瑞星卡卡安全论坛
风之咏者 - 2005-5-2 22:20:00
希望本列表能够被不断维护、更新、补充,成为解读HijackThis扫描结果的一份有价值的参考文献。
本文的写作目的是为大家分析HijackThis扫描结果提供一个恶意O16项列表。网上已有O2、O3、O4项目的列表,但如本文这样的O16列表在下却没有找到。这里我定义的恶意O16项指的是明确被杀毒软件认定为木马、木马释放器、木马下载器、广告/间谍软件、后门程序、恶意拨号小程序、危险工具的那些程序(真正的病毒似乎尚未在O16项目中看到)。
当然,还有许多(比本文提到的那些多得多)安装上之后可能造成浏览器运行缓慢、系统不稳定的属于O16项的程序,但尚未被杀毒软件确认为恶意程序(有些反广告/间谍软件可能会报告这些项目)。这些程序在本文中并未收录,这是有意的,我想,那些应该属于“推荐删除的O16项目”,而不是本文针对的“恶意O16项”。
本人检测文中提到的各恶意O16项时使用的杀毒软件是kaspersky(卡巴斯基)4.5版,选择这款杀毒软件的主要原因是:
1 这些O16项绝大部分来自国外,国产杀毒软件在检测它们时不占优势,所以选择一款国外杀毒软件更合适些。
2 卡巴斯基的病毒库比较大。
3 卡巴斯基的扩展库分类清晰,很好地覆盖了本文提到的“恶意O16项”。
我也试用了另外几款国外的杀毒软件,最终还是选定卡巴斯基作主要的“法官”来裁定“恶意O16项”。这一选择在相当程度上仅仅是本人的使用偏好。卡巴斯基当然不是万能的,但我已努力将遗漏的风险降到最低。我可给卡巴斯基实验室处理新样本的工程师添了不少麻烦,有一次我一晚上发过去大量样本,最终Eugene先生回复我:“下次升级后自己看吧(see the stuff in next updates)。”
本文主要内容的格式如下
O16 - DPF: {class ID}-(名称)
例一 卡巴斯基检测结果
例二 卡巴斯基检测结果
……
其中,(名称)一项不是一定会有的,下面的例子也仅仅是其中的一部分。
检测结果中,Trojan、TrojanClicker指木马,TrojanDropper指木马释放器,TrojanDownloader指木马下载器,Backdoor为后门程序。所有标明“not-a-virus”的都未被卡巴斯基收录到标准病毒库中,它们是卡巴斯基的扩展库查出来的,其类别包括广告程序(AdvWare)、恶意拨号程序(Dialer)、可能被用来做坏事的危险工具(RiskWare)等。
在解读HijackThis扫描结果的O16项时,如果您愿意参考本文,请以class ID (即CLSID,大括号里那串数字)为准(文中有特别说明的几个除外)。本文中 class ID 后面列出的那些链接仅仅是部分例子,如果您发现您面前的某份HijackThis扫描结果中出现了本文中某个class ID,而后面的链接未在本文中提供的那些例子中出现,您可以——
1 用杀毒软件检验相应文件,查不出的可以上报
2 自己简单分析一下,如果链接中的网站名称与现有的例子相同或相似、最终指向的文件的名称与现有的例子相同或相似,那么是恶意项的可能相当大。如果文件名或者链接中带有“sex”、“adult”、“dialer”、“casino”、“free_plugin”字样, 一般应该修复。如果是cab文件的话,甚至可以下载下来打开看看,如果其内容与例子中提到的某个cab包中的内容差不多,则高度可疑。
3 如果您能将情况顺便通知本版版主,那么十分感谢!让大家共同维护此列表吧!
还要说明一下,为写作本文,本人浏览了大量的HijackThis扫描结果,本文里所列举的所有例子本人均下载到样本进行了检验。有很多十分可疑的项目,由于相应的下载链接已失效,最终全部被排除在本文之外。我当时可以下载,不代表那些例子中的链接在您阅读本文时依然有效(这一点本人深有体会)。
如果您使用卡巴斯基检查某样本,没能得到本文中例子里相应的杀毒结果——
1 卡巴斯基现在不报告:可能该恶意程序“回心向善”了(可能不大),但更可能该样本换了新版(我常遇到),别犹豫,赶紧上报。还有一种可能就是卡巴斯基调整病毒库后的确不再报告它了。
2 卡巴斯基现在报告,但版本号码不同:该样本换了新版。
3 卡巴斯基现在报告它为另一种恶意程序:可能该样本换了新版,也可能卡巴斯基调整了病毒库,比如原先报告为木马或木马下载器,后来被改划为广告程序或危险工具,这个也有过。
如果卡巴斯基查出的某样本您中意的某杀毒软件不报告——
赶紧上报呀!国产3大杀软都承诺首报有奖。但我运气不好,常常上报人家“已有”的样本,现在我把上报的机会留给运气好的朋友啦!不过,对本列表中的“not-a-virus”(非病毒)类样本,大多数国产杀毒软件是不报告的,这是病毒定义的不同,我们在这里不讨论这个。如果一个样本卡巴斯基报“not-a-virus”,而其它杀毒软件报告为木马或别的什么,那也是常事。这还是不同公司对病毒的分类标准不同造成的。
注:
1 HijackThis扫描结果的O16项 - 下载的程序文件,就是Downloaded Program Files目录下的那些ActiveX对象。这些ActiveX对象来自网络,存放在Downloaded Program Files目录下,其CLSID记录在注册表中。
2 使用HijackThis修复某个O16项后,请建议该用户手动检查“Downloaded Program Files”目录下的相应文件是否被删除。虽然HijackThis修复某个O16项时会试图删除相应文件,但由于各种原因,有时可能无法真正删除。
3 本文没有提到3721的O16项(虽然卡巴斯基视它作广告程序),愿意装的朋友自有其道理,想卸载或免疫则可以求助于专门工具,反正只清除其O16项并不能彻底清除它。
4 为安全意见,所有例子中的http都被改为hoop。
风之咏者 - 2005-5-2 22:22:00
HijackThis恶意O16项目列表正文(以class ID为序)
无class ID
O16 - DPF: v2cab - hoop://install.searchmiracle.com/cab/v2cab.cab
not-a-virus:AdvWare.ToolBar.EliteBar.l
O16 - DPF: v3cab - hoop://searchmiracle.com/cab/v2cab.cab
TrojanDownloader.Win32.Small.xo
O16 - DPF: IEToolbarCab - hoop://www.dailytoolbar.com/DailyToolbarAff.CAB
Trojan.Win32.StartPage.ny
风之咏者 - 2005-5-2 22:22:00
开头数字为0
O16 - DPF: {00000000-0000-0000-0000-000020030000}-
hoop://www.7adpower.com/dialer/newz.exe not-a-virus:RiskWare.Dialer.Vact.a
hoop://www.accessoveloce.com/webline/x/wgodscp1x.exe trojan.win32.dialer.a
hoop://xxxtrayicon.com/xtrayinst.exe Trojan.Win32.VB.jl
hoop://www.accessoveloce.com/mar/x/igmp4f.exe not-a-virus:PornWare.Dialer.Libero
hoop://www.cartoni-porno.com/CartoniPorno.exe Trojan.Win32.Dialer.a
hoop://www.accessoveloce.com/webline/x/brigida1x.exe Trojan.Win32.Dialer.a
O16 - DPF: {00000000-0000-0000-0000-000020040000}-
hoop://207.234.185.217/ABoxInst_int5.exe Trojan-Downloader.Win32.VB.ft
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC}-
hoop://install.global-netcom.de/ieloader.cab TrojanDownloader.Win32.Ladder
O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC}-(IELoaderCtl Class)
hoop://freeload.cc/secure/ieloader.cab TrojanDownloader.Win32.Ladder
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA}-
hoop://test.outwar.com/np/Otw0i.cab TrojanDropper.Win32.Bunch
(F1 Organizer Class) - hoop://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab
TrojanDownloader.Win32.Rameh.c
hoop://www.addictivetechnologies.net/DM0/cab/aess11.cab TrojanDownloader.Win32.Rameh.c
hoop://www.addictivetechnologies.net/DM0/cab/AESS2.cab TrojanDownloader.Win32.Rameh.c
hoop://www.originalicons.com/members/arrtv.cab TrojanDownloader.Win32.Rameh.c
O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040}-(VacPro.olanda_ver3)
hoop://www.advnt01.com/dialer/olanda_ver3.CAB TrojanClicker.Win32.Adpower.a
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D}-(Installer Class)
hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
TrojanDownloader.Win32.IstBar.ci
(新版为TrojanDownloader.Win32.IstBar.dw)
hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
TrojanDownloader.Win32.IstBar.dc
(新版为TrojanDownloader.Win32.IstBar.dw)
hoop://www.negativebeats.com/mp3.plugin.exe TrojanDownloader.Win32.Swizzor.t
hoop://www.lyricsdomain.com/download.mp3.exe TrojanDownloader.Win32.Swizzor.t
hoop://www.mp3.mbytes.net/free/MP3_Plugin.exe TrojanDownloader.Win32.Small.bp
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8}-(SBITAX7Ctrl Class)
hoop://ultimateplugin.com/tl7000.dll TrojanProxy.Win32.Sobit
hoop://ultimateplugin.com/tl7000_cert1.dll TrojanProxy.Win32.Sobit
hoop://download.tibsystems.com/tl7000.dll TrojanProxy.Win32.Sobit.c
hoop://directplugin.com/tl7000.dll TrojanProxy.Win32.Sobit.c
hoop://www.movie-browser.com/tl7000.dll TrojanProxy.Win32.Sobit.c
O16 - DPF: {01A477AC-21E7-49F7-BCB6-A42663187299}-(XEng004.XEng004Ctl)
hoop://iii.tv/pink/004/XEng004.CAB not-a-virus:PornWare.Dialer.Cutygirls.a
[形如XEng0??.CAB(?代表一个数字)的文件,包括
hoop://iii.tv/pink/001/XEng001.CAB
……
hoop://iii.tv/pink/038/XEng038.CAB
或
hoop://cutygirls.net/pink/001/XEng001.CAB
……
hoop://cutygirls.net/pink/038/XEng038.CAB
均为not-a-virus:PornWare.Dialer.Cutygirls类的恶意拨号器。其class ID (CLSID)各不相同,在此就不一一列出了。]
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90}-(Loader Class)
hoop://connect.online-dialer.com/MaConnect.cab TrojanDownloader.Win32.IstBar.s
hoop://63.217.29.115/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://63.219.181.7/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://63.217.29.115/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://connect.online-dialer.com/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7}
hoop://64.62.232.4/gamesplayground/060548/uk/fullgames/fullgames.exe TrojanDownloader.Win32.PlayGames.a
hoop://64.156.31.70/058776uk.exe not-a-virus:PornWare.Dialer.Playground.b
