Thanks David for your reply
Can you please check the reattached logs? The F: drive is the one where XP is running on, the C: drive is an old harddrive from the previous owner of the PC, so I don't know how far it's relevant. The most recent files that were used are printed
fat. But I wonder, how big the chance some kind of script kiddie scanned my ports and gained acces to the file?
I have removed the trojans and installed Kerio Firewall, so I expect that my PC is protected by now. I used Adawre a couple of times before the incident. From now on I only check the encrypted files when I unplug the cable from my PC :'(. The file was mounted as an virtual drive with the name H:\, so accesable.
I am very worried about the file because it doesn't harm me but others.
Thanks in advance!
Avast search
Bestand C:\Documents and Settings\All Users\Documenten\Config\aurora 1.1 -Digital Element.zip Fout 0xC0000022 {Access Denied}
Bestand C:\Documents and Settings\dick\Local Settings\Temp\Del3.tmp is infected door Win32:Astubin [Adw] - removed
Bestand C:\Documents and Settings\dick\Local Settings\Temp\res4.tmp is infected door Win32:Adan-138 [Adw] - removed
Bestand C:\Program Files\Common Files\achrbdnn\abbnefjtht\njcllncfe.exe is infected door Win32:Trojano-324 [Trj] - removed
Bestand C:\Program Files\Common Files\achrbdnn\laencnep\flcnlnaj.exe is infected door Win32:Trojano-324 [Trj] - removed
Kaspersky
C:\Documents and Settings\dick\Local Settings\Temp\Del3.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\dick\Local Settings\Temp\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.lw
C:\Documents and Settings\..\Local Settings\Temporary Internet Files\Content.IE5\CNISP54O\jcplusbloom[1].exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Agent.er
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\H6CX01G7\ad72ad[1].js Infected: Trojan-Downloader.JS.Small.af
C:\Documents and SettingsLocal Settings\Temporary Internet Files\Content.IE5\H6CX01G7\jcplusbloom[1].exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Agent.er
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\M61DLR5J\jcplusbloom[1].exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.akj
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\M61DLR5J\jcplusbloom[1].exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Agent.er
C
:\Documents and Settings\R\Local Settings\Temporary Internet Files\Content.IE5\49S920O8\send_car_int[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\R\My Documents\Incomplete\T-872159-Lord of War (2005).zip/Setup.exe Infected: Email-Worm.Win32.VB.an
C:\Documents and Settings\R\My Documents\Incomplete\T-872159-Lord of War (2005).zip Infected: Email-Worm.Win32.VB.an
C:\Mijn documenten\muziek\09.zip/Ogg-Mp3 Plugin.exe/stream/data0006 Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\09.zip/Ogg-Mp3 Plugin.exe/stream Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\09.zip/Ogg-Mp3 Plugin.exe Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\09.zip Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\10.zip/Ogg License(ACCEPT TERMS OF USE FIRST!).exe/stream/data0006 Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\10.zip/Ogg License(ACCEPT TERMS OF USE FIRST!).exe/stream Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\10.zip/Ogg License(ACCEPT TERMS OF USE FIRST!).exe Infected: Trojan-Downloader.Win32.IstBar.ns
C:\Mijn documenten\muziek\10.zip Infected: Trojan-Downloader.Win32.IstBar.nsC:\RECYCLER\S-1-5-21-1202660629-789336058-682003330-1003\Dc14.dbx/[From "Ruiter" <ruiter401@zonnet.nl>][Date Wed, 21 Sep 2005 09:04:06 +0100]/UNNAMED/new__price.zip/07.exe Infected: Email-Worm.Win32.Bagle.dv
C:\RECYCLER\S-1-5-21-1202660629-789336058-682003330-1003\Dc14.dbx/[From "Ruiter" <ruiter401@zonnet.nl>][Date Wed, 21 Sep 2005 09:04:06 +0100]/UNNAMED/new__price.zip Infected: Email-Worm.Win32.Bagle.dv
C:\RECYCLER\S-1-5-21-1202660629-789336058-682003330-1003\Dc14.dbx/[From "Ruiter" <ruiter401@zonnet.nl>][Date Wed, 21 Sep 2005 09:04:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.dv
C:\RECYCLER\S-1-5-21-1202660629-789336058-682003330-1003\Dc14.dbx Infected: Email-Worm.Win32.Bagle.dv
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008658.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008659.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008660.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008661.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008662.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008663.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\System Volume Information\_restore{8CFC2DB7-2D14-4A6F-80FC-D5546038856D}\RP34\A0008668.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\WINDOWS\install.exe Infected: Trojan-Clicker.Win32.VB.kq
F:\Documents and Settings\RvL\Desktop\Nero 7.0.12 eng Full Version + Crack.rar/install.exe Infected: Trojan-Clicker.Win32.VB.kq
F:\Documents and Settings\RvL\Local Settings\Temporary Internet Files\Content.IE5\0TEZ0PMB\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j
F:\Documents and Settings\RvL\Local Settings\Temporary Internet Files\Content.IE5\4LMZ4DEV\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j
F:\Documents and Settings\RvL\Local Settings\Temporary Internet Files\Content.IE5\WHAB89QN\cracks.spb[1].htm Infected: Trojan-Downloader.JS.IstBar.t