I deleted all the quarantined files in Microsoft Security Essentials and after a quick scan it didn't found anything.
Maybe the Win32/Packed.VMProtect.D virus was the creator of Sirefef and distributed it. So after deleting the source with the ESET online scan Sirefef couldn't be distributed anymore but it was still in the quarantine of MSE. I don't know if that's possible, but I suspect it.
Here's the FRST log.
Farbar Recovery Scan Tool "FRST.txt":
--------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 13-08-2012 13:56:31
Running from F:\
Windows 7 Ultimate (X64) OS Language: Dutch Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\Gast\...\Run: [RGSC] E:\Data\Games\[PLAY] GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Gast\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-08] (Valve Corporation)
HKU\Gast\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Gast\...\Run: [AdobeBridge] [x]
HKU\Gast\...\Run: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [569344 2010-08-25] (AMD)
HKU\Gast\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-20] (BitTorrent, Inc.)
HKU\Gast\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17357960 2012-05-03] (Skype Technologies S.A.)
HKU\Gast\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3407496 2012-05-23] (Electronic Arts)
HKU\Hidde\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-08] (Valve Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start
http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: [NameServer]212.19.241.137,212.19.225.136
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2012-03-16] (Adobe Systems Incorporated)
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-14] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-08] ()
2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2009-06-01] (Realtek)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-09] (TuneUp Software)
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [9690112 2012-01-25] ()
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-04-08] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-19] (DT Soft Ltd)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65536 2010-08-27] (Fresco Logic)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-14] (Microsoft Corporation)
3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-04-08] ()
1 mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (
cansoft@livewiredev.com)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-12] (Microsoft Corporation)
3 XENfiltv; C:\Windows\System32\Drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
3 ALSysIO; \??\C:\Users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz135; \??\C:\Users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 X6va005; \??\C:\Users\Hidde\AppData\Local\Temp\0059039.tmp [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-09 09:25 - 2012-08-09 09:25 - 02322184 ____A (ESET) C:\Users\Hidde\Downloads\esetsmartinstaller_enu.exe
2012-08-09 09:25 - 2012-08-09 09:25 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-08 07:35 - 2012-08-08 07:35 - 00024626 ____A C:\ComboFix.txt
2012-08-06 14:09 - 2012-08-08 07:35 - 00000000 ____D C:\Qoobox
2012-08-06 14:09 - 2012-08-06 14:21 - 00000000 ____D C:\Windows\erdnt
2012-08-06 14:09 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-06 14:09 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-06 14:09 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-06 14:09 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-06 14:09 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-06 14:09 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-06 14:09 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-06 14:09 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-06 14:08 - 2012-08-06 14:04 - 04725168 ___RA (Swearware) C:\Users\Hidde\Desktop\ComboFix.exe
2012-07-19 08:27 - 2012-07-19 08:28 - 00000000 ____D C:\FRST
2012-07-19 07:33 - 2012-07-19 07:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C1AE47AB51889C6
2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
2012-07-18 11:19 - 2012-07-18 10:52 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
2012-07-18 11:06 - 2012-08-08 12:42 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 11:06 - 2012-08-08 12:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\Malwarebytes
2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-18 11:06 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-18 11:05 - 2012-07-18 10:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-17 15:18 - 2012-07-17 15:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
============ 3 Months Modified Files ========================
2012-08-13 12:53 - 2011-01-08 19:49 - 01570952 ____A C:\Windows\WindowsUpdate.log
2012-08-13 12:28 - 2012-06-16 10:13 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-13 11:57 - 2012-06-15 12:37 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-13 11:24 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 11:24 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 11:21 - 2009-07-14 10:16 - 00811884 ____A C:\Windows\System32\perfh013.dat