hoop://64.156.31.70/058565uk.exe not-a-virus:PornWare.Dialer.Playground.b
hoop://access.gamezdump.com/output/060560/uk/fullgames/fullgames.exe
not-a-virus:PornWare.Dialer.Playground.c
hoop://access.gamesplayground.com/output/011259/uk/fullgames/fullgames.exe
not-a-virus:PornWare.Dialer.Playground.c
hoop://64.156.31.99/060219/se/fullgames/fullgames.exe not-a-virus:PornWare.Dialer.Generic
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D}-(preload control)
hoop://www.thepaymentcentre.com/build/preload.cab TrojanDownloader.Win32.Dyfuca.w
hoop://www.thepaymentcentre3.com/build/preload.cab TrojanDownloader.Win32.Dyfuca.w
O16 - DPF: {03D2A95A-0AA6-1EF5-6370-092512235D29}-
hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A}-(Marcador Class)
hoop://acceso.masminutos.com/software.cab not-a-virus:PornWare.Dialer.Lanzar
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E}-(VacPro.win98_P)
hoop://www9.advnt01.com/dialer/win98_P.CAB not-a-virus:Porn-Dialer.Win32.Creazione.i
O16 - DPF: {04E67FD9-0D85-463B-06D9-0CB62CDB2C67}-
hoop://69.50.188.54/1/gdnAU208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8}-(EGEGAUTH Class)
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab Trojan.Win32.P2E.g
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_FR_XP.cab Trojan.Win32.P2E.g
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78}-(preload control)
hoop://www.thepaymentcentre.com/build/preload2.cab TrojanDownloader.Win32.Dyfuca.aw
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE}-(iiittt Class)
hoop://www.begin2search.com/toolbar/winb2s32.cab not-a-virus:AdWare.Beginto.a
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F}-(AsyncDownloader Class)
hoop://survey.otxresearch.com/Preloader.dll not-a-virus:RiskWare.Downloader.OTXloader
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D}-
hoop://www.searchwww.com/search.cab TrojanClicker.VBS.Krepper
O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602}-(vviewer control)
hoop://www.thepaymentcentre.com/build/vviewer.cab TrojanDownloader.Win32.Dyfuca.ch
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650}-
hoop://corp.mail.com/bargainbuddy/emcam_bbi8015.cab not-a-virus:AdvWare.BargainBuddy.a
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}-
hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab TrojanDownloader.Win32.Wintrim.ah
hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab TrojanDownloader.Win32.Wintrim.ai
hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab TrojanDownloader.Win32.Wintrim.ai
hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab TrojanDownloader.Win32.Wintrim.ah
O16 - DPF: {0D676488-AEB4-455D-9A8F-4E241092A0F0}-
hoop://media.euniverse.com/cursorzone/files/Butterfly_ani_setup_td035.cab
TrojanDownloader.Win32.Keenval.c
O16 - DPF: {0DCBCE0D-74B5-CE5F-39ED-4C3EE4EF5B61}-
hoop://public.searchbarcash.com/cab/019/hxpgzotx.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {0EDE9EAA-A2DB-79A9-38EB-BFBF5C5236DF}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/335/kdsaqcfv.cab Trojan.Win32.TalkStocks.a
风之咏者 - 2005-5-2 22:24:00
开头数字为1
O16 - DPF: {10000000-1000-0000-1000-000000000000}-
ms-its:mhtml:file://C:\foo.mht!hoop://www.free32.com/POP.CHM::/sp.exe
TrojanDownloader.VBS.Psyme.q 和 Trojan.Win32.Spooner.f
ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//bestporn/main.chm::/load.exe
TrojanDownloader.Win32.Donn.r 和 TrojanProxy.Win32.Mitglieder.x
ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//ruzan/main.chm::/load.exe TrojanDownloader.Win32.Donn.r
mhtml:file://C:\ARCHIVE.MHT!hoop://195.225.176.3//mas2/server.exe Trojan.Win32.Scagent.d
O16 - DPF: {10003000-1000-0000-1000-000000000000}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://195.225.177.8/count/chm/cool.chm::/cool.exe
TrojanDownloader.Win32.Agent.av
ms-its:mhtml:file://C:\foo.mht!hoop://81.211.105.37/30096/online.chm::/on-line.exe
TrojanDownloader.Win32.Agent.k
ms-its:mhtml:file://C:\foo.mht!hoop://195.225.177.13/11223/online.chm::/on-line.exe
TrojanDropper.Win32.Small.hx
ms-its:mhtml:file://C: oo.mht!hoop://sexxxxtv.com/module.chm::/in.exe Trojan-Downloader.JS.generic
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736}-
hoop://hot.thebugs.ws/fav.exe Trojan.Win32.StartPage.fg
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E}-
hoop://directplugin.com/dialers/109446.exe not-a-virus:PornWare.Downloader.Tibsystems
O16 - DPF: {11010101-1001-1111-1000-110112345678}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.179.54/winsearchie32.chm::/winsearchie32.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.173.253/winsearchie32.chm::/winsearchie32.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.31.79.102/searchinfoxyz.chm::/searchinfoxyz.exe
TrojanDownloader.Win32.Small.zd
ms-its:mhtml:file://C:oo.mht!hoop://cellaphone.net/helps/079057/iehelp.chm::/win.exe
Trojan-Downloader.Win32.Small.aag
O16 - DPF: {11010101-1001-1111-1000-110164567732}-
ms-its:mhtml:file://C:MAIN.MHT!hoop://www.008i.com//x//f//10213//inst.chm::/f10213.exe
TrojanDownloader.Win32.WinShow.af
O16 - DPF: {11111111-1111-1111-1111-11??????????}-
mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f10213.exe
TrojanDownloader.Win32.Petrolin.a
mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f22776.exe
TrojanDownloader.Win32.Small.ug
[请注意,?在这里代表某个数字,该种木马下载器的CLSID后几位是变动的,指向的是以f开头后加5个数字作为文件名的exe文件。]
O16 - DPF: {11111111-1111-1111-1111-111111111111}-
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?xdat=&url=hoop://66.117.38.54:80/dexDK534.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE554.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE535.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.37.5:80/iex/ofile.exe?url=hoop://66.117.37.5:80/dexGB285.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexUS585.exe
以上各exe文件均属于TrojanDownloader.Win32.Small家族
hoop://ams-download.nocreditcard.com/download/newdial-erp/1498/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://ams-download.nocreditcard.com/download/newdial-erp/1676/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://usa-download.nocreditcard.net/download/newdial-erp/1736/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://207.246.124.105/cabs/ROOSTRS3002/TPS108.cab not-a-virus:AdvWare.BiSpy.d
hoop://www.springboard.nl/plugin/hotpages3.exe not-a-virus:PornWare.Dialer.Generic
hoop://seks.a4.pl/porno-filmy.exe not-a-virus:PornWare.Dialer.Plsex
[遇到CLSID:11111111-1111-1111-1111-111111111111(也许末尾几位有变动)请大家多加注意,因为这些项目可能与IE一个漏洞相关。这个CLSID下,如下的几个都很可能是恶意的。
file://c:\info6.cab
file://c:\windows\temp\demo.exe
file://c:\windows\calc.exe]
O16 - DPF: {11111111-1111-1111-1111-111111111112}-
hoop://www.latenight.nl/launcher.exe TrojanDownloader.Win32.Small.et
O16 - DPF: {11111111-1111-1111-1111-111111111123}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/148.chm::/file.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/123.chm::/file.exe
TrojanDropper.Win32.Small.ig
新版本为 TrojanDropper.Win32.Small.lf
ms-its:mhtml:file://D:est.mht!hoop://yanliangbbs.com/Skins/Default/_notes/test.chm::/test.exe
TrojanDropper.Win32.Delf.ef
its:mhtml:file://C:�.mht!hoop://69.50.191.52/2484/b.chm::/b.exe Trojan.Win32.StartPage.hb
O16 - DPF: {11111111-1111-1111-1111-111111111157}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/legal/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.w
ms-its:mhtml:file://c:\nosuch.mht!hoop://petite-virgins.biz/dl/adv15/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.l
ms-its:mhtml:file://c:\nosuch.mht!hoop://cashsearch.biz/legal/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.r
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/dl/adv94/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.y
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv74/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.y
ms-its:mhtml:file://c:\nosuch.mht!hoop://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe
TrojanDownloader.Win32.Donn.u
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv63/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.gen
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv65/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.al
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv156/x.chm::/load.exe
TrojanDownloader.Win32.Small.yx
O16 - DPF: {11111111-1111-1111-1111-111111111171}-
ms-its:mhtml:file://c:\\nosuch.mht!hoop://line-plus.com/newhelp.chm::/newhelp.exe
Trojan.Win32.StartPage.ij
O16 - DPF: {11111111-1111-1111-1111-111111111237}-
hoop://69.31.87.70/1/deaDE348.exe Trojan.Win32.Dialer.ay
O16 - DPF: {11111111-1111-1111-1111-111111111435}-
hoop://popka1978.ud-dial.biz/dexmsbb.exe Trojan.Win32.Dialer.av
O16 - DPF: {11111111-1111-1111-1111-11237}-
hoop://63.219.178.91/1/deaNZ309.exe Trojan.Win32.Dialer.ay
O16 - DPF: {11120607-1001-1111-1000-110199901123}-
hoop://www.n28.net/n009/on-line.exe Trojan.Win32.Dialer.ce
ms-its:mhtml:file://C:\x.mht!hoop://sxwall.com//page1.chm::/test.exe
TrojanDownloader.Win32.Small.xt
O16 - DPF: {11212111-2121-1311-1141-115611111222} –
ms-its:mhtml:file://d: oo.mht!hoop://69.50.166.213/users/john/web/axe/x.chm::/update.exe
Trojan-Downloader.Win32.Small.anf
O16 - DPF: {1167BEEB-1CB0-47C0-A491-1E40B8EF1285}-
hoop://www.cursorzone.com/cursors/Cherub_setup_td035.cab not-a-virus:AdvWare.IGetNet
hoop://media.euniverse.com/cursorzone/files/Cherub_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000}-
hoop://www.eingang69.de/EroticAccess/Cabs/1796024.cab Trojan.Win32.Dialer.ck
hoop://www.browserplugin.com/eroticAccess/cabs/1764015.cab Trojan.Win32.Dialer.ck
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797}-(Installer Class)
hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab TrojanDownloader.Win32.IstBar.fa
hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab TrojanDownloader.Win32.IstBar.gen
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489}-
hoop://www.2nd-thought.com/files/install052.exe Trojan.Win32.SecondThought.g
hoop://www.2nd-thought.com/files/install.exe Trojan.Win32.SecondThought.r
hoop://www.2nd-thought.com/files/install042.exe Trojan.Win32.SecondThought.c
[注:hoop://www.2nd-thought.com/files/install0??.exe(??为两位数字) 均为Trojan.Win32.SecondThought及其变种]
O16 - DPF: {13D81535-D540-41F0-E8C3-6B94033D7FA9}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {142016BF-5CCA-4C8D-AC01-C4A8F4044AD5}-
hoop://media.euniverse.com/cursorzone/files/Cat_Running_setup_td035.cab
TrojanDownloader.Win32.Keenval
TrojanDownloader.Win32.Keenval.b
TrojanDownloader.Win32.Keenval.c
O16 - DPF: {146D0CDE-BDC7-0DD9-25CA-00BB7ECE235A}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {14B4AA8C-B624-440E-9730-26BA47E48A24}-
hoop://www.cursorzone.com/cursors/waving_flag2_setup_td035.cab not-a-virus:AdvWare.IGetNet
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A}-
hoop://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe TrojanDownloader.Win32.Agent.h
O16 - DPF: {15651C7C-E812-44A2-A9AC-B467A2233E7D} (SrchHook Class) -
hoop://www.123mania.com/GIDCAI32.cab not-a-virus:AdvWare.123Mania.c
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
hoop://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1
bridge-c284.cab/WinAdCtlX.dll not-a-virus:AdWare.WinAD
hoop://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c1.cab not-a-virus:AdWare.WinAD.j
hoop://static.windupdates.com/cab/CDTInc/ie/bridge-c8.cab not-a-virus:AdWare.WinAD.j
hoop://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c15.cab not-a-virus:AdWare.WinAD.w
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
hoop://files.cometsystems.com/cometcursor/21_cometzone/comet.cab not-a-virus:AdWare.Comet.a
hoop://files.cometsystems.com/cometcursor/cobrand/comet.cab not-a-virus:AdWare.Comet.a
hoop://files.cometsystems.com/cometcursor/comet.cab not-a-virus:AdWare.Comet.g
O16 - DPF: {171DFC0E-BE53-4919-9DFB-528560D5153B}-
hoop://media.euniverse.com/cursorzone/files/spider_setup_td035.cab
TrojanDownloader.Win32.Keenval 和 TrojanDownloader.Win32.Keenval.b
O16 - DPF: {172AD74F-3EB9-6839-80BA-2C9F70F7C31B}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {17716803-0E74-1448-ECCC-179A4786F337}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
风之咏者 - 2005-5-2 22:24:00
开头数字为1(续)
O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) -
hoop://www.nakayubi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://hitoriasobi.com/hello/cab/Hot_net2.CAB
Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/idolhappy/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/morning/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/sailor/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/sexypocket1/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/sexypocket51/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.hitoriasobi.com/netidol/idoler/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
