Trojaner-Board - Sirefef.K.1 Trojan und weitere Trojaner gefunden

Hallo zusammen,
ich bräuchte mal euren Rat bzw. eure Hilfe.

Avira Antivirus zeigte mir folgendes an:

Report
Avira Free Antivirus
Report file date: Mittwoch, 21. November 2012 14:17

Scanning for 4534557 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DANIEL

Version information:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:58:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 14:02:34
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10.05.2012 17:11:37
LUKE.DLL : 12.3.0.15 68304 Bytes 10.05.2012 17:11:38
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.05.2012 17:11:38
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 17:11:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:57:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:57:20
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 08:06:34
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:06:51
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:16:47
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 19:13:14
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 09:57:08
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 09:57:08
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 09:57:08
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 09:57:08
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 09:57:08
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 09:57:08
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 09:57:08
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 09:57:09
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 09:57:14
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 18:45:38
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 19:23:12
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 09:40:15
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 09:40:17
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 14:21:03
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 20:15:30
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 20:53:45
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 07:28:59
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 07:29:01
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 07:29:03
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 11:21:42
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 11:21:41
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 16:11:18
VBASE029.VDF : 7.11.50.105 200704 Bytes 18.11.2012 16:11:36
VBASE030.VDF : 7.11.50.164 340992 Bytes 20.11.2012 16:11:36
VBASE031.VDF : 7.11.50.168 15872 Bytes 20.11.2012 16:11:36
Engine version : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:01:44
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 11:22:07
AESCN.DLL : 8.1.9.4 131445 Bytes 17.11.2012 16:11:34
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:26:53
AERDL.DLL : 8.2.0.74 643445 Bytes 08.11.2012 07:43:48
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 11:22:06
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 07.11.2012 07:29:25
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 17.11.2012 16:11:33
AEHELP.DLL : 8.1.25.2 258423 Bytes 15.10.2012 09:57:10
AEGEN.DLL : 8.1.6.10 438646 Bytes 17.11.2012 16:11:21
AEEXP.DLL : 8.2.0.10 119158 Bytes 07.11.2012 07:29:27
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:01:38
AECORE.DLL : 8.1.29.2 201079 Bytes 08.11.2012 07:43:32
AEBB.DLL : 8.1.1.4 53619 Bytes 07.11.2012 07:29:07
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.05.2012 17:11:37
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 14:02:32
AVREP.DLL : 12.3.0.15 179208 Bytes 10.05.2012 17:11:38
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 14:02:29
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.05.2012 17:11:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.05.2012 17:11:38
AVSMTP.DLL : 12.3.0.32 63480 Bytes 01.08.2012 07:21:03
NETNT.DLL : 12.3.0.15 17104 Bytes 10.05.2012 17:11:38
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 01.08.2012 07:20:39
RCTEXT.DLL : 12.3.0.32 97056 Bytes 14.11.2012 14:02:27

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Mittwoch, 21. November 2012 14:17

