supprimerRogue:Win32/FakeXPA

Question

Bonjour, 
j'ai ce cheval de troie comment le supprimerRogue:Win32/FakeXPA 
merci de vos réponses



Configuration: Windows Vista / Firefox 3.5.16

Utilisateur anonyme · Answer

Salut 

* Bienvenue sur CCM !




*  Télécharge ZHPDiag  (de Nicolas coolman)

*   ZHPDiag est un outil de diagnostic (Réalisé par Nicolas Coolman) . 
Le logiciel permet d'effectuer un diagnostic rapide et complet de son système d'exploitation plus complet qu un rapport d'HijackThis 
Il scrute ta Base de Registre et énumère les zones sensibles qui sont susceptibles d'être infectées. 

  ICI   >> ZHPDiag  (de Nicolas coolman)

*  Une fois le téléchargement achevé, 
* double clique sur ZHPDiag.exe et suis les instructions.
*  /!\Utilisateurs de Windows Vista et Windows 7 
*  >> Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur » 
*  Laisse toi guider lors de l'installation, 
*  coche >> créer une icône sur le bureau
*  il se lancera automatiquement à la fin.    
*   Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)   
*  Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette   
*   Héberge le rapport sur ce site,   
 >> Cijoint.fr  
*  puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.  


* Pour t aider ,pour heberger le rapport   
*  rends toi sur Cijoint.fr      
*  clic sur Parcourir      
*  trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau      
*  et valide en cliquant sur >> Cliquez ici pour déposer le Fichier     
*  un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,       
*  il te suffit de le poster ici  pour que je puisse voir le rapport  

            
                
            Membre Contributeur sécurité CCM
            Windows Vista // Windows XP

clotide · Answer

bonsoir et merci de ta réponse
j'avais mis en quarantaine fakexpa cheval de troie
voici le rapporthttp://www.cijoint.fr/cjlink.php?file=cj201012/cijYAqocWL.txt

Utilisateur anonyme · Answer

Salut 


Tu l as mis ou en Quarantaine >> fakexpa 


1)  * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX) 

* Ad-Remover  permet d'éliminer proprement les publiciels vérolés, « adware » en anglais.  
 * Affichant de la publicité en échange d'un service gratuit,  
 * certains d'entre eux contiennent des logiciels espions violant votre vie privée numérique tout en modifiant le comportement de ton système. 

   ICI  >>AD-Remover 

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\ 

*  Double-clique sur l'icône Ad-remover située sur ton Bureau. 
* Sur la page, clique sur le bouton   « Nettoyer »
* Confirme l'opération 
*  Poste le rapport qui apparaît à la fin. 
* (Le rapport est sauvegardé aussi sous C:\Ad-report.) 
* (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) 


ensuite 

2)  *  tu as Malwarebytes   

* Lances--> Malwarebytes (MBAM)   
* Fais une  mise a jour       <==  à faire 
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet     
* puis "Rechercher"     
*  Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"     
*  A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport     
*Si MalwareBytes'  détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection     
* S'il t' es demandé de redémarrer, clique sur "oui "     
*  aprés la suppression(s) de ou des infections trouvées -->poste le rapport ici    



             
                 
            Membre Contributeur sécurité CCM 
            Windows Vista // Windows XP

clotide · Answer

Bonjour
il était trop tard,hier soir donc voici un log mais c'est dimanche donc pas de soucis je peux attendre la semaine prochaine
j'en poste un seul car je ne retrouve pas l'autre
le cheval de troie est en quarantaine dans sécurity essential de microsoft
bon dimanche

