:processes
:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=14335&tt=3012_2&babsrc=SP_ss_cr&mntrId=ac4c6d87000000000000001f16fbdb97
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYRU&apn_uid=f395ec2b-0d3c-4bde-85fc-0c4f00a01192&apn_sauid=79AD6A5B-6CC8-4201-9BB9-9A06F2D017EC
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=14335&tt=3012_2&babsrc=KW_ss&mntrId=ac4c6d87000000000000001f16fbdb97&q="
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
[2012.08.21 23:13:13 | 000,002,323 | ---- | M] () -- C:\Users\Fire\AppData\Roaming\mozilla\firefox\profiles\vzbmv0mb.default\searchplugins\askcom.xml
O2:[b]64bit:[/b] - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
[2009.07.14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:9D1B94FD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D5AD7675
:Services
:Files
ipconfig /flushdns /c
:Reg
:Commands
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]