hoop://www.hitoriasobi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81}-(TEInstallPlugIn)
hoop://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
not-a-virus:RiskWare.Downloader.Skilin.a
O16 - DPF: {1951A928-84D6-4CF0-D413-5DA623BD3DB3}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85}-
hoop://dm.cometsystems.com/dm/dm_286.cab not-a-virus:AdvWare.Comet
(DMProxyCtl Class) –
hoop://dm.cometsystems.com/dm/dm_274.cab not-a-virus:AdvWare.Comet
O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B}-
hoop://www.netbroadcaster.com/player/MovieNetworks1.exe not-a-virus:AdvWare.Downloadware
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1}-
hoop://streamp.babenet.com/cabs/videox.cab not-a-virus:AdWare.BHO.RedHotNet.a
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC}-(IEDial Class)
hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2XP.cab
TrojanDownloader.Win32.Wintrim.l
hoop://usa-download.nocreditcard.net/download/Object/DialerHTML/ieaccess3XP.cab
TrojanDownloader.Win32.wintrim.q
hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg
hoop://usa-download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg
hoop://download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}-
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
not-a-virus:RiskWare.Downloader.FunWeb
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
not-a-virus:RiskWare.Downloader.FunWeb
hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab TrojanDropper.Win32.FunWeb.a
hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab TrojanDropper.Win32.FunWeb.a
hoop://imgfarm.com/images/nocache/funwebproducts/MySignatureInitialSetup1.0.0.5.cab
not-a-virus:RiskWare.Downloader.FunWeb
O16 - DPF: {1E50B82A-0D78-48B9-97EC-391B2F81CE8A}-(IELoaderCtl Class)
hoop://acxd.freeload.cc/ieloader.cab TrojanDownloader.Win32.Ladder.b
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2}-
hoop://directplugin.com/plugin/109738.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/plugin/109998.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/plugin/111939.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://ultimateplugin.com/plugin/109185.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://ultimateplugin.com/plugin/111116.exe not-a-virus:PornWare.Downloader.Tibsystems
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D}-
hoop://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab not-a-virus:RiskWare.Dialer.E-Group.f
hoop://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab not-a-virus:RiskWare.Dialer.E-Group.f
O16 - DPF: {1F20CF42-B381-4181-8C2A-A389B1022E6E}-(Dialer.Class1)
hoop://www.ipxs.nl/php/fundate.CAB not-a-virus:PornWare.Dialer.Fundial
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150}-(UCSearch.ucUCSearch)
hoop://www.armbender.com/UCSearch.CAB TrojanDownloader.Win32.VB.bn
hoop://www.zuvio.com/UCSearch.CAB TrojanDownloader.Win32.VB.dc
风之咏者 - 2005-5-2 22:25:00
开头数字为2
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167}-
hoop://download.abetterinternet.com/download/cabs/STOP8105/payload.cab
Trojan.Win32.KeyHost.a 和 Trojan.Win32.KeyHost.e
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA}-
hoop://c.coolshader.com/download/dialer/us_cax.cab TrojanDownloader.Win32.Small.fy
hoop://cl55.biz/tracker/eu_cax.cab TrojanDownloader.Win32.Small.fy
(CAX Object) - hoop://dl.dialerssolution.com/cax.cab TrojanDownloader.Win32.Small.fy
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C}-
hoop://www.stop-sign.com/pub/download/stop-sign_stp.cab TrojanDownloader.Win32.Wren.e
hoop://www.stop-sign.com/pub/download/stop-sign_spy.cab TrojanDownloader.Win32.Wren.e
hoop://raven.veloz.com/pub/download/oodlz_8bl.cab
TrojanDownloader.Win32.Wren.e 和 TrojanDownloader.Win32.Wren.h
O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8}-
hoop://pms.localscripts.nl/plugins/1/ms7531_nl.cab Backdoor.Delf.el
hoop://pms.localscripts.nl/plugins/1/ms7531_be.cab Backdoor.Delf.el
O16 - DPF: {22E5705C-991A-4646-9053-A9525CA7222A}-
hoop://www.topmoxie.com/external/builds/mypoints/mpmoxie.cab not-a-virus:AdvWare.HelpExpress
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201}-(ddm_download.ddm_control)
hoop://download.rfwnad.com/cab/ddm_control.CAB TrojanDownloader.Win32.Dia.a
O16 - DPF: {23DABBAF-6ED2-3A4C-BC1A-06BD22501901}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {24DDF073-9652-1E44-BEA7-46E1091021ED}-
hoop://213.159.117.150/1/rdgCN10.exe Trojan.Win32.Dialer.ay
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322}-
hoop://download.websearch.com/Dnl/T_50024/QDow.cab TrojanDownloader.Win32.QDown及其变种(相当于例子中T_50024的位置实际上可能出现的数字组合很多)
hoop://dst.trafficsyndicate.com/Dnl/T_50015/btiein.cab
not-a-virus:RiskWare.Tool.Exporun 和 TrojanDownloader.Win32.QDown.h
O16 - DPF: {28798E4E-C408-4BA7-8D60-AD24BFF4211F}-
hoop://media.euniverse.com/cursorzone/files/star_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98}-(CR64Loader Object)
hoop://www.miniclip.com/bestfriends/retro64_loader.dll TrojanDownloader.Win32.Agent.de
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F}-(AInst Class)
hoop://209.47.15.72/inst/activeinstaller.dll TrojanDownloader.Win32.IstBar.s
hoop://images.emailhello.com/f-credit/activeinstaller.dll TrojanDownloader.Win32.IstBar.s
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45}-
hoop://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML.cab TrojanDownloader.Win32.Wintrim.al
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab TrojanDownloader.Win32.Wintrim.al
hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US.cab
TrojanDownloader.Win32.Wintrim.y
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1027
hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1027
O16 - DPF: {2AEBF56B-88C4-7EC4-3B3F-24F1B5AD40FF}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/006/asqkfkgw.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87}-
hoop://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1046_pack_XP.cab
not-a-virus:RiskWare.Dialer.E-Group.1046 和 not-a-virus:RiskWare.Dialer.E-Group.b
O16 - DPF: {2B1B6023-0462-0384-AEDE-7B533E5D09AB}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3}-(IntRuboskizo Class)
hoop://www.britator.com/micab/dialerweb.cab Trojan.Win32.Dialer.s
hoop://www.goxproductions.com/dialers/dialerweb.cab Trojan.Win32.Dialer.s
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A}-