2012-08-13 11:21 - 2009-07-14 10:16 - 00178392 ____A C:\Windows\System32\perfc013.dat
2012-08-13 11:21 - 2009-07-14 06:13 - 01856960 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 11:17 - 2012-06-16 10:13 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-13 11:16 - 2012-02-29 22:09 - 00018320 ____A C:\Windows\setupact.log
2012-08-13 11:16 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 10:57 - 2012-05-09 17:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-09 10:57 - 2011-05-20 08:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-09 09:25 - 2012-08-09 09:25 - 02322184 ____A (ESET) C:\Users\Hidde\Downloads\esetsmartinstaller_enu.exe
2012-08-08 12:42 - 2012-07-18 11:06 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-08 12:36 - 2012-02-29 22:08 - 00238824 ____A C:\Windows\PFRO.log
2012-08-08 07:35 - 2012-08-08 07:35 - 00024626 ____A C:\ComboFix.txt
2012-08-08 07:33 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-08-06 14:04 - 2012-08-06 14:08 - 04725168 ___RA (Swearware) C:\Users\Hidde\Desktop\ComboFix.exe
2012-07-19 07:33 - 2012-07-19 07:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C1AE47AB51889C6
2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
2012-07-18 10:52 - 2012-07-18 11:19 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
2012-07-18 10:52 - 2012-07-18 11:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
2012-07-18 09:44 - 2011-12-28 11:02 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-18 09:44 - 2011-03-03 21:15 - 01878746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
2012-07-13 09:39 - 2012-07-13 09:39 - 00001644 ____A C:\Users\Hidde\Desktop\Crashtastic.lnk
2012-07-12 07:59 - 2009-07-14 05:45 - 06856704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 16:27 - 2011-01-16 08:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 16:25 - 2012-07-05 16:25 - 00000967 ____A C:\Users\Hidde\Desktop\Core Temp.lnk
2012-07-05 16:23 - 2012-07-05 16:23 - 00000876 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-07-05 16:08 - 2012-07-05 16:08 - 00000017 ____A C:\Users\Hidde\AppData\Local\resmon.resmoncfg
2012-07-03 12:46 - 2012-07-18 11:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 10:30 - 2011-12-19 16:34 - 00000235 __RAH C:\Windows\ctfile.rfc
2012-06-20 10:07 - 2012-06-20 10:07 - 00001525 ____A C:\Users\Hidde\Desktop\Illustrator.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001238 ____A C:\Users\Hidde\Desktop\Dreamweaver.lnk
2012-06-20 10:07 - 2012-06-20 10:07 - 00001214 ____A C:\Users\Hidde\Desktop\Fireworks.lnk
2012-06-20 10:04 - 2011-01-08 13:38 - 00133888 ____A C:\Users\Hidde\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 09:04 - 2012-03-18 13:27 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-06-16 14:19 - 2012-06-16 13:39 - 00002010 ___AH C:\Users\Hidde\Documents\Default.rdp
2012-06-12 04:08 - 2012-07-11 16:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 12:21 - 2012-06-11 10:49 - 00011083 ____A C:\Users\Hidde\Documents\werkzaamheden_specificatie_dewestfries.xlsx
2012-06-09 06:43 - 2012-07-11 13:05 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:41 - 2012-07-11 13:05 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 15:00 - 2012-03-02 15:59 - 00110447 ____A C:\Windows\DirectX.log
2012-06-08 09:26 - 2012-06-08 09:26 - 00000222 ____A C:\Users\Hidde\Desktop\Superbrothers Sword & Sworcery EP.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\LIMBO.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\Amnesia The Dark Descent.url
2012-06-08 09:26 - 2012-06-08 09:26 - 00000220 ____A C:\Users\Hidde\Desktop\Psychonauts.url
2012-06-08 09:22 - 2012-06-08 09:22 - 00000222 ____A C:\Users\Hidde\Desktop\Bastion.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Super Meat Boy.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Braid.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000202 ____A C:\Users\Hidde\Desktop\Super Meat Boy Editor.url
2012-06-08 09:21 - 2012-06-08 09:21 - 00000195 ____A C:\Users\Hidde\Desktop\Lone Survivor.url
2012-06-07 09:39 - 2012-06-07 09:39 - 00001727 ____A C:\Users\Public\Desktop\League of Legends.lnk
2012-06-07 09:11 - 2011-12-04 15:02 - 00001025 ____A C:\Users\Hidde\Desktop\Dropbox.lnk
2012-06-06 19:36 - 2011-06-12 13:11 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-06-06 19:36 - 2011-06-12 13:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-06-06 19:35 - 2011-06-12 13:09 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-06-06 07:06 - 2012-07-11 13:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 07:06 - 2012-07-11 13:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 07:02 - 2012-07-11 13:05 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 06:05 - 2012-07-11 13:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:05 - 2012-07-11 13:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 06:03 - 2012-07-11 13:05 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 13:14 - 2012-06-05 13:14 - 00316064 ____A C:\Windows\Minidump\060512-21574-01.dmp