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '76' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '93' Module(s) have been scanned
Scan process 'realsched.exe' - '29' Module(s) have been scanned
Scan process 'plugin-container.exe' - '86' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '69' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '32' Module(s) have been scanned
Scan process 'plugin-container.exe' - '48' Module(s) have been scanned
Scan process 'firefox.exe' - '140' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '87' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '58' Module(s) have been scanned
Scan process 'agent.exe' - '30' Module(s) have been scanned
Scan process 'isuspm.exe' - '40' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '98' Module(s) have been scanned
Scan process 'jucheck.exe' - '51' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '63' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '27' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned
Scan process 'jqs.exe' - '74' Module(s) have been scanned
Scan process 'EvtEng.exe' - '80' Module(s) have been scanned
Scan process 'cvpnd.exe' - '60' Module(s) have been scanned
Scan process 'btwdins.exe' - '21' Module(s) have been scanned
Scan process 'CATSysDemon.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'spoolsv.exe' - '76' Module(s) have been scanned
Scan process 'Dropbox.exe' - '62' Module(s) have been scanned
Scan process 'BTSTAC~1.EXE' - '54' Module(s) have been scanned
Scan process 'DLG.exe' - '24' Module(s) have been scanned
Scan process 'BTTray.exe' - '53' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'SweetPacksUpdateManager.exe' - '72' Module(s) have been scanned
Scan process 'QTTask.exe' - '20' Module(s) have been scanned
Scan process 'jusched.exe' - '53' Module(s) have been scanned
Scan process 'avgnt.exe' - '67' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '90' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '78' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '75' Module(s) have been scanned
Scan process 'PCMService.exe' - '54' Module(s) have been scanned
Scan process 'issch.exe' - '12' Module(s) have been scanned
Scan process 'quickset.exe' - '72' Module(s) have been scanned
Scan process 'stsystra.exe' - '37' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '23' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '32' Module(s) have been scanned
Scan process 'rundll32.exe' - '27' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned
Scan process 'Explorer.EXE' - '146' Module(s) have been scanned
Scan process 'aawservice.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '180' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '39' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '3412' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\29f2iyy1.default\Cache\0\99\BDD81d01
[DETECTION] Contains recognition pattern of the JS/iFrame.OV Java script virus
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\33
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\33
[DETECTION] Is the TR/Crypt.XPACK.Gen8 Trojan
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\444
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\444
[DETECTION] Is the TR/Sirefef.AG.35 Trojan
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\445
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\445
[DETECTION] Is the TR/Sirefef.K.1 Trojan
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C75GQNNC\fdd91a64ce20e17d[1].htm
[DETECTION] Contains recognition pattern of the JS/FakeAlert.W Java script virus
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RS1YU32Q\iLividSetupV1[1].exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\00000001.@
[DETECTION] Is the TR/Small.FI Trojan
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\80000000.@
[DETECTION] Is the TR/Sirefef.AG.35 Trojan
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\800000cb.@
[DETECTION] Is the TR/Sirefef.K.1 Trojan

Beginning disinfection:
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\800000cb.@
[DETECTION] Is the TR/Sirefef.K.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5241d8bd.qua'.
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\80000000.@
[DETECTION] Is the TR/Sirefef.AG.35 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ad6f71b.qua'.
C:\WINDOWS\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\U\00000001.@
[DETECTION] Is the TR/Small.FI Trojan
[NOTE] The file was moved to the quarantine directory under the name '1889adf3.qua'.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RS1YU32Q\iLividSetupV1[1].exe
[DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C75GQNNC\fdd91a64ce20e17d[1].htm
[DETECTION] Contains recognition pattern of the JS/FakeAlert.W Java script virus
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\445
[DETECTION] Is the TR/Sirefef.K.1 Trojan
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\444
[DETECTION] Is the TR/Sirefef.AG.35 Trojan
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Temp\HouseCall\log\0A603A74-831C-41C9-A6E9-3892A42811D6\backup\33
[DETECTION] Is the TR/Crypt.XPACK.Gen8 Trojan
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\...\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\29f2iyy1.default\Cache\0\99\BDD81d01
[DETECTION] Contains recognition pattern of the JS/iFrame.OV Java script virus
[NOTE] The file was deleted!

End of the scan: Donnerstag, 22. November 2012 02:11
Used time: 11:03:19 Hour(s)

The scan has been done completely.

23019 Scanned directories
968017 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
6 Files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
968008 Files not concerned
7723 Archives were scanned
0 Warnings
9 Notes
820138 Objects were scanned with rootkit scan
0 Hidden objects were found

Anschließend habe ich noch Malwarebytes verwendet:

Report
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
... :: DANIEL [limitiert]

23.11.2012 14:16:46
mbam-log-2012-11-23 (23-27-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 522275
Laufzeit: 3 Stunde(n), 48 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{31785ebf-b2fe-a8d6-61a7-ae0205c02348}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Programme\Age of Empires II an practicer\age2_x1\S3-NoCD.exe (Trojan.Bancos) -> Keine Aktion durchgeführt.

(Ende)

Die eine infizierte Datei habe ich bereits gelöscht.

Wie soll ich weiter vorgehen. Bin für jede Hilfe sehr dankbar