Since yesterday I've started getting notifications from my antivirus program (Antivir by Avira) about a virus (MSA - Microsoft Antivirus) and a trojan. The antivirus itself does no offer me any disinfection options. It is only able to quarantine or delete the files associated with the infection, and the virus/trojan persists.
These are the messages that the antivirus shows me:
Virus or unwanted program 'TR/Agent.175616.L [trojan]'
detected in file 'C:\WINDOWS\system32\sshnas21.dll.
and
Virus or unwanted program 'TR/Dldr.Zlob.jcg [trojan]'
detected in file 'C:\WINDOWS\msa.exe.
Recently it stopped alerting me about MSA, and alerts me only about the first trojan.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Ority at 8:47:47.25 on Fri 01/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.511.216 [GMT 2:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Documents and Settings\Kosta\avijqht.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kosta\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.il/ig?hl=iw
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\kosta\avijqht.exe \s
mWinlogon: Taskman=c:\recycler\s-1-5-21-4048451771-5472433313-464362513-7073\rundll32.exe
uWinlogon: Shell=explorer.exe "c:\documents and settings\kosta\dbibw.exe"
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kosta\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [kovmf] c:\windows\system32\kovmf.exe \u
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kuaiche.com\software
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249657219296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249657206593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {10388970-0592-BCC4-1BCB-3147DA75A2F6} - c:\windows\system32\resource\totcmdsys.exe s
IFEO: taskmgr.exe - "d:\programs\processexplorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kosta\applic~1\mozilla\firefox\profiles\kr8ibo43.ority\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - plugin: c:\documents and settings\kosta\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kosta\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-28 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-1 56816]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-1-28 115312]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-9-26 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-9-26 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-9-26 23680]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
=============== Created Last 30 ================
2010-01-28 21:48:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-28 21:46:43 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-28 19:54:23 77 ----a-w- c:\windows\wininit.ini
2010-01-28 18:55:38 0 d-----w- c:\program files\CCleaner
2010-01-28 17:47:06 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-01-28 17:47:05 0 d-----w- c:\program files\KeyScrambler
2010-01-28 17:40:20 0 d-----w- c:\docume~1\alluse~1\applic~1\QFX Software
2010-01-28 12:31:12 42496 ---h--w- c:\documents and settings\kosta\secupdat.dat
2010-01-28 12:09:17 57856 ---h--w- c:\documents and settings\kosta\avijqht.exe
2010-01-28 12:09:17 57856 ----a-w- c:\windows\system32\kovmf.exe
2010-01-28 12:07:59 175616 ----a-w- c:\windows\system32\sshnas21.dll
2010-01-15 19:58:38 0 d-----w- c:\program files\JDownloader
2010-01-15 18:57:29 204 ----a-w- c:\windows\system32\secustat.dat
2010-01-15 18:51:27 25 ----a-w- c:\windows\libem.INI
2010-01-15 18:51:12 0 d-----w- c:\docume~1\kosta\applic~1\BITS
2010-01-15 18:51:11 0 d-----w- c:\docume~1\kosta\applic~1\FlashGet
2010-01-15 18:51:02 0 d-----w- c:\docume~1\kosta\applic~1\FlashGetBHO
2010-01-15 18:50:59 0 d-----w- c:\program files\FlashGet Network
2010-01-15 12:47:48 0 d-----w- C:\Downloads
==================== Find3M ====================
2009-12-12 05:05:20 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-05 06:39:40 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-05-01 09:01:43 538 ----a-w- c:\program files\Shortcut to JDownloader 0.4.936.lnk
2008-03-08 11:41:08 1056 ----a-w- c:\program files\nod32.lic
2008-08-22 12:14:25 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-08-22 12:14:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-22 12:14:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat
2008-08-22 12:14:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 8:48:43.03 ===============
Thank you for the help.