD5.B4377964F3A6CAB8FCADCBCB86307F99] – 26/05/2013 – 08:35:36 —A- – C:\Windows\Prefetch\ILIVIDSETUP-R706-N-BC.EXE-5C6C0643.pf
O45 – LFCP:[MD5.D669CFD282CA915989FDE562880693D8] – 26/05/2013 – 08:35:49 —A- – C:\Windows\Prefetch\ILIVIDMEDIABAR.EXE-C84EF9EB.pf

—\\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – « C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe » [Enabled] .(.Visicom Media Inc. – DTX broker.) — C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
O47 – AAKE:Key Export SP – « C:\Program Files\completebartb\dtUser.exe » [Enabled] .(.Visicom Media Inc. – DTX broker.) — C:\Program Files\completebartb\dtUser.exe
O47 – AAKE:Key Export SP – « C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe » [Enabled] .(.Visicom Media Inc. – DTX broker.) — C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

—\\ ShareTools MSconfig StartupReg (O53)
O53 – SMSR:HKLM\…\startupreg\fTalk [Key] . (.Bandoo Media Inc. – fTalk.) — C:\Documents and Settings\Coolman\Local Settings\Application Data\fTalk\ftalk.exe

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 26/05/2013 – 08:35:12 —A- C:\Users\lavaudenis33@orange\Downloads\iLividSetup-r706-n-bc.exe [1488280]

—\\ Liste des services Legacy (LALS) (O64)
O64 – Services: CurCS – « C:\PROGRA~1\Bandoo\Bandoo.exe (.not file.) – Bandoo Coordinator (Bandoo Coordinator) .(…) – LEGACY_BANDOO_COORDINATOR
O64 – Services: CurCS – « C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe (.not file.) – BrowserQuest Service (BrowserQuest Service) .(…) – LEGACY_BROWSERQUEST_SERVICE
O64 – Services: CurCS – C:\PROGRA~1\Fun4IM\Bandoo.exe – Fun4IM Coordinator (Fun4IM Coordinator) .(.Bandoo Media Inc. – Fun4IM Coordinator.) – LEGACY_FUN4IM_COORDINATOR

—\\ Search Browser Infection (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} – (Web Search) – https://www.searchqu.com
O69 – SBI: SearchScopes [HKUS\.DEFAULT] {8A96AF9E-4074-43b7-BEA3-87217BDA7402} [DefaultScope] – (Web Search) – https://www.searchqu.com/web?src=ieb&systemid=402&q={searchTerms}
O69 – SBI: SearchScopes [HKUS\S-1-5-18] {8A96AF9E-4074-43b7-BEA3-87217BDA7402} [DefaultScope] – (Web Search) – https://www.searchqu.com/web?src=ieb&systemid=402&q={searchTerms}
O69 – SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} [DefaultScope] – (Web Search) – https://www.searchqu.com
O69 – SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} – (Search Results) – https://dts.search-results.com

—\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.8F4663E97D78D34CAAFE2858EE3B660C] [SPRF] (…) — C:\Users\Coolman\AppData\Local\Temp\SetupDataMngr_Searchqu.exe [2944320] [MD5.DC718250EEDF0C923D6B8573A102B522] [SPRF][30/06/2011] (.Bandoo Media Inc. – Bandoo Install.) — C:\Users\Coolman\AppData\Local\Temp\BandooV6.exe [4686368] [MD5.87878F773129DBC45D4B30D9DDED3493] [SPRF][07/12/2011] (.Bandoo Media Inc – Bandoo Install.) — C:\Users\CoolmanAppData\Local\Temp\bnd4877.tmp.exe [1360424] [MD5.89705EFA8BADAA64B66B2E3389269D6B] [SPRF][05/11/2011] (.Bandoo Media Inc – Bandoo Install.) — C:\Users\Coolman\AppData\Local\Temp\BandooV6.exe [1363152]

