this is log of 3 type virus I said above:
Category Worm: Win32/Mofk.sys.A
Category: VirusWin32/Sality.AM
Category: Worm.Win32/Conficker.C
This is log of Microsoft Security Essentials
=======================================================
Category: Worm
Win32/Mofk.sys.A
Description: This program is dangerous and self-propagates over a network connection.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:C:\WINDOWS0\SVCHOST.EXE
file:C:\WINDOWS0\System32\WgaTray.exe
file:C:\WINDOWS0\Tasks\At1.job
firewallokfile:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\svchost.exe
process:pid:1940
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Svchost
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Svchost
regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\svchost.exe
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Svchost
runonce:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\Svchost
taskscheduler:C:\WINDOWS0\Tasks\At1.job
Category: Virus
Win32/Sality.AM
Description: This program is dangerous and replicates by infecting other files.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:c:\windows0\system32\explorer.exe
firewallokfile:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\system32\explorer.exe
process:pid:1828
regkey:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Explorer
regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\c:\windows0\system32\explorer.exe
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Explorer
runonce:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Explorer
winlogonshell:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: c:\windows0\system32\explorer.exe
Category: Worm.Win32/Conficker.C
Description: This program is dangerous and self-propagates over a network connection.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:C:\WINDOWS0\System32\gnbpbgl.dll
service:ezawxql
service:fnayuf
service:hxbsl