=== Verbose logging started: 19/12/2010  06:14:39  Build type: SHIP UNICODE 4.05.6002.00  Calling process: C:\Windows\Explorer.exe ===
MSI (c) (38:2C) [06:14:39:568]: Resetting cached policy values
MSI (c) (38:2C) [06:14:39:568]: Machine policy value 'Debug' is 0
MSI (c) (38:2C) [06:14:39:568]: ******* RunEngine:
           ******* Product: {86D4B82A-ABED-442A-BE86-96357B70F4FE}
           ******* Action: 
           ******* CommandLine: **********
MSI (c) (38:2C) [06:14:39:568]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (38:2C) [06:14:39:568]: Grabbed execution mutex.
MSI (c) (38:2C) [06:14:39:568]: Cloaking enabled.
MSI (c) (38:2C) [06:14:39:568]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (38:2C) [06:14:39:599]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (F0:64) [06:14:39:599]: Running installation inside multi-package transaction {86D4B82A-ABED-442A-BE86-96357B70F4FE}
MSI (s) (F0:64) [06:14:39:599]: Grabbed execution mutex.
MSI (s) (F0:30) [06:14:39:615]: Resetting cached policy values
MSI (s) (F0:30) [06:14:39:615]: Machine policy value 'Debug' is 0
MSI (s) (F0:30) [06:14:39:615]: ******* RunEngine:
           ******* Product: {86D4B82A-ABED-442A-BE86-96357B70F4FE}
           ******* Action: 
           ******* CommandLine: **********
MSI (s) (F0:30) [06:14:39:615]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F0:30) [06:14:39:615]: Setting cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:615]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:14:39:630]: Machine policy value 'LimitSystemRestoreCheckpointing' is 0
MSI (s) (F0:30) [06:14:39:630]: Note: 1: 1717 2: Ask Toolbar 
MSI (s) (F0:30) [06:14:39:630]: Calling SRSetRestorePoint API. dwRestorePtType: 1, dwEventType: 102, llSequenceNumber: 0, szDescription: "Removed Ask Toolbar.".
MSI (s) (F0:30) [06:15:19:145]: The call to SRSetRestorePoint API succeeded. Returned status: 0, llSequenceNumber: 1393.
MSI (s) (F0:30) [06:15:19:145]: End dialog not enabled
MSI (s) (F0:30) [06:15:19:145]: Original package ==> C:\Windows\Installer\1a9e242.msi
MSI (s) (F0:30) [06:15:19:145]: Package we're running from ==> C:\Windows\Installer\1a9e242.msi
MSI (s) (F0:30) [06:15:19:161]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:161]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:161]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: APPCOMPAT: looking for appcompat database entry with ProductCode '{86D4B82A-ABED-442A-BE86-96357B70F4FE}'.
MSI (s) (F0:30) [06:15:19:192]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:192]: MSCOREE not loaded loading copy from system32
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'DisablePatch' is 0
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'DisableMsi' is 0
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:207]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is admin assigned: LocalSystem owns the publish key.
MSI (s) (F0:30) [06:15:19:207]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is managed.
MSI (s) (F0:30) [06:15:19:207]: Running product '{86D4B82A-ABED-442A-BE86-96357B70F4FE}' with elevated privileges: Product is assigned.
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:207]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (F0:30) [06:15:19:207]: Enabling baseline caching for this transaction since all active patches are MSI 3.0 style MSPs or at least one MSI 3.0 minor update patch is active
MSI (s) (F0:30) [06:15:19:207]: Looking for file transform: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST
MSI (s) (F0:30) [06:15:19:223]: File will have security applied from OpCode.
MSI (s) (F0:30) [06:15:19:285]: Original transform ==> C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST
MSI (s) (F0:30) [06:15:19:285]: Transform we're running from ==> C:\Windows\Installer\182748.mst
MSI (s) (F0:30) [06:15:19:285]: SOFTWARE RESTRICTION POLICY: Verifying transform --> 'C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST' against software restriction policy
MSI (s) (F0:30) [06:15:19:285]: Note: 1: 2262 2: DigitalSignature 3: -2147287038 
MSI (s) (F0:30) [06:15:19:285]: SOFTWARE RESTRICTION POLICY: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST is not digitally signed
MSI (s) (F0:30) [06:15:19:285]: SOFTWARE RESTRICTION POLICY: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST is permitted to run at the 'unrestricted' authorization level.
MSI (s) (F0:30) [06:15:19:285]: Validating transform 'C:\Windows\Installer\182748.mst' with validation bits 0
MSI (s) (F0:30) [06:15:19:285]: Transform 'C:\Windows\Installer\182748.mst' is valid.
MSI (s) (F0:30) [06:15:19:285]: Note: 1: 2262 2: Patch 3: -2147287038 
MSI (s) (F0:30) [06:15:19:285]: Note: 1: 2205 2:  3: PatchPackage 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _Tables 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _Columns 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Media 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: File 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: TRANSFORM: 'PatchPackage' table is missing or empty.  No pre-transform fixup necessary.
MSI (s) (F0:30) [06:15:19:301]: TRANSFORM: Applying regular transform to database.
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _Tables 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _Columns 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ActionText 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: AdminExecuteSequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Condition 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: AdminUISequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: AdvtExecuteSequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: AdvtUISequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: AppSearch 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Feature 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Binary 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: File 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: CheckBox 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Component 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Icon 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ComboBox 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Directory 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Dialog 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ControlCondition 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ControlEvent 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: CreateFolder 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: CustomAction 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: DrLocator 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: EventMapping 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: FeatureComponents 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: InstallUISequence 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: LaunchCondition 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ListBox 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ListView 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Media 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: MsiFileHash 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Patch 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Registry 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: RegLocator 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: RemoveFile 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: TextStyle 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: UIText 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: Upgrade 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _Validation 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ISComponentExtended 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ISCustomActionReference 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ISDFLInfo 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ISSelfReg 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: ISSetupFile 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: _MsiPatchTransformView 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: #_BaselineCost 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: #_BaselineFile 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: #_BaselineData 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: Note: 1: 2262 2: #_PatchCache 3: -2147287038 
MSI (s) (F0:30) [06:15:19:301]: APPCOMPAT: looking for appcompat database entry with ProductCode '{86D4B82A-ABED-442A-BE86-96357B70F4FE}'.
MSI (s) (F0:30) [06:15:19:301]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F0:30) [06:15:19:301]: Transforms are not secure.
MSI (s) (F0:30) [06:15:19:301]: Transforming table Property.

MSI (s) (F0:30) [06:15:19:301]: Transforming table Control.

MSI (s) (F0:30) [06:15:19:317]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\Users\ZOE\AppData\Local\Temp\MSI8ec32.LOG'.
MSI (s) (F0:30) [06:15:19:317]: Command Line: REMOVE=ALL CURRENTDIRECTORY=C:\Windows\system32 CLIENTUILEVEL=2 CLIENTPROCESSID=4408 
MSI (s) (F0:30) [06:15:19:317]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{5C94A4B5-C3D6-4EA2-B418-B370BBB9753F}'.
MSI (s) (F0:30) [06:15:19:317]: PROPERTY CHANGE: Adding TRANSFORMS property. Its value is 'C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST'.
MSI (s) (F0:30) [06:15:19:317]: Product Code passed to Engine.Initialize:           '{86D4B82A-ABED-442A-BE86-96357B70F4FE}'
MSI (s) (F0:30) [06:15:19:317]: Product Code from property table before transforms: '{86D4B82A-ABED-442A-BE86-96357B70F4FE}'
MSI (s) (F0:30) [06:15:19:317]: Product Code from property table after transforms:  '{86D4B82A-ABED-442A-BE86-96357B70F4FE}'
MSI (s) (F0:30) [06:15:19:317]: Product registered: entering maintenance mode
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is admin assigned: LocalSystem owns the publish key.
MSI (s) (F0:30) [06:15:19:317]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is managed.
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:317]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:317]: MSI_LUA: Package is marked as LUA installation capable with no elevation required
MSI (s) (F0:30) [06:15:19:317]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'.
MSI (s) (F0:30) [06:15:19:317]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Package name retrieved from configuration data: 'Ask Toolbar.msi'
MSI (s) (F0:30) [06:15:19:317]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:317]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine.
MSI (s) (F0:30) [06:15:19:317]: Transforming table Error.

MSI (s) (F0:30) [06:15:19:332]: Note: 1: 2262 2: AdminProperties 3: -2147287038 
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Modifying ALLUSERS property. Its current value is '0'. Its new value: '1'.
MSI (s) (F0:30) [06:15:19:332]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:332]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:19:332]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:332]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is admin assigned: LocalSystem owns the publish key.
MSI (s) (F0:30) [06:15:19:332]: Product {86D4B82A-ABED-442A-BE86-96357B70F4FE} is managed.
MSI (s) (F0:30) [06:15:19:332]: Running product '{86D4B82A-ABED-442A-BE86-96357B70F4FE}' with elevated privileges: Product is assigned.
MSI (s) (F0:30) [06:15:19:332]: Machine policy value 'EnableUserControl' is 0
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding RestrictedUserControl property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding REMOVE property. Its value is 'ALL'.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Windows\system32'.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '2'.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '4408'.
MSI (s) (F0:30) [06:15:19:332]: Machine policy value 'DisableAutomaticApplicationShutdown' is 0
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding MsiRestartManagerSessionKey property. Its value is '81d3a77070286c42adc504113dc8dd29'.
MSI (s) (F0:30) [06:15:19:332]: RESTART MANAGER: Session opened.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding MsiSystemRebootPending property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:332]: TRANSFORMS property is now: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1036.MST
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '0'.
MSI (s) (F0:30) [06:15:19:332]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F0:30) [06:15:19:348]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming
MSI (s) (F0:30) [06:15:19:363]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\Favorites
MSI (s) (F0:30) [06:15:19:363]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MSI (s) (F0:30) [06:15:19:363]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\Pictures\Documents
MSI (s) (F0:30) [06:15:19:379]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
MSI (s) (F0:30) [06:15:19:379]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Recent
MSI (s) (F0:30) [06:15:19:395]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\SendTo
MSI (s) (F0:30) [06:15:19:426]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Templates
MSI (s) (F0:30) [06:15:19:426]: SHELL32::SHGetFolderPath returned: C:\ProgramData
MSI (s) (F0:30) [06:15:19:426]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Local
MSI (s) (F0:30) [06:15:19:441]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\Pictures
MSI (s) (F0:30) [06:15:19:457]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (F0:30) [06:15:19:473]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (F0:30) [06:15:19:473]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
MSI (s) (F0:30) [06:15:19:488]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Start Menu
MSI (s) (F0:30) [06:15:19:488]: SHELL32::SHGetFolderPath returned: C:\Users\Public\Desktop
MSI (s) (F0:30) [06:15:19:504]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
MSI (s) (F0:30) [06:15:19:551]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI (s) (F0:30) [06:15:19:551]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
MSI (s) (F0:30) [06:15:19:566]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\AppData\Roaming\Microsoft\Windows\Start Menu
MSI (s) (F0:30) [06:15:19:597]: SHELL32::SHGetFolderPath returned: C:\Users\ZOE\Pictures\Desktop
MSI (s) (F0:30) [06:15:19:597]: SHELL32::SHGetFolderPath returned: C:\ProgramData\Microsoft\Windows\Templates
MSI (s) (F0:30) [06:15:19:597]: SHELL32::SHGetFolderPath returned: C:\Windows\Fonts
MSI (s) (F0:30) [06:15:19:613]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 20 
MSI (s) (F0:30) [06:15:19:613]: MSI_LUA: Setting AdminUser property to 1 because the product is already installed managed and per-machine
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding AdminUser property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:613]: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding MsiRunningElevated property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:613]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'ALLAIS MICHELLLE'.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'TOSHIBA'.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding Installed property. Its value is '2010/05/26 16:23:24'.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\Windows\Installer\1a9e242.msi'.
MSI (s) (F0:30) [06:15:19:613]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Windows\Installer\1a9e242.msi'.
MSI (s) (F0:30) [06:15:19:613]: Machine policy value 'MsiDisableEmbeddedUI' is 0
MSI (s) (F0:30) [06:15:19:629]: Note: 1: 2205 2:  3: PatchPackage 
MSI (s) (F0:30) [06:15:19:629]: Machine policy value 'DisableRollback' is 0
MSI (s) (F0:30) [06:15:19:629]: User policy value 'DisableRollback' is 0
MSI (s) (F0:30) [06:15:19:629]: PROPERTY CHANGE: Adding UILevel property. Its value is '3'.
=== Logging started: 19/12/2010  06:15:19 ===
MSI (s) (F0:30) [06:15:19:629]: PROPERTY CHANGE: Adding Preselected property. Its value is '1'.
MSI (s) (F0:30) [06:15:19:629]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (F0:30) [06:15:19:629]: Doing action: INSTALL
Action start 06:15:19: INSTALL.
MSI (s) (F0:30) [06:15:19:675]: Running ExecuteSequence
MSI (s) (F0:30) [06:15:19:675]: Skipping action: vb_Reporting_cps (condition is false)
MSI (s) (F0:30) [06:15:19:675]: Doing action: vb_DetermineLanguage
MSI (s) (F0:30) [06:15:19:691]: Creating MSIHANDLE (15) of type 790542 for thread 304
MSI (s) (F0:28) [06:15:19:691]: Creating MSIHANDLE (16) of type 0 for thread 5928
MSI (s) (F0:D0) [06:15:19:738]: Generating random cookie.
MSI (s) (F0:D0) [06:15:19:816]: Created Custom Action Server with PID 2484 (0x9B4).
MSI (s) (F0:C8) [06:15:20:611]: Running as a service.
MSI (s) (F0:C8) [06:15:20:627]: Hello, I'm your 32bit Impersonated custom action server.
MSI (s) (F0!30) [06:15:20:721]: PROPERTY CHANGE: Adding AskTBLanguage property. Its value is 'French'.
MSI (s) (F0:28) [06:15:20:721]: Closing MSIHANDLE (16) of type 0 for thread 5928
MSI (s) (F0:28) [06:15:20:721]: Closing MSIHANDLE (15) of type 790542 for thread 304
Action start 06:15:19: vb_DetermineLanguage.
MSI (s) (F0:30) [06:15:20:721]: Doing action: vb_IS_IE_OPEN
Action ended 06:15:20: vb_DetermineLanguage. Return value 0.
MSI (s) (F0:30) [06:15:20:736]: Creating MSIHANDLE (17) of type 790542 for thread 304
MSI (s) (F0:7C) [06:15:20:736]: Creating MSIHANDLE (18) of type 0 for thread 2428
MSI (s) (F0:7C) [06:15:23:029]: Closing MSIHANDLE (18) of type 0 for thread 2428
MSI (s) (F0:7C) [06:15:23:029]: Closing MSIHANDLE (17) of type 790542 for thread 304
