[2.8.2.8.1115 - 2.8.61.9.0128]
2009-02-01 15:49
[Trojan]
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{6CB73D82-A86E-4744-9774-A35E45E77BEB}
C:\WINDOWS\手动删除工具\XDELBOX删除文件工具\BACKUPS\CTM12004.TTF.BAK
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ADMINISTRATOR@LOCAL SETTINGS@TEMP@11231237
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ADMINISTRATOR@LOCAL SETTINGS@TEMP@1755163
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ADMINISTRATOR@LOCAL SETTINGS@TEMP@561632
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ALL USERS@APPLICATION DATA@KSMBAK@POWERNENT.ONZ_BAK
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ALL USERS@APPLICATION DATA@KSMBAK@{2B15A4AF-DF29-4E65-B79C-974EDEECF316}
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ALL USERS@APPLICATION DATA@KSMBAK@{448D6CDB-005C-4D9C-9A71-2BF4F4FBE302}
F:\4.0工具箱\瑞星\BACKUP\C@DOCUMENTS AND SETTINGS@ALL USERS@APPLICATION DATA@KSMBAK@{62F615F8-519E-4BCF-B5DA-B25095CF6E2B}
F:\4.0工具箱\瑞星\BACKUP\C@WINDOWS@FONTS@CTM01025.TTF
F:\4.0工具箱\瑞星\BACKUP\C@WINDOWS@FONTS@CTM11008.TTF

[2.8.2.8.1115 - 2.8.61.9.0128]
2009-02-01 15:49
[Trojan.HBx]
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{09BA0F2E-6B71-431B-A4D8-5B815A5E7435}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{0A7BD2A5-12D7-42D5-B629-BF61D4A94073}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{11A6819F-312A-4CC2-B94E-F12FDDBAD865}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{180587EF-5C94-4B1F-8AED-C7B31FA53495}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{18067360-7D99-4C3A-B190-BBF8289FA898}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{1AF6C7FE-2CEA-474B-95F9-5CB86BA78403}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{1E39A9C8-F5E5-4FAC-BF08-0BD787A86CA6}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{210743AA-35C7-47CA-85A1-E53DB42E92CA}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{418FF4E2-1EF4-46A3-A0DE-FA1AF7ACCC28}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{4272BFB8-AF58-4811-9166-B2F89D719047}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{72A9EACB-3260-4B57-80EC-8402E6B4C26E}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{7A66076C-B56E-4A2E-BE54-CC168B3F449D}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{867AE576-6DBB-417F-8647-00DF6B5839F1}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{98D91DCE-1A13-4BF8-9DE2-A074C9E25BF9}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{B84568C1-2BC7-4F8C-9419-72B8066263CD}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{BCA56FB2-1ED8-4EF6-AE25-3E160F1D73AC}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{C5E70E2E-58A1-4074-A9A8-BED9D26E778B}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{C5EFD8C7-96B0-431A-BA96-AB742242933B}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{D8B0C56A-DFEF-4978-8AF7-578C07EC9809}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{D9A6802A-5725-4C50-BC2C-99863AC4363C}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{DBCD5DCE-D043-4D4A-BD56-EE8984414333}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{DE018380-B49C-42CA-8460-7240B7233982}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{DF09817C-ED9E-4570-A58C-E54E991EB801}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{E23A02BF-5FE4-4C21-84C7-67934D710E29}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{EFD0D1BA-042A-40ED-88AA-482368A19FF2}
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KSMBAK\{EFFECC69-C138-47BE-B190-F900CADE04A1}

[2.8.2.8.1115 - 2.8.61.9.0128]
2009-02-01 15:49
[Infected PE file]
F:\FOUND.000\DIR0001.CHK\_RESTORE{4A868894-65BC-436D-BE76-14D2EF42B7AA}\RP1\A0001012.EXE