2012-06-05 13:14 - 2012-04-11 09:18 - 1151349537 ____A C:\Windows\MEMORY.DMP
2012-06-04 17:01 - 2012-06-04 17:01 - 00001385 ____A C:\Users\Hidde\Desktop\Visual Studio 11 Beta.lnk
2012-06-04 13:24 - 2012-06-04 13:23 - 00275264 ____A C:\Windows\Minidump\060412-46113-01.dmp
2012-06-04 11:06 - 2012-06-04 11:06 - 00002531 ____A C:\Users\Hidde\Desktop\Skype.lnk
2012-06-02 23:19 - 2012-06-22 08:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-22 08:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-22 08:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:15 - 2012-06-22 08:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-22 08:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 08:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 08:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 13:49 - 2012-07-11 16:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 13:17 - 2012-07-11 16:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 13:12 - 2012-07-11 16:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 13:05 - 2012-07-11 16:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 13:05 - 2012-07-11 16:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 13:04 - 2012-07-11 16:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 13:04 - 2012-07-11 16:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 13:03 - 2012-07-11 16:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 13:01 - 2012-07-11 16:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 13:00 - 2012-07-11 16:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 12:59 - 2012-07-11 16:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 12:57 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 12:57 - 2012-07-11 16:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 12:54 - 2012-07-11 16:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 10:07 - 2012-07-11 16:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 09:43 - 2012-07-11 16:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 09:33 - 2012-07-11 16:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 09:26 - 2012-07-11 16:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 09:25 - 2012-07-11 16:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 09:25 - 2012-07-11 16:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 09:23 - 2012-07-11 16:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 09:21 - 2012-07-11 16:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 09:20 - 2012-07-11 16:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 09:19 - 2012-07-11 16:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 09:19 - 2012-07-11 16:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 09:17 - 2012-07-11 16:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 09:16 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 09:14 - 2012-07-11 16:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 06:50 - 2012-07-11 13:05 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 06:48 - 2012-07-11 13:05 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 06:48 - 2012-07-11 13:05 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 06:45 - 2012-07-11 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 06:44 - 2012-07-11 13:05 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 05:40 - 2012-07-11 13:05 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 05:40 - 2012-07-11 13:05 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 05:39 - 2012-07-11 13:05 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 05:34 - 2012-07-11 13:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-24 11:04 - 2012-05-24 11:04 - 00000562 ____A C:\Windows\wmsetup.log
2012-05-23 19:57 - 2012-05-23 19:57 - 00000221 ____A C:\Users\Hidde\Desktop\Dead Island.url
2012-05-22 13:26 - 2012-06-11 12:13 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-05-22 13:26 - 2012-06-11 12:13 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-05-22 13:26 - 2012-05-22 13:26 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-05-22 13:25 - 2012-05-22 13:25 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 13:25 - 2012-05-22 13:25 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-05-21 12:32 - 2012-05-21 12:32 - 00000767 ____A C:\Users\Hidde\Desktop\Driver.lnk
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 9%
Total physical RAM: 10239.24 MB
Available physical RAM: 9278.35 MB
Total Pagefile: 10237.39 MB
Available Pagefile: 9273.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:457.01 GB) NTFS
3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.78 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 931 GB 1024 KB
Schf 1 Online 961 MB 0 B
DiskPart afsluiten...
==========================================================
Last Boot: 2012-07-11 14:18
======================= End Of Log ==========================
--------------------------------------------------------------------