Action start 06:15:20: vb_IS_IE_OPEN.
MSI (s) (F0:30) [06:15:23:029]: Skipping action: vb_Abort_Install_IF_IEOPEN (condition is false)
MSI (s) (F0:30) [06:15:23:029]: Doing action: ISSetupFilesExtract
Action ended 06:15:23: vb_IS_IE_OPEN. Return value 0.
MSI (s) (F0:30) [06:15:23:185]: Creating MSIHANDLE (19) of type 790542 for thread 304
MSI (s) (F0:FC) [06:15:23:185]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9628.tmp, Entrypoint: SFStartupEx
MSI (s) (F0!4C) [06:15:23:326]: Creating MSIHANDLE (20) of type 790531 for thread 5708
Action start 06:15:23: ISSetupFilesExtract.
MSI (s) (F0!4C) [06:15:23:326]: Closing MSIHANDLE (20) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:326]: Creating MSIHANDLE (21) of type 790531 for thread 5708
1: Starting to extract setup files 
MSI (s) (F0!4C) [06:15:23:326]: Closing MSIHANDLE (21) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:326]: Creating MSIHANDLE (22) of type 790531 for thread 5708
1: Getting SUPPORTDIR property :   
MSI (s) (F0!4C) [06:15:23:341]: Closing MSIHANDLE (22) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (23) of type 790541 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (24) of type 790531 for thread 5708
1: Extracting SetupFiles to:  C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE} 
MSI (s) (F0!4C) [06:15:23:341]: Closing MSIHANDLE (24) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (25) of type 790540 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (26) of type 790531 for thread 5708
1: Getting ISSetupFile table view 
MSI (s) (F0!4C) [06:15:23:341]: Closing MSIHANDLE (26) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (27) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:341]: Creating MSIHANDLE (28) of type 790531 for thread 5708
1: Executing ISSetupFile table view 
MSI (s) (F0!4C) [06:15:23:357]: Closing MSIHANDLE (28) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:357]: Creating MSIHANDLE (29) of type 790531 for thread 5708
1: Extracting Setup File: 
MSI (s) (F0!4C) [06:15:23:357]: Closing MSIHANDLE (29) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:575]: Closing MSIHANDLE (27) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:591]: Creating MSIHANDLE (30) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:591]: Creating MSIHANDLE (31) of type 790531 for thread 5708
1: C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe 
MSI (s) (F0!4C) [06:15:23:591]: Closing MSIHANDLE (31) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:591]: Creating MSIHANDLE (32) of type 790531 for thread 5708
1: Extracting Setup File: 
MSI (s) (F0!4C) [06:15:23:607]: Closing MSIHANDLE (32) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:794]: Closing MSIHANDLE (30) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:794]: Creating MSIHANDLE (33) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:794]: Creating MSIHANDLE (34) of type 790531 for thread 5708
1: C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe 
MSI (s) (F0!4C) [06:15:23:794]: Closing MSIHANDLE (34) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:23:809]: Creating MSIHANDLE (35) of type 790531 for thread 5708
1: Extracting Setup File: 
MSI (s) (F0!4C) [06:15:23:809]: Closing MSIHANDLE (35) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:24:418]: Closing MSIHANDLE (33) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:24:418]: Creating MSIHANDLE (36) of type 790531 for thread 5708
1: C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe 
MSI (s) (F0!4C) [06:15:24:433]: Closing MSIHANDLE (36) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:24:433]: PROPERTY CHANGE: Adding SUPPORTDIR property. Its value is 'C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}'.
MSI (s) (F0!4C) [06:15:24:433]: PROPERTY CHANGE: Adding ISSETUPFILESCOMPLETED property. Its value is 'Completed'.
MSI (s) (F0!4C) [06:15:24:433]: Creating MSIHANDLE (37) of type 790531 for thread 5708
1: Setting SUPPORTDIR property to:  C:\Users\ZOE\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE} 
MSI (s) (F0!4C) [06:15:24:433]: Closing MSIHANDLE (37) of type 790531 for thread 5708
MSI (s) (F0!4C) [06:15:24:433]: Closing MSIHANDLE (25) of type 790540 for thread 5708
MSI (s) (F0!4C) [06:15:24:433]: Closing MSIHANDLE (23) of type 790541 for thread 5708
MSI (s) (F0:FC) [06:15:24:433]: Closing MSIHANDLE (19) of type 790542 for thread 304
1: Setting ISSETUPFILESCOMPLETED property 
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_Reporting_wmi (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_Reporting_asf (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_os64bit (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_Reporting_os1 (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_Reporting_os2 (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Skipping action: vb_Abort_Install64bit (condition is false)
MSI (s) (F0:30) [06:15:24:449]: Doing action: vb_Set_ProductName_4Nascar
Action ended 06:15:24: ISSetupFilesExtract. Return value 1.
MSI (s) (F0:30) [06:15:24:449]: Creating MSIHANDLE (38) of type 790542 for thread 304
MSI (s) (F0:18) [06:15:24:449]: Creating MSIHANDLE (39) of type 0 for thread 5656
MSI (s) (F0:18) [06:15:24:480]: Closing MSIHANDLE (39) of type 0 for thread 5656
MSI (s) (F0:18) [06:15:24:480]: Closing MSIHANDLE (38) of type 790542 for thread 304
Action start 06:15:24: vb_Set_ProductName_4Nascar.
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_Reporting_ams (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_AskHomePageReset (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: ISSetAllUsers (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_INTERIM_INSTALLED (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_Reporting_iti (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_Reporting_sti (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_Abort_Install (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Skipping action: vb_Abort_InstallSupertoolbar (condition is false)
MSI (s) (F0:30) [06:15:24:480]: Doing action: vb_IsPartnerEmpty
Action ended 06:15:24: vb_Set_ProductName_4Nascar. Return value 0.
MSI (s) (F0:30) [06:15:24:480]: Creating MSIHANDLE (40) of type 790542 for thread 304
MSI (s) (F0:38) [06:15:24:496]: Creating MSIHANDLE (41) of type 0 for thread 2616
MSI (s) (F0:38) [06:15:24:527]: Closing MSIHANDLE (41) of type 0 for thread 2616
MSI (s) (F0:38) [06:15:24:527]: Closing MSIHANDLE (40) of type 790542 for thread 304
Action start 06:15:24: vb_IsPartnerEmpty.
MSI (s) (F0:30) [06:15:24:543]: Skipping action: vb_Reporting_pid (condition is false)
MSI (s) (F0:30) [06:15:24:543]: Skipping action: vb_AbortEmptyPartner (condition is false)
MSI (s) (F0:30) [06:15:24:543]: Doing action: macropath
Action ended 06:15:24: vb_IsPartnerEmpty. Return value 0.
Action start 06:15:24: macropath.
MSI (s) (F0:30) [06:15:25:245]: Doing action: vb_UnhideTB
Action ended 06:15:25: macropath. Return value 1.
MSI (s) (F0:30) [06:15:25:245]: Creating MSIHANDLE (42) of type 790542 for thread 304
