:processes
:OTL
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - File not found
[2009.07.14 10:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.02.03 08:53:08 | 000,000,000 | ---D | M] -- C:\Users\Алеся\AppData\Roaming\5yN3d9k36GiZEdx
[2012.02.06 11:50:28 | 000,000,000 | ---D | M] -- C:\Users\Алеся\AppData\Roaming\7a6vHav3hoO3ag9
[2012.02.15 09:52:47 | 000,000,000 | ---D | M] -- C:\Users\Алеся\AppData\Roaming\TrWvzrydS7FhdKO
[2012.02.20 09:19:59 | 000,000,000 | ---D | M] -- C:\Users\Алеся\AppData\Roaming\XeJKRZCjZHfF419
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D8999815
:Services
:Files
ipconfig /flushdns /c
:Reg
:Commands
[EMPTYTEMP]
[purity]
[start explorer]
[Reboot]