—\\ Firewall Active Exception List (FirewallRules) (O87)
O87 – FAEL: « {0E47416C-A44C-4D7D-B2C2-FD350E110623} » | In – Private – P6 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe
O87 – FAEL: « {F13C5700-4991-4EBE-9465-BFD56463644A} » | In – Private – P17 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\dtUser.exe
O87 – FAEL: « {86C0319B-8C98-4E22-A42B-50848885CCC3} » | In – Private – P6 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files\Windows Searchqu Toolbar\ToolBar\dtUser.exe
O87 – FAEL: « {14198DDA-60A8-40C6-8AF4-A6CA19CC26C5} » | In – Private – P17 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files\Windows Searchqu Toolbar\ToolBar\dtUser.exe
O87 – FAEL: « {BD5AFBA5-3C3B-4B5F-A4CE-F432585E452F} » | In – Public – P6 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
O87 – FAEL: « {91257AE3-D140-4F8A-8A0F-1762A48D15B9} » | In – Public – P17 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
O87 – FAEL: « {12D44357-9AB8-4F2E-A949-615C3B5850A3} » | In – Private – P6 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\completebartb\dtUser.exe
O87 – FAEL: « {F27A69A3-5BE7-411E-A974-289BDE17BFFA} » | In – Private – P17 – TRUE | .(.Visicom Media Inc. – DTX broker.) — C:\Program Files (x86)\completebartb\dtUser.exe
O87 – FAEL: « {EFDEF800-35AC-463F-9856-B24415F32FAA} » |In – Public – P6 – TRUE | .(…) — C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
O87 – FAEL: « {351E340A-9DDC-4F06-B14F-C09B39ADE238} » |In – Public – P17 – TRUE | .(…) — C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
O87 – FAEL: « {CB4E2A80-6D2B-4BAC-A2E6-CE9FB84CBFFC} » | In – Private – P6 – TRUE | .(.APN LLC – DtUser.) — C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
O87 – FAEL: « {E1E6CF9B-5039-4AC8-8AE3-F9D841565B54} » | In – Private – P17 – TRUE | .(.APN LLC – DtUser.) — C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe

—\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 04/05/2011 1617296 | (Bandoo Coordinator) . (.Bandoo Media Inc..) – C:\PROGRA~1\Bandoo\Bandoo.exe
SR – | Auto 20/09/2010 1940928 | C:\PROGRA~1\Bandoo\Bandoo.exe (Bandoo Coordinator) . (.Discordia Limited.) – C:\PROGRA~1\Bandoo\Bandoo.exe
SS – | Auto 23/08/2010 1938880 | « C:\PROGRA~1\FUN4IM\BANDOO.exe (Fun4IM Coordinator) . (.Discordia Limited.) – C:\PROGRA~1\FUN4IM\BANDOO.exe
SS – | Auto 08/02/2010 58744 | « C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe (BrowserQuest Service) . (…) – C:\Documents and Settings\All Users\Application Data\BrowserQuest\browserquest119.exe

—\\ Scan Additionnel (O88 )
[HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard] [HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1] [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKCR\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKLM\Software\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] [HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] [HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] [HKCU\Software\DataMngr] [HKLM\Software\DataMngr] [HKLM\Software\Wow6432Node\DataMngr] [HKCU\Software\ilivid] [HKLM\Software\ilivid] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] [HKLM\Software\SearchquMediabarTb] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar] [HKCR\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}] [HKCR\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}] [HKLM\Software\Classes\AppID\bandoocore.exe] [HKLM\Software\Classes\bandoocore.bandoocore] [HKLM\Software\Classes\bandoocore.bandoocore.1] [HKLM\Software\Classes\bandoocore.resourcesmngr] [HKLM\Software\Classes\bandoocore.resourcesmngr.1] [HKLM\Software\Classes\bandoocore.settingsmngr] [HKLM\Software\Classes\bandoocore.settingsmngr.1] [HKLM\Software\Classes\bandoocore.statisticmngr] [HKLM\Software\Classes\bandoocore.statisticmngr.1] [HKLM\Software\Classes\TypeLib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] C:\Users\Coolman.Demo336667\AppData\Roaming\Mozilla\Firefox\Profiles\p1f042is.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
C:\Users\Coolman.Demo336667\AppData\Roaming\Mozilla\Firefox\Profiles\p1f042is.default\SearchPlugins\SearchquWebSearch.xml
C:\Program Files (x86)\Windows iLivid Toolbar
C:\Documents and Settings\Coolman\Application Data\Mozilla\Firefox\Profiles\3vztayj0.default\searchqutoolbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid] [HKCU\Software\ilividtoolbarguid] [HKLM\Software\Wow6432Node\iLividSRTB] C:\Program Files (x86)\Search Results Toolbar

Liens :

forum.malekal.com

Alias :

PUP.Bandoo

Supprimer (Remove) :

– Supprimer l’extension « Bandoo » de tous les navigateurs installés,
– Supprimer le plugin « Bandoo » de tous les navigateurs installés,
– Supprimer le logiciel « Bandoo » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
– Nettoyer avec ZHPCleaner

Rate this post

<img fetchpriority="high" decoding="async" src="https://images.zebulon.fr/images/2013/06/21/AdwareBandoo.jpg" alt="PUP.Optional.Bandoo" width="380" height="254" title="PUP.Optional.Bandoo">