MSI (s) (F0:00) [06:15:25:245]: Creating MSIHANDLE (43) of type 0 for thread 4352
MSI (s) (F0:00) [06:15:31:765]: Closing MSIHANDLE (43) of type 0 for thread 4352
MSI (s) (F0:00) [06:15:31:765]: Closing MSIHANDLE (42) of type 790542 for thread 304
Action start 06:15:25: vb_UnhideTB.
MSI (s) (F0:30) [06:15:31:781]: Doing action: AppSearch
Action ended 06:15:31: vb_UnhideTB. Return value 0.
Action start 06:15:31: AppSearch.
MSI (s) (F0:30) [06:15:31:781]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:781]: Note: 1: 1325 2: extensions 
MSI (s) (F0:30) [06:15:31:781]: PROPERTY CHANGE: Adding FIND_MOZ_EXT property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions\'.
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 1402 2: HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\InprocServer32 3: 2 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\AppDataLow\Software\AskSuperBar\Prefs 3: 2 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\AskSuperBar\Prefs 3: 2 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 1402 2: HKEY_CLASSES_ROOT\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\InprocServer32 3: 2 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\AppDataLow\Software\AskSuperBar\Macro 3: 2 
MSI (s) (F0:30) [06:15:31:797]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:797]: PROPERTY CHANGE: Modifying IS_MOZILLA_INSTALLED property. Its current value is '1'. Its new value: '3.5.16 (fr)'.
MSI (s) (F0:30) [06:15:31:812]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:812]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\AppDataLow\Software\AskSuperBar\Macro 3: 2 
MSI (s) (F0:30) [06:15:31:812]: Note: 1: 2262 2: Signature 3: -2147287038 
MSI (s) (F0:30) [06:15:31:812]: Note: 1: 1325 2: searchplugins 
MSI (s) (F0:30) [06:15:31:812]: PROPERTY CHANGE: Adding SEARCH_PLUGIN_DIR property. Its value is 'C:\Program Files\Mozilla Firefox\searchplugins\'.
MSI (s) (F0:30) [06:15:31:812]: Doing action: LaunchConditions
Action ended 06:15:31: AppSearch. Return value 1.
Action start 06:15:31: LaunchConditions.
MSI (s) (F0:30) [06:15:31:812]: Skipping action: vb_Reporting_ilc (condition is false)
MSI (s) (F0:30) [06:15:31:812]: Doing action: vb_SetRegLoc
Action ended 06:15:31: LaunchConditions. Return value 1.
MSI (s) (F0:30) [06:15:31:828]: Creating MSIHANDLE (44) of type 790542 for thread 304
MSI (s) (F0:50) [06:15:31:828]: Creating MSIHANDLE (45) of type 0 for thread 4944
MSI (s) (F0!30) [06:15:31:843]: PROPERTY CHANGE: Adding REGISTRY_LOCATION property. Its value is 'Software\AppDataLow\Software\AskToolbar\Macro'.
MSI (s) (F0!30) [06:15:31:843]: PROPERTY CHANGE: Adding REGISTRY_PREFS_LOCATION property. Its value is 'HKCU\Software\AppDataLow\Software\AskToolbar\Prefs'.
MSI (s) (F0:50) [06:15:31:843]: Closing MSIHANDLE (45) of type 0 for thread 4944
MSI (s) (F0:50) [06:15:31:843]: Closing MSIHANDLE (44) of type 790542 for thread 304
Action start 06:15:31: vb_SetRegLoc.
MSI (s) (F0:30) [06:15:31:843]: Skipping action: vb_IS_MOZ_1_5 (condition is false)
MSI (s) (F0:30) [06:15:31:843]: Skipping action: vb_SetBuildNumber (condition is false)
MSI (s) (F0:30) [06:15:31:843]: Skipping action: vb_Reporting_ast (condition is false)
MSI (s) (F0:30) [06:15:31:843]: Skipping action: vb_CreateGUIDS (condition is false)
MSI (s) (F0:30) [06:15:31:843]: Doing action: FindRelatedProducts
Action ended 06:15:31: vb_SetRegLoc. Return value 0.
MSI (s) (F0:30) [06:15:31:859]: Skipping FindRelatedProducts action: not run in maintenance mode
Action start 06:15:31: FindRelatedProducts.
MSI (s) (F0:30) [06:15:31:859]: Skipping action: ISPreventDowngrade (condition is false)
MSI (s) (F0:30) [06:15:31:859]: Skipping action: CCPSearch (condition is false)
MSI (s) (F0:30) [06:15:31:859]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (F0:30) [06:15:31:859]: Doing action: ValidateProductID
Action ended 06:15:31: FindRelatedProducts. Return value 0.
Action start 06:15:31: ValidateProductID.
MSI (s) (F0:30) [06:15:31:859]: Doing action: CostInitialize
Action ended 06:15:31: ValidateProductID. Return value 1.
MSI (s) (F0:30) [06:15:31:875]: Machine policy value 'MaxPatchCacheSize' is 10
MSI (s) (F0:30) [06:15:31:875]: Baseline: Sorting baselines for {86D4B82A-ABED-442A-BE86-96357B70F4FE}.
MSI (s) (F0:30) [06:15:31:875]: Baseline: New baseline 1.8.0 from transaction.
MSI (s) (F0:30) [06:15:31:875]: Baseline: Sorted order Native: Order 0.
MSI (s) (F0:30) [06:15:31:875]: Baseline Data Table:
MSI (s) (F0:30) [06:15:31:875]: ProductCode: {86D4B82A-ABED-442A-BE86-96357B70F4FE} Version: 1.8.0 Attributes: 0 PatchId: Native BaselineId: -2147483648 Order: 0
MSI (s) (F0:30) [06:15:31:875]: Baseline File Table:
Action start 06:15:31: CostInitialize.
MSI (s) (F0:30) [06:15:31:937]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'E:\'.
MSI (s) (F0:30) [06:15:31:937]: Note: 1: 1325 2: FIND_MOZ_EXT 
MSI (s) (F0:30) [06:15:31:953]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (F0:30) [06:15:31:953]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2262 2: Patch 3: -2147287038 
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2205 2:  3: PatchPackage 
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2205 2:  3: MsiPatchHeaders 
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2205 2:  3: __MsiPatchFileList 
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2205 2:  3: PatchPackage 
MSI (s) (F0:30) [06:15:31:953]: Note: 1: 2228 2:  3: PatchPackage 4: SELECT 'DiskId', 'PatchId', 'LastSequence' FROM 'Media', 'PatchPackage' WHERE 'Media'.'DiskId'='PatchPackage'.'Media_' ORDER BY 'DiskId'  
MSI (s) (F0:30) [06:15:31:953]: Delta compression fallback method for this product transaction is 'MSI 2.0 legacy obsolescence'
MSI (s) (F0:30) [06:15:31:953]: Skipping action: ResolveSource (condition is false)
MSI (s) (F0:30) [06:15:31:953]: Doing action: FileCost
Action ended 06:15:31: CostInitialize. Return value 1.
MSI (s) (F0:30) [06:15:31:968]: Note: 1: 2205 2:  3: MsiAssembly 
MSI (s) (F0:30) [06:15:31:968]: Note: 1: 2205 2:  3: Class 
MSI (s) (F0:30) [06:15:31:968]: Note: 1: 2205 2:  3: Extension 
MSI (s) (F0:30) [06:15:31:968]: Note: 1: 2205 2:  3: TypeLib 
Action start 06:15:31: FileCost.
MSI (s) (F0:30) [06:15:31:984]: Doing action: IsolateComponents
Action ended 06:15:31: FileCost. Return value 1.
Action start 06:15:31: IsolateComponents.
MSI (s) (F0:30) [06:15:31:999]: Doing action: CostFinalize
Action ended 06:15:31: IsolateComponents. Return value 0.
Action start 06:15:32: CostFinalize.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (F0:30) [06:15:32:031]: Note: 1: 2205 2:  3: MsiAssembly 
MSI (s) (F0:30) [06:15:32:031]: Note: 1: 2228 2:  3: MsiAssembly 4:  SELECT 'MsiAssembly'.'Attributes', 'MsiAssembly'.'File_Application', 'MsiAssembly'.'File_Manifest',  'Component'.'KeyPath' FROM 'MsiAssembly', 'Component' WHERE  'MsiAssembly'.'Component_' = 'Component'.'Component' AND 'MsiAssembly'.'Component_' = ? 