hoop://67.72.100.27/dialerhost/download/Zdst8XLq/sexsoftware.cab not-a-virus:PornWare.Dialer.BillPrayer.b
O16 - DPF: {2EB9EEE6-2E9F-7583-13D7-39B721C78DF8}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {2FC760C7-F4B5-4289-BA28-745D69F9B244}-
hoop://www.cursorzone.com/cursors/flowgo_bird_setup_td035.cab not-a-virus:AdvWare.IGetNet
风之咏者 - 2005-5-2 22:25:00
开头数字为3
O16 - DPF: {30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}-
hoop://www.shopathomeselect.com/agent/realtimeSetup.cab not-a-virus:AdvWare.Sahat.c
O16 - DPF: {3071D45B-D942-30FA-E39C-30AD7C0D437E}-
hoop://69.50.188.54/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} -
hoop://64.156.31.79/100039/uk/ringtone/ringtone.exe not-a-virus:RiskWare.Dialer.PlayGames
O16 - DPF: {31C54AFE-4D52-7855-1036-3A707C1DA5FC}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {34D84CD1-9D2F-4808-4C4D-524A37FA4A4D}-
hoop://213.159.117.150/1/rdgCN10.exe Trojan.Win32.Dialer.ay
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277}-(VacPro.emsat_ver3)
hoop://www.advnt01.com/dialer/emsat_ver3.CAB TrojanClicker.Win32.Adpower.d
O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D}-(WebDownLoad Control)
hoop://www.bypp.com/plmm/3721.ocx TrojanDownloader.Win32.Delf.ab
hoop://www.down99.com/download/Microsoft.ocx TrojanDownloader.Win32.Delf.ab
hoop://www.8975.8u8.com/download/aven.ocx Trojan-Downloader.Win32.Delf.ab
O16 - DPF: {37C0D091-EDEB-4701-8873-B358A4368210}-
hoop://media.euniverse.com/cursorzone/files/pumpkin_setup_td035.cab
TrojanDownloader.Win32.Keenval
TrojanDownloader.Win32.Keenval.b
TrojanDownloader.Win32.Keenval.c
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6}-(38545C2A-03CD-42C3-BC62-C537A6D5A8F6)
hoop://download.online-dialer.com/LiveContent.cab TrojanDownloader.Win32.Small.gd
O16 - DPF: {3AA90BC2-58C0-4F4D-A87C-2C6F3D3CD5FE}-(WBMInstaller Class)
hoop://your.wishbone.com/download/uinstall.cab not-a-virus:AdvWare.Downloadware
O16 - DPF: {3BB64370-3F2A-3F8B-8F87-44F4500CD2AD}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC}-(Loader Class)
hoop://www.sqwire.com/toolbar/SQLoader.cab TrojanDownloader.Win32.Squire.b
hoop://www.sqwire.com/toolbar/SQLoader3303.cab TrojanDownloader.Win32.Squire.b
O16 - DPF: {3F99890F-959A-5E25-6A24-21D53C961B59}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
风之咏者 - 2005-5-2 22:26:00
开头数字为4
O16 - DPF: {400C5DA4-C3F9-265F-4632-5B5A52E1B260}-
hoop://69.50.188.54/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D}-
hoop://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
not-a-virus:AdWare.VirtualBouncer.e
O16 - DPF: {4208564C-62F0-45E6-87DE-0861D11C0613}-
hoop://www.7adpower.com/dialer/usa.CAB not-a-virus:PornWare.Dialer.Creazione.c
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000}-
hoop://www.oyunfabrikasi.com/nl/last/10/060229nl.exe not-a-virus:PornWare.Dialer.Generic
hoop://www.oyunfabrikasi.com/as/2/060172as.exe Trojan.Win32.Dialer.bo
hoop://www.andlotsmore.com/factory/058343be.exe not-a-virus:RiskWare.Dialer.PlayGames
hoop://www.andlotsmore.com/factory/058348nl.exe not-a-virus:PornWare.Dialer.Generic
hoop://www.andlotsmore.com/factory/058440de.exe not-a-virus:RiskWare.Dialer.PlayGames
hoop://64.156.31.98/060128uk.exe not-a-virus:PornWare.Dialer.Silence.a
hoop://63.217.31.12/dial1/058362uk.exe not-a-virus:PornWare.Dialer.Playground.c
hoop://63.217.31.12/dial6/058439uk.exe not-a-virus:PornWare.Dialer.Playground.c
hoop://www.oyunfabrikasi.com/nl/2/060187nl.exe Trojan.Win32.Dialer.cc
hoop://64.156.31.77/nzgames.exe not-a-virus:RiskWare.Dialer.PlayGames
O16 - DPF: {445DCF30-5EBE-25CF-DD26-A286CDC57DA3}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/015/aqqunrih.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3}-(No description)
hoop://naupoint.com/toolbar/installer/iEBINST2.cab not-a-virus:AdWare.Naupoint.a
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C}-
hoop://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab not-a-virus:RiskWare.Dialer.E-Group.d
O16 - DPF: {472AC34B-FC4B-4D62-9DC2-82283B618931}-
hoop://www.cursorzone.com/cursors/Bear_setup_td035.cab not-a-virus:AdvWare.IGetNet
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822}-
hoop://akamai.downloadv3.com/binaries/IA/ia.cab not-a-virus:PornWare.Dialer.IA
hoop://akamai.downloadv3.com/binaries/IA/ia_XP.cab TrojanDownloader.Win32.Wintrim.w
O16 - DPF: {494C4BEF-FAC9-FE5D-ADA1-85B08BA2C789}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/349/wtvuvzaw.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {495290C2-F899-3F27-7DCD-F0A53C127EF2}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/340/dkxbhqqx.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28}-(IntRuboskizo2 Class)
hoop://www.chicasmarcianas.com/ruboskizo2.cab Trojan.Win32.Dialer.c
hoop://www.chicasmodelos.com/ruboskizo2.cab Trojan.Win32.Dialer.c
hoop://www.mangahentaix.com/ruboskizo2.cab Trojan.Win32.Dialer.c
O16 - DPF: {4BE26277-6508-4885-ADFD-CA8B2B5ADBF6}-
hoop://media.euniverse.com/cursorzone/files/rainbow_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {4C0A5F06-35A1-0183-6929-4B052F006BEA}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {4C98718D-270A-3C39-EAF8-63456A1F102F}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000}-
hoop://www.bc777.com/software/SiteHlpr.cab not-a-virus:AdvWare.BC777.a
O16 - DPF: {4CF5275B-CDBC-11D3-A8AF-0090279A5978}-
hoop://www.portalsearching.com/BHO.CAB Trojan.Win32.Toras.b
hoop://www.sexxx-direct.com/BHO.CAB Trojan.Win32.Toras.b
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956}-
hoop://www.terra.es/personal7/loversforever/sv/svchost.exe Trojan.Win32.Lolaweb.b
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D}-
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialTempSetup1.0.0.6.cab
TrojanDownloader.Win32.FunWeb.c
风之咏者 - 2005-5-2 22:26:00
开头数字为5
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2}-
hoop://directplugin.com/dialers/109178.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://www.exittraffic.net/nocreditcard/111602/sexplayer.cab not-a-virus:PornWare.Dialer.AsianRaw.b
hoop://directplugin.com/dialers/109399.exe not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/dialers/109664.exe not-a-virus:PornWare.Downloader.TibSystems
O16 - DPF: {517E6ED4-892A-7B1A-6BE4-386C555BEA13}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0}-(WebPlugin Class)
hoop://webinstall.tscash.com/webinstall.cab TrojanDownloader.Win32.Tinytest
