Webroot AntiZeroAccess 0.8 Log File Execution time: 02/12/2011 - 09:03 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 09:03:50 - CheckSystem - Begin to check system... 09:03:50 - OpenRootDrive - Opening system root volume and physical drive.... 09:03:51 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x02711637 sectors. 09:03:51 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 09:03:52 - InstallAndStartDriver - Main driver was installed and now is running. 09:03:52 - CheckSystem - Warning! Disk class driver is INFECTED. 09:04:03 - CheckFile - Warning! File "mrxsmb.sys" is Infected by ZeroAccess Rootkit. 09:04:12 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 09:04:50 - CheckExecutableEP - Unable to open "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" file. CreateFile last error: 32 09:05:14 - DoRepair - Begin to perform system repair.... 09:05:14 - DoRepair - System Disk class driver was repaired. 09:05:14 - DoRepair - Infected "mrxsmb.sys" file was renamed. 09:05:14 - DoRepair - Infected "mrxsmb.sys" file was successfully cleaned! 09:05:14 - DoRepair - Warning! Unable to delete "desktop.ini" ZeroAccess file, last error: 5. This file will be removed at next reboot. 09:05:54 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 09:05:54 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 09:05:54 - Execution Ended! Webroot AntiZeroAccess 0.8 Log File Execution time: 02/12/2011 - 09:07 Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3 09:07:57 - CheckSystem - Begin to check system... 09:07:57 - OpenRootDrive - Opening system root volume and physical drive.... 09:07:57 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x02711637 sectors. 09:07:57 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys". 09:07:58 - InstallAndStartDriver - Main driver was installed and now is running. 09:07:58 - CheckSystem - Disk class driver state is OK. 09:08:08 - CheckFile - Internal consistence error: Sector buffer is not of a PE file! 09:08:12 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed. 09:08:12 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted! 09:08:12 - Execution Ended!