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding PREFERENCES property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding TOOLBAR_ASK.COM1 property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com'.
MSI (s) (F0:30) [06:15:32:031]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files\Ask.com'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _886B7EA45FD74B18AE74C3BCFE33F17C property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _CCE9602AAB54473F807433AE16DF1164 property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\content'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _912B2F190B424C8DAC8794CEB73EFC91 property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\skin'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _8AF163356932442AB81DD3A0DFF03B1B property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome	emp'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _0307E3598F524C5C915A533DA0352A81 property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _171D48F9B10941D9829E6C6B8BCADCEA property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _34B99667211F49E3BEC941B5EE5A686D property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\searchplugins'.
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'E:\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding USERPROFILE property. Its value is 'E:\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding DIRPROPERTY1 property. Its value is 'E:\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding PROGRAM_FILES property. Its value is 'E:\Program Files\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding MOZILLA_FIREFOX property. Its value is 'E:\Program Files\Mozilla Firefox\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding EXTENSIONS property. Its value is 'E:\Program Files\Mozilla Firefox\extensions\'.
MSI (s) (F0:30) [06:15:32:046]: PROPERTY CHANGE: Adding _2 property. Its value is 'E:\Program Files\Mozilla Firefox\extensions\22\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding ISCommonFilesFolder property. Its value is 'C:\Program Files\Common Files\InstallShield\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding ISUpdateServiceFolder property. Its value is 'C:\Program Files\Common Files\InstallShield\UpdateService\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying TOOLBAR_ASK.COM1 property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _34B99667211F49E3BEC941B5EE5A686D property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\searchplugins'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\searchplugins\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _0307E3598F524C5C915A533DA0352A81 property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _171D48F9B10941D9829E6C6B8BCADCEA property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _886B7EA45FD74B18AE74C3BCFE33F17C property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _8AF163356932442AB81DD3A0DFF03B1B property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome	emp'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome	emp\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _912B2F190B424C8DAC8794CEB73EFC91 property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\skin'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\skin\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying _CCE9602AAB54473F807433AE16DF1164 property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\content'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\content\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding DEFAULTS property. Its value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying PREFERENCES property. Its current value is 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences'. Its new value: 'C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding ASK.COM property. Its value is 'C:\Program Files\Ask.com\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Modifying INSTALLDIR property. Its current value is 'C:\Program Files\Ask.com'. Its new value: 'C:\Program Files\Ask.com\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding ISYourDataBaseDir property. Its value is 'C:\Program Files\Ask.com\Database\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding DATABASEDIR property. Its value is 'C:\Program Files\Ask.com\Database\'.
MSI (s) (F0:30) [06:15:32:062]: PROPERTY CHANGE: Adding ALLUSERSPROFILE property. Its value is 'E:\'.
MSI (s) (F0:30) [06:15:32:062]: Target path resolution complete. Dumping Directory table...
MSI (s) (F0:30) [06:15:32:062]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: TARGETDIR	, Object: E:\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: WindowsFolder	, Object: C:\Windows\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: DATA_DIR	, Object: NULL
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: USERPROFILE	, Object: E:\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: SystemFolder	, Object: C:\Windows\system32\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: DIRPROPERTY1	, Object: E:\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: PROGRAM_FILES	, Object: E:\Program Files\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: MOZILLA_FIREFOX	, Object: E:\Program Files\Mozilla Firefox\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: EXTENSIONS	, Object: E:\Program Files\Mozilla Firefox\extensions\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _2	, Object: E:\Program Files\Mozilla Firefox\extensions\22\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: CommonFilesFolder	, Object: C:\Program Files\Common Files\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ISCommonFilesFolder	, Object: C:\Program Files\Common Files\InstallShield\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ISUpdateServiceFolder	, Object: C:\Program Files\Common Files\InstallShield\UpdateService\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: FIND_MOZ_EXT	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: TOOLBAR_ASK.COM1	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _34B99667211F49E3BEC941B5EE5A686D	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\searchplugins\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _0307E3598F524C5C915A533DA0352A81	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _171D48F9B10941D9829E6C6B8BCADCEA	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _886B7EA45FD74B18AE74C3BCFE33F17C	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _8AF163356932442AB81DD3A0DFF03B1B	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome	emp\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _912B2F190B424C8DAC8794CEB73EFC91	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\skin\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: _CCE9602AAB54473F807433AE16DF1164	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\chrome\content\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: DEFAULTS	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: PREFERENCES	, Object: C:\Users\ZOE\AppData\Roaming\Mozilla\Firefox\Profiles
