the virus controls my computer

hello
i think the virus controls me
disabled autorun, disable showing hidden file, disabled antiviruses

[QUOTE]Kaspersky Virus Removal Tool 7.0.0.290 (database released [COLOR="Red"]27/08/2009[/COLOR]; 04:30)[/QUOTE]
Please download the actual version of [URL="http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/"]AVPTool[/URL] and make a new log.

this is the log

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
TerminateProcessByName('c:\docume~1\ayman\locals~1\temp\svchost.com');
QuarantineFile('c:\windows\system32\fdisk.com','');
QuarantineFile('c:\progra~1\speedo~1\SPO.exe','');
QuarantineFile('C:\WINDOWS\System32\Drivers\aswSnx.SYS','');
QuarantineFile('C:\WINDOWS\Fonts\Uninstal.exe','');
QuarantineFile('F:\Thumbs.db','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\Thumbs.db','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\Thumbs.db','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\Thumbs.db','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('c:\docume~1\ayman\locals~1\temp\svchost.com');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.

- Remove [URL="http://virusinfo.info/showthread.php?t=42263"]Bonjour[/URL] if you don't use it.
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool [URL="http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=17&y=6"]cleanmgr[/URL] or [URL="http://www.ccleaner.com/"]CCleaner[/URL] or [URL="http://www.clearprog.de/"]ClearProg[/URL]
- Make a new log of AVPTool and attach it to your new post..

Thankx alot for your help :)
this is the new log

1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVPTool:

[CODE]begin
SetAVZGuardStatus(True);
TerminateProcessByName('c:\docume~1\ayman\locals~1\temp\svchost.com');
DeleteFile('c:\docume~1\ayman\locals~1\temp\svchost.com');
RegKeyParamDel('HKEY_USERS','S-1-5-21-682003330-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','User Agent');
DeleteFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sndvol32.exe');
DeleteFile('C:\Documents and Settings\Ayman\Start Menu\Programs\Startup\sndvol32.exe');
DeleteFile('C:\WINDOWS\system32\fdisk.com');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','User Agent');
DeleteFile('C:\WINDOWS\Fonts\Uninstal.exe');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\Thumbs.db');
DeleteFile('D:\autorun.inf');
DeleteFile('D:\Thumbs.db');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\Thumbs.db');
DeleteFile('F:\autorun.inf');
DeleteFile('F:\Thumbs.db');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(16);
ExecuteRepair(17);
BC_Activate;
RebootWindows(true);
end.[/CODE]

3. Make a new log of AVPTool.

Вложений: 1

new log

[QUOTE=aymoon1990;623977]new log[/QUOTE]... with all the old threats...
Pls. make a log file of Malwarebytes Antimalware.

malwarebytes Log

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\svchost.com ','');
QuarantineFile('C:\Documents and Settings\Ayman\Templates\cache\SFCsrvc.pif ','');
QuarantineFile('C:\WINDOWS\system32\fdisk.com ','');
QuarantineFile('C:\autorun.inf ','');
QuarantineFile('C:\Thumbs.db ','');
QuarantineFile('C:\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
QuarantineFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sndvol32.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Start Menu\Programs\Startup\sndvol32.exe ','');
QuarantineFile('C:\Documents and Settings\Mohammed\Start Menu\Programs\Startup\sndvol32.exe ','');
QuarantineFile('C:\Documents and Settings\Sooma\Start Menu\Programs\Startup\sndvol32.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\setup.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\scr\logon.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\svchost.com ','');
QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\scr\sstext3d.exe ','');
QuarantineFile('C:\Documents and Settings\Sooma\Local Settings\Temp\svchost.com ','');
QuarantineFile('C:\Documents and Settings\Sooma\Local Settings\Temp\scr\logon.exe ','');
QuarantineFile('C:\WINDOWS\Temp\setup.exe ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt ','');
QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js ','');
QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat ','');
QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe ','');
QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx ','');
QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx ','');
QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-142030.500.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-142101.250.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-155731.875.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-013838.031.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-110356.859.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-134223.781.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-155333.578.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-155335.500.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-224543.203.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-115523.000.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-154255.592.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-163659.639.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-171027.327.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-235456.562.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-013632.937.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-013738.140.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-115712.296.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-154123.140.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-160610.375.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-184705.265.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-185911.078.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-005918.968.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-094359.125.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-121037.250.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-155135.328.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-211010.625.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-225815.468.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232750.718.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-233207.328.log ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2154df11395ea0249c4c54961007ff8a.gif ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\4b6752554c03dd13115a0078de71aa4d.gif ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf ','');
QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf ','');
QuarantineFile('C:\Documents and Settings\Mohammed\Templates\cache\SFCsrvc.pif ','');
QuarantineFile('C:\Documents and Settings\Sooma\Templates\cache\SFCsrvc.pif ','');
QuarantineFile('C:\WINDOWS\system32\h@tkeysh@@k.dll ','');
BC_ImportAll;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.

Let Malwarebytes Antimalware run and remove all threats. Reboot your system and repeat the log of Malwarebytes Antimalware

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]3[/B][*]Обработано файлов: [B]190[/B][*]В ходе лечения обнаружены вредоносные программы:
[LIST=1][*] c:\autorun.inf - [B]Trojan.Win32.AutoRun.hm[/B] ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )[*] c:\documents and settings\all users\start menu\programs\startup\sndvol32.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\ayman\local settings\temp\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - [B]Worm.Win32.AutoIt.uz[/B] ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )[*] c:\documents and settings\ayman\local settings\temp\scr\logon.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\ayman\local settings\temp\setup.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\ayman\local settings\temp\svchost.com - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\ayman\start menu\programs\startup\sndvol32.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\ayman\templates\cache\sfcsrvc.pif - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\mohammed\local settings\temp\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - [B]Worm.Win32.AutoIt.uz[/B] ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )[*] c:\documents and settings\mohammed\local settings\temp\scr\sstext3d.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\mohammed\local settings\temp\svchost.com - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\mohammed\start menu\programs\startup\sndvol32.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\mohammed\templates\cache\sfcsrvc.pif - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\sooma\local settings\temp\scr\logon.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\sooma\local settings\temp\svchost.com - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\sooma\start menu\programs\startup\sndvol32.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\documents and settings\sooma\templates\cache\sfcsrvc.pif - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - [B]Worm.Win32.AutoIt.uz[/B] ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )[*] c:\thumbs.db - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\windows\system32\fdisk.com - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] c:\windows\temp\setup.exe - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] d:\autorun.inf - [B]Trojan.Win32.AutoRun.hm[/B] ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )[*] d:\thumbs.db - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] e:\autorun.inf - [B]Trojan.Win32.AutoRun.hm[/B] ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )[*] e:\thumbs.db - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[*] f:\autorun.inf - [B]Trojan.Win32.AutoRun.hm[/B] ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )[*] f:\thumbs.db - [B]Worm.Win32.AutoIt.rm[/B] ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )[/LIST][/LIST]