ComboFix 07-12-31.4 - Krzys 2008-01-02 18:39:59.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.65 [GMT 1:00]
Running from: C:\Documents and Settings\Krzys\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KLI34DQR\ComboFix[1].exe
.

(((((((((((((((((((((((((   Files Created from 2007-12-02 to 2008-01-02  )))))))))))))))))))))))))))))))
.

2008-01-01 22:19 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-01 21:35 . 2008-01-01 21:35	<DIR>	d--------	C:\Program Files\Trend Micro
2007-12-30 13:13 . 2007-12-30 13:13	<DIR>	d--------	C:\Program Files\Alwil Software
2007-12-30 13:13 . 2003-03-18 21:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll
2007-12-29 19:42 . 2007-12-29 19:42	<DIR>	d--------	C:\Documents and Settings\Krzys\Dane aplikacji\PC Tools
2007-12-29 19:41 . 2008-01-02 18:15	<DIR>	d--------	C:\Program Files\PC Tools AntiVirus
2007-12-29 19:41 . 2007-12-29 19:41	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
2007-12-29 19:41 . 2006-11-24 11:19	499,712	--a------	C:\WINDOWS\system32\msvcp71.dll
2007-12-29 19:41 . 2006-11-24 11:19	348,160	--a------	C:\WINDOWS\system32\msvcr71.dll
2007-12-29 19:41 . 2007-09-17 13:38	22,528	--a------	C:\WINDOWS\system32\drivers\AVHook.sys
2007-12-29 19:41 . 2007-09-17 13:38	15,872	--a------	C:\WINDOWS\system32\drivers\AVRec.sys
2007-12-29 19:41 . 2007-09-17 13:38	15,872	--a------	C:\WINDOWS\system32\drivers\AVFilter.sys
2007-12-29 19:32 . 2007-12-29 19:32	<DIR>	d--------	C:\Program Files\Advanced Registry Optimizer
2007-12-29 19:32 . 2007-12-29 19:32	<DIR>	d--------	C:\Documents and Settings\Krzys\Dane aplikacji\Sammsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:07	---------	d-----w	C:\Program Files\Skype
2008-01-02 17:07	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-01 14:59	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-01 14:59	---------	d-----w	C:\Program Files\Microsoft ActiveSync
2008-01-01 14:55	---------	d-----w	C:\Program Files\iPAQ Download Agent
2007-11-29 21:15	---------	d-----w	C:\Program Files\Windows Live Toolbar
2007-11-29 21:14	---------	d-----w	C:\Program Files\Windows Live Favorites
2007-11-28 21:35	---------	d-----w	C:\Program Files\Onet
2007-11-26 21:28	---------	d-----w	C:\Program Files\eMule
2007-11-18 20:46	---------	d-----w	C:\Program Files\Common Files\Onet.pl
2007-11-18 20:46	---------	d-----w	C:\Documents and Settings\Krzys\Dane aplikacji\Flircik
2007-11-18 20:46	---------	d-----w	C:\Documents and Settings\Krzys\Dane aplikacji\AutoUpdate
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:44	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00	230,912	----a-w	C:\WINDOWS\system32\wmasf.dll
2005-07-03 16:45	7,428,296	----a-w	C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
2005-05-30 15:07	21,696,576	----a-w	C:\Program Files\AdbeRdr602_pol_full.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 22:42 401491]
"Flircik"="C:\Program Files\Onet\Flircik\Flircik.exe" [ ]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-06-12 16:36 151552]
"MKS_MENU"="C:\Program Files\MKS\Bin\mks_menu.exe" [2005-12-31 17:40 134656]
"ABREGMON"="C:\Program Files\MKS\Bin\ABregmon.exe" [2005-10-28 18:46 70656]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-10-04 15:44 1082664]

R1 ABTDI;ABTDI;C:\Program Files\MKS\Bin\ABTDI.sys [2005-09-29 21:05]
R2 ppsio;PrmxPPDev;C:\WINDOWS\system32\drivers\ppsio.sys [1998-02-25 23:27]
R3 MksMonEn;MkS_Mon Kernel Engine;C:\Program Files\MKS\Bin\MksMonEn.sys [2005-09-29 21:27]
R3 MksMonEv;MkS_Mon Kernel Events;C:\Program Files\MKS\Bin\MksMonEv.sys [2005-09-29 21:05]
R3 MksMonFd;MkS_Mon Kernel Filter Driver;C:\Program Files\MKS\Bin\MksMonFd.sys [2005-09-29 21:05]
R3 NeroCd2k;NeroCd2k;C:\WINDOWS\system32\drivers\NeroCd2k.sys [2001-04-16 12:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 16:58:58 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-01 21:09:00 C:\WINDOWS\Tasks\MkSUpdate.job"
- C:\Program Files\MKS\bin\mks_upd.exe
"2008-01-01 15:00:02 C:\WINDOWS\Tasks\{0F99B396-D6B9-494D-82E5-0ADFAFD00471}_CRISS_Krzys.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2007-12-25 08:00:00 C:\WINDOWS\Tasks\{3475A2E8-D33F-4700-8962-40D18DA5FB1E}_CRISS_Krzys.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2007-07-13 14:00:02 C:\WINDOWS\Tasks\{FB416D21-AFB6-4F9F-8FD0-E173D5E42C4E}_CRISS_Krzys.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 18:43:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-02 18:45:00
C:\qoobox\ComboFix-quarantined-files.txt  2008-01-02 17:44:47
.
2008-01-01 15:23:57	--- E O F ---