t2vvblv.default\extensions	oolbar@ask.com\defaults\preferences\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ProgramFilesFolder	, Object: C:\Program Files\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ASK.COM	, Object: C:\Program Files\Ask.com\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: INSTALLDIR	, Object: C:\Program Files\Ask.com\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ISYourDataBaseDir	, Object: C:\Program Files\Ask.com\Database\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: DATABASEDIR	, Object: C:\Program Files\Ask.com\Database\
MSI (s) (F0:30) [06:15:32:062]: Dir (target): Key: ALLUSERSPROFILE	, Object: E:\
MSI (s) (F0:30) [06:15:32:155]: Skipping action: SetARPINSTALLLOCATION (condition is false)
MSI (s) (F0:30) [06:15:32:155]: Doing action: SetODBCFolders
Action ended 06:15:32: CostFinalize. Return value 1.
MSI (s) (F0:30) [06:15:32:155]: Note: 1: 2205 2:  3: ODBCDriver 
MSI (s) (F0:30) [06:15:32:155]: Note: 1: 2228 2:  3: ODBCDriver 4: SELECT 'ComponentId','Description','Directory_', 'ActionRequest', 'Installed', 'Attributes' FROM 'ODBCDriver', 'Component' WHERE 'ODBCDriver'.'Component_' = 'Component' AND ('ActionRequest' = 1 OR 'ActionRequest' = 2) 
MSI (s) (F0:30) [06:15:32:155]: Note: 1: 2205 2:  3: ODBCTranslator 
MSI (s) (F0:30) [06:15:32:155]: Note: 1: 2228 2:  3: ODBCTranslator 4: SELECT 'ComponentId','Description','Directory_', 'ActionRequest', 'Installed', 'Attributes' FROM 'ODBCTranslator', 'Component' WHERE 'ODBCTranslator'.'Component_' = 'Component' AND ('ActionRequest' = 1 OR 'ActionRequest' = 2) 
Action start 06:15:32: SetODBCFolders.
MSI (s) (F0:30) [06:15:32:155]: Doing action: MigrateFeatureStates
Action ended 06:15:32: SetODBCFolders. Return value 0.
MSI (s) (F0:30) [06:15:32:155]: Skipping MigrateFeatureStates action: not run in maintenance mode
Action start 06:15:32: MigrateFeatureStates.
MSI (s) (F0:30) [06:15:32:171]: Doing action: InstallValidate
Action ended 06:15:32: MigrateFeatureStates. Return value 0.
Action start 06:15:32: InstallValidate.
MSI (s) (F0:30) [06:15:32:187]: PROPERTY CHANGE: Deleting MsiRestartManagerSessionKey property. Its current value is '81d3a77070286c42adc504113dc8dd29'.
MSI (s) (F0:30) [06:15:32:187]: Feature: SuperToolbarFF; Installed: Local;   Request: Absent;   Action: Absent
MSI (s) (F0:30) [06:15:32:187]: Feature: SuperToolbarIE; Installed: Local;   Request: Absent;   Action: Absent
MSI (s) (F0:30) [06:15:32:187]: Component: __saUpdate65; Installed: Null;   Request: Absent;   Action: Absent;   Client State: Null
MSI (s) (F0:30) [06:15:32:187]: Component: __GenericAskToolbar.dll66; Installed: Null;   Request: Absent;   Action: Absent;   Client State: Null
MSI (s) (F0:30) [06:15:32:187]: Component: __GenericAskToolbar.dll65; Installed: Null;   Request: Absent;   Action: Absent;   Client State: Null
MSI (s) (F0:30) [06:15:32:187]: Component: AllOtherFiles; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: FF_files; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: SearchPlugin; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: addmacro.exe; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: addmacro.exe1; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: ConfigFiles; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: GenericAskToolbar.dll; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: ISRegistryComponent; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: TaskScheduler.exe; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Absent
MSI (s) (F0:30) [06:15:32:187]: Component: UpdateTask.exe; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: addmacro; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: saUpdate; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _CD52522915C26198F397574ACD3E895F; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _D816E8FEA3BBBFD8354165B5C846FE54; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _637F21E0286DF764E1D51D895048AE2E; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _BB5B42A1258E30BC0D809F8A5CBA06EE; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _53290AA633153102B278E82C9F531AFF; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _D971ADCB916461958833E93C4CA49CC7; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Component: _9A1B776D17604D4406F2F4A64E968AEF; Installed: Local;   Request: Absent;   Action: Absent;   Client State: Local
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: BindImage 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: ProgId 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: PublishComponent 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: SelfReg 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: Extension 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: Font 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: Shortcut 
MSI (s) (F0:30) [06:15:32:187]: Note: 1: 2205 2:  3: Class 
MSI (s) (F0:30) [06:15:32:218]: Note: 1: 2756 2: DATA_DIR 
MSI (s) (F0:30) [06:15:35:712]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: BindImage 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: ProgId 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: PublishComponent 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: SelfReg 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: Extension 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: Font 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: Shortcut 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2205 2:  3: Class 
MSI (s) (F0:30) [06:15:35:712]: Note: 1: 2727 2:  
MSI (s) (F0:30) [06:15:36:227]: Note: 1: 2727 2:  
MSI (s) (F0:30) [06:15:36:227]: Doing action: RemoveExistingProducts
Action ended 06:15:36: InstallValidate. Return value 1.
MSI (s) (F0:30) [06:15:36:243]: Skipping RemoveExistingProducts action: current configuration is maintenance mode or an uninstall
Action start 06:15:36: RemoveExistingProducts.
MSI (s) (F0:30) [06:15:36:243]: Doing action: InstallInitialize
Action ended 06:15:36: RemoveExistingProducts. Return value 0.
MSI (s) (F0:30) [06:15:36:243]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:36:243]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F0:30) [06:15:36:243]: MSI_LUA: Entering Credential Request. hwnd = 394042, MsiAction = 1, productname = Ask Toolbar, version = 1.8.0.0, language = 1036, manufacturer = Ask.com
MSI (s) (F0:30) [06:15:36:243]: MSI_LUA:  (continued)... packagepath = , packagesource = , dwUpdates = 0
MSI (s) (F0:30) [06:16:16:147]: MSI_LUA: Credential Request return = 0x0
MSI (s) (F0:30) [06:16:16:147]: MSI_LUA: Elevated credential consent provided. Install will run elevated
MSI (s) (F0:30) [06:16:16:147]: Note: 1: 2205 2:  3: MsiPackageCertificate 
MSI (s) (F0:30) [06:16:16:147]: Note: 1: 2205 2:  3: MsiDigitalCertificate 
MSI (s) (F0:30) [06:16:16:147]: BeginTransaction: Locking Server
MSI (s) (F0:30) [06:16:16:147]: Transforming table Property.

