Ok. Thanks for next scan indeed.
Here is a RogueKiller scan log. Seems that malware which was detected and as could be deleted by MBAM are sitting in computer, I found via Windows File Search those bad files and their behavior was crazy: 2 000 same files and so far and far.
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 08/21/2012 21:32:35
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 7 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{141E45F2-3E8B-497A-935A-E046568BBFE7} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D8E804D1-0979-425F-974D-5297D9FAE23F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x8056A499 -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xF8974258)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HTS424040M9AT00 +++++
--- User ---
[MBR] a70762bce466f0e9ee06df85a9e42891
[BSP] 12e302e69f6a77aceb1e5beec2b04f4e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 18002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 36869175 | Size: 20151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt