Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:16 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:16:54 - CheckSystem - Begin to check system... 23:16:54 - OpenRootDrive - Opening system root volume and physical drive.... 23:16:54 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:16:54 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:16:59 - InstallAndStartDriver - Unable to start AntiZeroAccess driver. StartService last error: 1084 23:17:32 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:17:35 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:17:35 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:17:35 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:29 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:29:56 - CheckSystem - Begin to check system... 23:29:56 - OpenRootDrive - Opening system root volume and physical drive.... 23:29:57 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:29:57 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:29:58 - InstallAndStartDriver - Main driver was installed and now is running. 23:29:58 - CheckSystem - Warning! Disk class driver is INFECTED. 23:30:06 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 23:30:15 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:30:58 - DoRepair - Begin to perform system repair.... 23:30:58 - DoRepair - System Disk class driver was repaired. 23:30:58 - DoRepair - Infected "mrxsmb.sys" file was renamed. 23:30:58 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 23:30:59 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:30:59 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:30:59 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:38 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:38:48 - CheckSystem - Begin to check system... 23:38:48 - OpenRootDrive - Opening system root volume and physical drive.... 23:38:48 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:38:48 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:38:49 - InstallAndStartDriver - Main driver was installed and now is running. 23:38:49 - CheckSystem - Warning! Disk class driver is INFECTED. 23:38:51 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 23:38:55 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:39:05 - DoRepair - Begin to perform system repair.... 23:39:05 - DoRepair - System Disk class driver was repaired. 23:39:05 - DoRepair - Infected "mrxsmb.sys" file was renamed. 23:39:05 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 23:39:05 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:39:05 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:39:05 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:46 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:46:32 - CheckSystem - Begin to check system... 23:46:32 - OpenRootDrive - Opening system root volume and physical drive.... 23:46:32 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:46:32 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:46:32 - InstallAndStartDriver - Main driver was installed and now is running. 23:46:32 - CheckSystem - Warning! Disk class driver is INFECTED. 23:46:35 - CheckFile - Warning! File "ipsec.sys" is Infected by ZeroAccess Rootkit. 23:46:38 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:46:50 - DoRepair - Begin to perform system repair.... 23:46:50 - DoRepair - System Disk class driver was repaired. 23:46:50 - DoRepair - Infected "ipsec.sys" file was renamed. 23:46:50 - DoRepair - Infected "ipsec.sys" file was successfully cleaned! 23:46:50 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:46:50 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:46:50 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:46 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:46:59 - CheckSystem - Begin to check system... 23:46:59 - OpenRootDrive - Opening system root volume and physical drive.... 23:46:59 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:46:59 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:47:00 - InstallAndStartDriver - Main driver was installed and now is running. 23:47:00 - CheckSystem - Disk class driver state is OK. 23:47:05 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:47:05 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:47:05 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:47:05 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 27/08/2011 - 23:47 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 23:47:23 - CheckSystem - Begin to check system... 23:47:23 - OpenRootDrive - Opening system root volume and physical drive.... 23:47:23 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 23:47:23 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 23:47:23 - InstallAndStartDriver - Main driver was installed and now is running. 23:47:23 - CheckSystem - Disk class driver state is OK. 23:47:27 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 23:47:28 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 23:47:28 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 23:47:28 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 01:27 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 01:27:10 - CheckSystem - Begin to check system... 01:27:10 - OpenRootDrive - Opening system root volume and physical drive.... 01:27:10 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 01:27:10 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 01:27:17 - InstallAndStartDriver - Unable to start AntiZeroAccess driver. StartService last error: 1084 01:27:51 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 01:27:54 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 01:27:54 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 01:27:54 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 01:31 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 01:31:52 - CheckSystem - Begin to check system... 01:31:52 - OpenRootDrive - Opening system root volume and physical drive.... 