O16 - DPF: {522F629A-4DFE-43FA-8311-6F9C871016C5}-
hoop://media.euniverse.com/cursorzone/files/flowgo_granny_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/350/anmqsrho.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9}-(InPop.InControl)
hoop://adlogix.com/pop/InPop.CAB Trojan.Win32.VB.ex
O16 - DPF: {544B28E8-4746-49EF-A4D5-8F4F3A3556BE}-
hoop://www.cursorzone.com/cursors/flaghand_setup_td035.cab not-a-virus:AdvWare.IGetNet
O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174}-
hoop://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab not-a-virus:AdvWare.SideSearch.c
hoop://dl.lygo.com/Sidesearch/en_US/gamesville/Sidesearch.cab not-a-virus:AdvWare.SideSearch.c
O16 - DPF: {556DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.76/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
hoop://wwb.ieplugin.com/adcampaigns/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.f
hoop://www.marketdart.com/promo/200211aer/md_er_200211aer.cab not-a-virus:AdvWare.MarketDart
O16 - DPF: {55A3DA4D-1EE2-3592-2B47-0855F68B8D7F}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/004/zscrjdjl.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {5794855A-B5E7-25B3-3ADE-400C6A0F45B1}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {582788CA-7014-4904-A4EE-6FB6108AFE8E}-(SrchHook Class)
hoop://www.123mania.com/asrcware.cab not-a-virus:AdvWare.123Mania.a
O16 - DPF: {586DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.227/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
hoop://ww3.ieplugin.com/adcampaigns/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版均为TrojanDownloader.Win32.OneClickNetSearch.f)
O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA}-
hoop://ak.imgfarm.com/images/nocache/mysearch/s4initialsetup1.0.0.7.cab not-a-virus:AdvWare.Downloadware
O16 - DPF: {5A024D01-AF8A-7F7C-1218-472943D521E1}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {5AF007F5-E4B1-4C9A-70A7-482B2D577CCA}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1}-(IntDialerData Class)
hoop://www.grupomarineda.net/auto/DialerData.cab Trojan.Win32.Dialer.c
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}-(SpeedCtrl Class)
hoop://www.atelys.com/src/Speedup.ocx TrojanDownloader.Win32.Agent.aa
O16 - DPF: {5CBA93A3-E0ED-11D5-A70E-00C12601EADE}-
hoop://private-pl.com/welcome/private.exe Trojan.Win32.Dialer.ad
O16 - DPF: {5D8488E6-071F-4694-B3E4-BCD1976770B4}-
hoop://media.euniverse.com/cursorzone/files/ACF11EE.cab TrojanDownloader.Win32.Keenval.e
O16 - DPF: {5DA6A3EB-DEAA-45AD-B303-64A474879FA0}-
hoop://toolbar.globalwebsearch.com/toolbar/gws.cab TrojanSpy.Win32.Globar.b
O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89}-(Fswinst Control)
hoop://www.freescratchandwin.com/files/fswinst07.cab not-a-virus:AdvWare.FreeScratch.a
O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588}-(IntSfTx Class)
hoop://213.229.160.219/dialers/it.cab Trojan.Win32.Dialer.ca
O16 - DPF: {5E09168F-EBE4-4F16-54CC-151053885406}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483}-
hoop://www.dotcomtoolbar.com/toolbar_nieuw13.cab not-a-virus:AdvWare.ToolBar.Dotcom.a
hoop://www.dotcomtoolbar.com/toolbar_nieuw14.cab not-a-virus:AdvWare.ToolBar.Dotcom.b
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289}-(DialerWeb Class)
hoop://212.145.159.194/251065/dialercab/WebRecomendada.cab not-a-virus:PornWare.Dialer.DialWeb
风之咏者 - 2005-5-2 22:27:00
开头数字为6
O16 - DPF: {607DF741-7D0A-11D4-9EDC-005004189684}-
hoop://www.ucmore.com/download/UCmoreIEx.cab not-a-virus:AdvWare.Toolbar.Ucmore
O16 - DPF: {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}-
hoop://www.igetnet.com/downloads/NLN/NLNP40w.exe not-a-virus:AdvWare.IGetNet
hoop://www.igetnet.com/downloads/NLN/NLNP1w.exe not-a-virus:AdvWare.IGetNet
O16 - DPF: {6180ADE2-084F-B0E8-8C0F-150845BF1B73}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/014/wkzgcnny.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A}-(DNL Control)
hoop://www.xzoomy.com/media/MyFIDNL.ocx TrojanDownloader.Win32.Smfin.a
O16 - DPF: {653F689B-250A-794C-DA31-55394F7F7E98}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.227/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
O16 - DPF: {666E4D35-E955-11D0-A707-000000521958}-
hoop://www.ieplugin.com/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
O16 - DPF: {672EDB90-4569-267D-D6D3-4D4F019FEA7C}-
hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092}-(IELoaderCtl Class)
hoop://freeload.cc/secure/ieloader.cab TrojanDownloader.Win32.Ladder
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32}-(VacPro.canada_ver3)
hoop://www.advnt01.com/dialer/canada_ver3.CAB TrojanClicker.Win32.Adpower.c
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3}-(IntPagomaster Class)
hoop://www.especialsexo.com/dll907/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.webcamenvivo.com/xxx/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.peterpaulxxx.com/iconos/dialer/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.lasfamosasdesnudas.com/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.webcamenvivo.com/xxx/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a
O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002}-(XDialer Class)
hoop://www.sex777.com/AX/XDialer2.CAB not-a-virus:PornWare.Dialer.XDial
O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}-(BrowserProxy4 Class)
hoop://download.alexa.com/clients/Alexa7.cab not-a-virus:AdvWare.ToolBar.AlexaBar.a
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F}-
hoop://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
not-a-virus:AdvWare.ToolBar.Hotbar.g 和 not-a-virus:AdvWare.ToolBar.Hotbar.e
O16 - DPF: {6DF7D126-CAAA-7486-945A-059E2ECB7686}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702}-(nCaseInstaller Class)
hoop://bis.180solutions.com/ActiveXInstallers/Installer/nCaseInstaller.cab
not-a-virus:AdvWare.180solutions
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3}-(SCDataDialer Class)
hoop://www.dinerotica.com/download/1,2,0,4/cabdll.cab Trojan.Win32.Dialer.cf
O16 - DPF: {6F3D49A9-8DC8-4566-BF95-9A7776C56F8B}-
hoop://rssexplorer.planet-hood.com/PlanetNews.cab not-a-virus:AdvWare.Toolbar.NewsGator
风之咏者 - 2005-5-2 22:28:00
开头数字为7
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F}-
hoop://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab not-a-virus:AdvWare.Toolbar.MyWay.b