MSI (s) (F0:30) [06:16:16:147]: Server not locked: locking for product {86D4B82A-ABED-442A-BE86-96357B70F4FE}
MSI (s) (F0:30) [06:16:16:584]: Using cached product context: machine assigned for product: A28B4D68DEBAA244EB686953B7074FEF
MSI (s) (F0:30) [06:16:16:584]: Using cached product context: machine assigned for product: A28B4D68DEBAA2

clotide · Answer

rebonjour, j'ai réussi à avoir celui là

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:23:25 le 19/12/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows Vista(TM) Édition Familiale Premium  (Service Pack 2 - X86)
Nom du PC: MONNOMMICHELLE (TOSHIBA Satellite A200)
Utilisateur actuel: ZOE
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Users\ZOE\AppData\Local\Temp\AskSearch
C:\Users\ZOE\AppData\Local\Temp\ASKSUTBLOG
C:\Users\ZOE\AppData\Roaming\Mozilla\FireFox\Profiles
t2vvblv.default\searchplugins\askcom.xml
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\Software\SweetIM
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.16 (fr) *
.
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.search.defaultenginename: Google
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage: hxxp://www.bing.com/search?q=EBAY&FORM=MIZWH9&CP=65001&mkt=fr-fr
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
C:\Users\ZOE\..
t2vvblv.default\user.js - keyword.URL: hxxp://redirecterror.sfr.fr/?q=
.
.
* Internet Explorer Version 9.0.7930.16406 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Show_ToolBar: yes
Start Page: hxxp://www.01net.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 2772 Octet(s)
.
Fin à: 11:34:52, 19/12/2010
.
============== E.O.F - SCAN[1] ==============

Utilisateur anonyme · Answer

Salut


tu n avais pas fait l option Nettoyer avec Ad-Remover
donc

1) /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\  

*  Double-clique sur l'icône Ad-remover située sur ton Bureau.  
* Sur la page, clique sur le bouton   « Nettoyer » 
* Confirme l'opération  
*  Poste le rapport qui apparaît à la fin.  
* (Le rapport est sauvegardé aussi sous C:\Ad-report.)  
* (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)  


ensuite  

2)  *  tu as Malwarebytes    

* Lances--> Malwarebytes (MBAM)    
* Fais une  mise a jour       <==  à faire  
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet      
* puis "Rechercher"      
*  Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"      
*  A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport      
*Si MalwareBytes'  détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection      
* S'il t' es demandé de redémarrer, clique sur "oui "      
*  aprés la suppression(s) de ou des infections trouvées -->poste le rapport ici     



            
                
            Membre Contributeur sécurité CCM
            Windows Vista // Windows XP

clotide · Answer

voici le rapport ad remover nettoyer
maintenant je le suivant

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:54:43 le 19/12/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows Vista(TM) Édition Familiale Premium  (Service Pack 2 - X86)
Nom du PC: MONNOMMICHELLE (TOSHIBA Satellite A200)
Utilisateur actuel: ZOE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.

(!) -- Fichiers temporaires supprimés.
.
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.16 (fr) *
.
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.search.defaultenginename: Google
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage: hxxp://www.bing.com/search?q=EBAY&FORM=MIZWH9&CP=65001&mkt=fr-fr
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
C:\Users\ZOE\..
t2vvblv.default\user.js - keyword.URL: hxxp://redirecterror.sfr.fr/?q=
.
.
* Internet Explorer Version 9.0.7930.16406 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 3 Fichier(s)
C:\Ad-Remover\Backup: 15 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 2941 Octet(s)
C:\Ad-Report-CLEAN[2].txt - 2390 Octet(s)
C:\Ad-Report-SCAN[1].txt - 2896 Octet(s)
.
Fin à: 17:03:41, 19/12/2010
.
============== E.O.F - CLEAN[2] ==============

Utilisateur anonyme · Answer

Re 

ce rapport >>CLEAN[2].txt d Ad-remover ne montre rien car tu as fait deux fois nettoyer  

cliques >> Démarrer >> Ordinateur >> Disque >> C:\Ad-Report-CLEAN[1].txt  poste ce rapport 


et fais Malwarebytes' mbam comme d écris  
poste le rapport 
             
                 
            Membre Contributeur sécurité CCM 
            Windows Vista // Windows XP

clotide · Answer

voilà le rapport de malwarebytes
lque dois je faire avec le cheval de troie que j'ai mis en quarentaine

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Version de la base de données: 5358

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

19/12/2010 18:37:26
mbam-log-2010-12-19 (18-37-26).txt

Type d'examen: Examen complet (C:\|E:\|F:\|)
Elément(s) analysé(s): 299221
Temps écoulé: 1 heure(s), 22 minute(s), 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

clotide · Answer

voilà jai  trouvé celui ci

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:28:14 le 19/12/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows Vista(TM) Édition Familiale Premium  (Service Pack 2 - X86)
Nom du PC: MONNOMMICHELLE (TOSHIBA Satellite A200)
Utilisateur actuel: ZOE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Users\ZOE\AppData\Local\Temp\AskSearch
C:\Users\ZOE\AppData\Local\Temp\ASKSUTBLOG
C:\Users\ZOE\AppData\Roaming\Mozilla\FireFox\Profiles
t2vvblv.default\searchplugins\askcom.xml

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\Software\SweetIM
HKLM\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847}
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.16 (fr) *
.
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.search.defaultenginename: Google
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage: hxxp://www.bing.com/search?q=EBAY&FORM=MIZWH9&CP=65001&mkt=fr-fr
C:\Users\ZOE\..
t2vvblv.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
C:\Users\ZOE\..
t2vvblv.default\user.js - keyword.URL: hxxp://redirecterror.sfr.fr/?q=
.
.
* Internet Explorer Version 9.0.7930.16406 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 3 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 2773 Octet(s)
C:\Ad-Report-SCAN[1].txt - 2896 Octet(s)
.
Fin à: 16:39:35, 19/12/2010
.
============== E.O.F - CLEAN[1] ==============

Utilisateur anonyme · Answer

Salut


Bon dans ton rapport de  Microsoft sécurity essential    pas de trace de >> Rogue: Win32/FakeXPA 

lances >>> Microsoft sécurity essential  >> Quarantaine et si tu trouves >> Win32/FakeXPA >> Supprimes 

si il te demande de redémarrer ton PC fais le

refais ensuite une nouvelle analyse >> poste le rapport

            
                
            Membre Contributeur sécurité CCM
            Windows Vista // Windows XP

SupprimerRogue:Win32/FakeXPA

11 réponses

Votre réponse

Newsletters