I used Combofix and the problem disappeared!
here's my log:
ComboFix 09-02-19.01 - tixxx 2009-02-22 14:16:34.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.511.335 [GMT 1:00]
Uruchomiony z: c:\documents and settings\tixxx\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3d8caps.dat
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 03:39 . 2009-02-22 03:39 <DIR> d--hs---- C:\FOUND.005
2009-02-22 03:27 . 2009-02-22 03:27 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-22 02:01 . 2009-02-22 02:01 <DIR> d--hs---- C:\FOUND.004
2009-02-12 23:17 . 2009-02-12 23:17 <DIR> d-------- c:\documents and settings\tixxx\Dane aplikacji\AI Internet Solutions
2009-02-12 23:17 . 2006-12-06 12:00 2,178,968 --a------ c:\windows\system32\csevalidator.dll
2009-02-12 23:17 . 2006-03-03 09:02 1,680,896 --a------ c:\windows\system32\vcl100.bpl
2009-02-12 23:00 . 2009-02-12 23:00 270 --a------ c:\windows\st.ini
2009-01-30 16:35 . 2009-01-30 16:35 <DIR> d--hs---- C:\FOUND.003
2009-01-26 16:18 . 2009-01-26 16:18 <DIR> d--hs---- C:\FOUND.002
2009-01-23 10:57 . 2009-01-23 10:57 <DIR> d-------- C:\3gptemp
2009-01-23 10:51 . 2009-01-23 10:51 132 --a------ c:\windows\system32\temp_0000_265-1.aok
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 14:10 410,984 ----a-w c:\windows\system32\deploytk.dll
.
------- Sigcheck -------
2001-10-26 16:49 955392 fd1a8a480e54253ba74abf2019308e3d c:\windows\system32\kernel32.dll
2001-10-26 17:49 955392 66cabb7839f2c3665b877a5355ba0ba9 c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-26 13312]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-09 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-11 114768]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-10-09 61312]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-01-21 16512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-22 14:18:14
Windows 5.1.2600 FAT NTAPI
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\NVDESK32.DLL
c:\windows\system32\ODBC32.dll
- - - - - - - > 'lsass.exe'(532)
c:\windows\system32\NVDESK32.DLL
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\System32\dssenh.dll
.
Czas ukończenia: 2009-02-22 14:19:35
ComboFix-quarantined-files.txt 2009-02-22 13:19:34
Przed: 1 798 488 064 bajtów wolnych
Po: 1,996,091,392 bajtów wolnych
WinXP_PL_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
104
is anything wrong with that?
btw I can't find a firewall where you told me to turn it on - there's no such option in "connections"