hoop://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab not-a-virus:AdvWare.IWon
O16 - DPF: {7068D82B-D5EA-1ECF-6309-26374E626C93}-
hoop://69.50.188.54/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3}-(VacPro.internazionale_ver3)
hoop://www.advnt01.com/dialer/internazionale_ver3.CAB TrojanClicker.Win32.Adpower.b
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}-(GSDACtl Class)
hoops://www.gamespyid.com/alaunch.cab not-a-virus:RiskWare.Downloader.SpyGame
hoop://launch.gamespyarcade.com/software/launch/alaunch.cab not-a-virus:RiskWare.Downloader.SpyGame
O16 - DPF: {712094AA-62D9-01BE-B407-697709135240}-
hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {715B586F-8A7D-784C-1ECF-75631232B583}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {71926494-983B-17F3-1B61-65BE1593CCBF}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {73ED84D5-7AC8-9BE1-E696-6DD66CE722C0}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/022/kyqczoce.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1}-(PremiumHTML Class)
hoop://213.254.243.5/data/dialercab/IberoDialerHTML.cab not-a-virus:PornWare.Dialer.IberoDial
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243}-(SecureLogin.SecureControl)
hoop://secure2.comned.com/signuptemplates/ActiveSecurity.cab VirTool.Win32.Collector
O16 - DPF: {75D79D57-B6BC-2CAE-90C0-29B25C15F014}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {78C53944-60C9-7F92-CD75-5AA57D10E0D0}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C}-(Loader2 Control)
hoop://static.topconverting.com/activex/loader2.ocx Trojan-Downloader.Win32.Agent.ex
hoop://67.19.185.246/i/1/loader2.ocx Trojan-Downloader.Win32.Agent.ex
O16 - DPF: {7A7FF9DC-69EA-425E-AA1F-ECCD44F58AFF}-
hoop://media.euniverse.com/cursorzone/files/pilgrimhat_setup_td035.cab
TrojanDownloader.Win32.Keenval 和 TrojanDownloader.Win32.Keenval.c
O16 - DPF: {7AFFC7A3-7E55-7463-6A7D-43A96A972CB7}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {7B6A80DC-F6C3-0864-35F3-34583AFD0D89}-
hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
O16 - DPF: {7D267CC5-37FC-7F71-A131-45B97A4F4BEA}-
hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {7E6692C9-E45C-5347-35B0-2F5100570ECC}-
hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay
O16 - DPF: {7EEA54BA-9308-26D0-BE93-BADD1B28DF1E}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/031/zkhtrzah.cab Trojan.Win32.TalkStocks.a
风之咏者 - 2005-5-2 22:29:00
开头数字为8
O16 - DPF: {823EA0D2-42C1-43C0-8F25-728CBC5E2195}-
hoop://media.euniverse.com/cursorzone/files/poo_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE}-(DialXSCtl Object)
hoop://dialxs.nl/install/dialxs.ocx not-a-virus:PornWare.Dialer.Generic
hoop://www.x0.nl/install2/dialxs.ocx not-a-virus:PornWare.Dialer.DialXS.a
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851}-
hoop://www.sizzlingcity.com/movies/acrobatic_sex.cab not-a-virus:PornWare.Dialer.Generic
hoop://www.40best.com/Free_Mp3search.exe TrojanDownloader.Win32.Small.bp
hoop://www.musicmass.com/MP3_Plugin.exe TrojanDownloader.Win32.Small.bp
hoop://2passwords.com/all_FREE_xxx.exe not-a-virus:PornWare.Dialer.Generic
hoop://216.65.38.226/Download_Plugin.exe TrojanDownloader.Win32.Swizzor.c
hoop://198.143.27.5/USA.cab not-a-virus:PornWare.Dialer.Generic
hoop://www.hollywood-hoes.com/members/celebs-nude.cab not-a-virus:PornWare.Dialer.AsianRaw.a
hoop://38.144.58.37/gb/xxx.cab Trojan.Win32.Dialer.g
hoop://198.143.27.15/xxxsite/05274.cab Trojan.Win32.Dialer.g
hoop://198.143.27.16/xxxpics.cab Trojan.Win32.Dialer.g
hoop://mywebpage.netscape.com/fullalbumsplugin/full_albums.exe
TrojanDownloader.Win32.Swizzor.c
hoop://198.143.27.5/Japan.cab not-a-virus:PornWare.Dialer.AsianRaw.k
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC898}-
hoop://www.kogalu.com/sou/xinternz/max.exe TrojanDownloader.Win32.Sandesa.11
O16 - DPF: {855FB119-4791-423B-BC32-BA7E9F037BB1}-(DialerX Control)
hoop://www.sweet-honey.net/nb/DialerX.cab virus:RiskWare.Dialer.Telemedia.b
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899}-
hoop://www.kogalu.com/sou/xkana/sex.exe Trojan.Win32.Dialer.af
O16 - DPF: {860489A4-76CF-496C-ACA6-534F391D5332}-(Helper Class)
hoop://www.commonname.com/english/toolbar/cnbabeb3.cab not-a-virus:AdvWare.ToolBar.CommonName.a
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604}-(_Multimedia Player)
hoop://www.pussyharem.com/stream/mmp.cab 上报
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917}-
hoop://tdmy.com/180/webinstaller.exe TrojanDownloader.Win32.Swizzor.h
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9}-
hoop://acces-direct.net/20222/adh1_sexarea.exe not-a-virus:PornWare.Dialer.Generic
O16 - DPF: {8702D9E1-890B-4BF2-A233-FA44E582B2DE}-(Dialer_activex Control)
hoop://vad.mainentrypoint.com/dialer/bin/CE10000/TEST/dialer_activex.cab
TrojanDownloader.Win32.Small.nb
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7}-
hoop://download.websearch.com/Dnl/T_50020/QDow_AS2.cab TrojanDownloader.Win32.QDown.l
hoop://download.websearch.com/Dnl/T_50138/QDow_AS2.cab TrojanDownloader.Win32.QDown.l
O16 - DPF: {8721F16D-CBF8-4CE5-B924-18D64E12E77E}-(BDEInstallMan3 Class)
hoop://www.altnet.com/install/dman4.cab not-a-virus:AdWare.Altnet.a
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD}-
hoop://www.clicktracking.info/ctadl1.cab TrojanDownloader.Win32.Small.ia
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.78/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF}-(Matrix Class)
hoop://acceso.masminutos.com/aplicacion.cab TrojanDownloader.Win32.Perfiler.b
hoop://acceso.masminutos.com/laaplicacion.cab TrojanDownloader.Win32.Perfiler.b
(新版为TrojanDownloader.Win32.Perfiler.e)
O16 - DPF: {8B22270A-71D9-4AB9-B11A-2EA1E5292F42}-
hoop://www.fullmovies.nl/tools/videoplayer/player.cab Trojan.Win32.Dialer.cp
O16 - DPF: {8C6C6922-6258-44AC-9912-53964AC55272}-(xload Class)
hoop://217.160.140.67/download/xloader8.cab TrojanDownloader.Win32.Xatl.a
hoop://217.160.140.67/download/xloader10.cab TrojanDownloader.Win32.Xatl.b
风之咏者 - 2005-5-2 22:29:00
开头数字为9
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC}-
hoop://www.fizzlewizzle.com/installfiles/powertools.cab TrojanDownloader.Win32.VB.es
hoop://www.thecoolbar.com/installfiles/coolbar.cab TrojanDownloader.Win32.VB.eu
O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846}-(Squire Class)
hoop://update.searchsquire.com/SearchSquire33.CAB not-a-virus:AdvWare.SearchSquire