01:31:53 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 01:31:53 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 01:31:54 - InstallAndStartDriver - Main driver was installed and now is running. 01:31:54 - CheckSystem - Warning! Disk class driver is INFECTED. Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 01:35 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 01:35:10 - CheckSystem - Begin to check system... 01:35:10 - OpenRootDrive - Opening system root volume and physical drive.... 01:35:11 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 01:35:11 - InstallAndStartDriver - Main driver was installed and now is running. 01:35:11 - CheckSystem - Warning! Disk class driver is INFECTED. 01:35:20 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 01:35:27 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 01:35:39 - DoRepair - Begin to perform system repair.... 01:35:39 - DoRepair - System Disk class driver was repaired. 01:35:39 - DoRepair - Infected "mrxsmb.sys" file was renamed. 01:35:39 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 01:35:39 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 01:35:39 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 01:35 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 01:35:52 - CheckSystem - Begin to check system... 01:35:52 - OpenRootDrive - Opening system root volume and physical drive.... 01:35:53 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 01:35:53 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 01:35:54 - InstallAndStartDriver - Main driver was installed and now is running. 01:35:54 - CheckSystem - Disk class driver state is OK. 01:35:59 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 01:35:59 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 01:35:59 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 01:35:59 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 02:02 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 02:02:53 - CheckSystem - Begin to check system... 02:02:53 - OpenRootDrive - Opening system root volume and physical drive.... 02:02:53 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 02:02:53 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 02:02:54 - InstallAndStartDriver - Main driver was installed and now is running. 02:02:54 - CheckSystem - Warning! Disk class driver is INFECTED. 02:02:54 - CheckFile - Warning! File "afd.sys" is Infected by ZeroAccess Rootkit. 02:03:00 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 02:03:07 - DoRepair - Begin to perform system repair.... 02:03:07 - DoRepair - System Disk class driver was repaired. 02:03:07 - DoRepair - Infected "afd.sys" file was renamed. 02:03:07 - DoRepair - Infected "afd.sys" file was successfully cleaned! 02:03:07 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 02:03:07 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 02:03:07 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 02:09 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 02:09:34 - CheckSystem - Begin to check system... 02:09:34 - OpenRootDrive - Opening system root volume and physical drive.... 02:09:34 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 02:09:34 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 02:09:34 - InstallAndStartDriver - Main driver was installed and now is running. 02:09:34 - CheckSystem - Disk class driver state is OK. 02:09:39 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 02:09:39 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 02:09:39 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 02:09:39 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 10:40 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 10:40:38 - CheckSystem - Begin to check system... 10:40:38 - OpenRootDrive - Opening system root volume and physical drive.... 10:40:39 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 10:40:39 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 10:40:39 - InstallAndStartDriver - Main driver was installed and now is running. 10:40:39 - CheckSystem - Warning! Disk class driver is INFECTED. 10:40:43 - CheckFile - Warning! File "redbook.sys" is Infected by ZeroAccess Rootkit. 10:40:45 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 10:40:54 - DoRepair - Begin to perform system repair.... 10:40:54 - DoRepair - System Disk class driver was repaired. 10:40:54 - DoRepair - Infected "redbook.sys" file was renamed. 10:40:54 - DoRepair - Infected "redbook.sys" file was successfully cleaned! 10:40:54 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 10:40:54 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 10:40:54 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 10:52 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 10:52:19 - CheckSystem - Begin to check system... 10:52:19 - OpenRootDrive - Opening system root volume and physical drive.... 10:52:20 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 10:52:20 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 10:52:28 - InstallAndStartDriver - Unable to start AntiZeroAccess driver. StartService last error: 1084 10:53:07 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 10:53:10 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 10:53:10 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 10:53:10 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 28/08/2011 - 11:22 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 11:22:32 - CheckSystem - Begin to check system... 11:22:32 - OpenRootDrive - Opening system root volume and physical drive.... 11:22:32 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x06FC3D80 sectors. 11:22:32 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 11:22:33 - InstallAndStartDriver - Main driver was installed and now is running. 11:22:33 - CheckSystem - Disk class driver state is OK. 11:22:37 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 11:22:38 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 11:22:38 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 11:22:38 - Execution Ended!