O16 - DPF: {912EE662-9BDF-DBCA-9FEC-CC133D477FFF}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/001/rnmrnkoe.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339}-
hoop://content.netvenda.com/sites/games-intl/at/games4.cab Trojan.Win32.Dialui
[注:从games1.cab到games40.cab均是]
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339}-
hoop://www.netvenda.com/sites/games-intl/ca/games1.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/ca/games2.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/ca/games3.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/ca/games4.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/de/games4.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/pl/games4.cab Trojan.Win32.Dialui
hoop://www.netvenda.com/sites/games-intl/cn/games2.cab Trojan.Win32.Dialui
O16 - DPF: {922667B5-A367-4531-9F25-1C48F9B36593}-
hoop://media.euniverse.com/cursorzone/files/drumstick_setup_td035.cab
TrojanDownloader.Win32.Keenval 和 TrojanDownloader.Win32.Keenval.c
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7}-
hoop://toolbar.searchit.com/searchit_toolbar.cab not-a-virus:AdvWare.ToolBar.SearchIt.b
O16 - DPF: {9387B9E0-3DA2-436E-88E5-FA09AE3A48C0}-
hoop://www.lazychestnuts.net/0014/ph/pup.CAB TrojanClicker.win32.VB.an
O16 - DPF: {940EC490-8C20-4360-A725-1F44984933DF}-(fairtale.Class1)
hoop://www.fairtale.com/dialer/fairtale.cab Trojan.Win32.Dialer.cz
O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F}-(HTMLAccess Class)
hoop://usa-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess.cab
TrojanDownloader.Win32.Wintrim.p
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccessXP1040.cab
TrojanDownloader.Win32.Wintrim.bh
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccessXP1041.cab
TrojanDownloader.Win32.Wintrim.m
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccessXP1042.cab TrojanDownloader.Win32.Wintrim.g
hoop://fr4-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccessXP1042.cab
TrojanDownloader.Win32.Wintrim.bf
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccessXP1043.cab
TrojanDownloader.Win32.Wintrim.bf
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccessXP1044.cab
TrojanDownloader.Win32.Wintrim.m
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess1043.cab TrojanDownloader.Win32.Wintrim.o
hoop://usa-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess1040.cab TrojanDownloader.Win32.Wintrim.av
hoop://fr4-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess1042.cab
TrojanDownloader.Win32.Wintrim.bw
hoop://usa-download.nocreditcard.com/download/Object/DialerHTML/DHTMLAccess1043.cab
TrojanDownloader.Win32.Wintrim.o
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2}-
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack.cab
TrojanDownloader.Win32.Wintrim.y 和 not-a-virus:RiskWare.Dialer.E-Group.1025
hoop://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
not-a-virus:RiskWare.Dialer.E-Group.1025
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
not-a-virus:RiskWare.Dialer.E-Group.1027
not-a-virus:RiskWare.Dialer.E-Group.1025
hoop://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
not-a-virus:RiskWare.Dialer.E-Group.1027
not-a-virus:RiskWare.Dialer.E-Group.1025
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B}-
hoop://akamai.downloadv3.com/binaries/LiveService/LiveService_4_EN_XP.cab
TrojanDownloader.Win32.Wintrim.bk
O16 - DPF: {970BF476-3CF2-4572-9EF9-4479E1591DB8}-(VacPro.belgio_ver3)
hoop://www.advnt01.com/dialer/belgio_ver3.CAB TrojanClicker.Win32.Adpower.a
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511}-
hoop://www.escorcher.com/program3/download1.exe TrojanDownloader.Win32.Small.rh
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.75/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0}-(DialerCon Class)
hoop://www.andlotsmore.com/plug/install.cab TrojanDownloader.Win32.Small.qy
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420}-
hoop://client.jogo.cn/cdnClient/cab/cdn.cab not-a-virus:AdvWare.CdnAssist.a
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5}-
hoop://www.fastmp3.nl/test/nl.exe not-a-virus:PornWare.Dialer.Generic
O16 - DPF: {9C5B2F29-1F46-4639-A6B4-828942301D3E}-(HTML Class)
hoop://www.123mania.com/SIPSPI32.cab not-a-virus:AdvWare.123Mania.c
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}-(brdg Class)
hoop://www2.flingstone.com/cab/2000XP/bridge.cab TrojanSpy.Win32.Briss.b
hoop://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab TrojanSpy.Win32.Briss.g
hoop://www2.flingstone.com/cab/2000XP/ClickYesToContinue/bridge.cab TrojanSpy.Win32.Briss.g
hoop://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab TrojanSpy.Win32.Briss.h 和 TrojanSpy.Win32.Briss.e
hoop://www2.flingstone.com/cab/98ME/bridge.cab TrojanSpy.Win32.Briss.a 和 TrojanSpy.Win32.Briss.c
hoop://www2.flingstone.com/cab/2000XP/new/bridge.cab TrojanSpy.Win32.Briss.f
hoop://www2.flingstone.com/cab/2000XP/bridge-c1.cab TrojanSpy.Win32.Briss.d
hoop://www2.flingstone.com/cab/2000XP/bridge-c5.cab TrojanSpy.Win32.Briss.d
hoop://www2.flingstone.com/cab/2000XP/CDTInc/bridge-c1.cab TrojanSpy.Win32.Briss.g
hoop://www2.flingstone.com/cab/2000XP/CDTInc/bridge-c1.cab TrojanSpy.Win32.Briss.g
hoop://www2.flingstone.com/cab/2000XP/CDTInc/bridge-c17.cab TrojanSpy.Win32.Briss.g
hoop://static.flingstone.com/cab/98ME/CDTInc/bridge-c17.cab
TrojanSpy.Win32.Briss.h\TrojanSpy.Win32.Briss.e\TrojanSpy.Win32.Briss.k
O16 - DPF: {9D0A9D98-5221-430A-A02D-76F0827C82D1}-(ADialer Class)
hoop://www.dialer-shop.com/im6/celebrita.cab Trojan.Win32.Dialer.z
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B}-
hoop://freedownloads.screensavers4free.net/free/3006/freeinstall.exe TrojanDownloader.Win32.Vivia.a
(新版本包括TrojanDownloader.Win32.Vivia.a和TrojanDownloader.Win32.Vivia.l)
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}-
hoop://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
not-a-virus:AdWare.VirtualBouncer.e
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8}-
hoop://217.73.66.16/comload.dll TrojanDownloader.Win32.Axload.c
(新版为TrojanDownloader.Win32.Axload.e)
hoop://217.73.66.1/del/loader.cab TrojanDownloader.Win32.Small.aa
(新版为TrojanDownloader.Win32.Small.on)
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF}-(MediaTicketsInstaller Control)
hoop://www.mt-download.com/MediaTicketsInstaller.cab not-a-virus:AdvWare.MediaTickets.c
风之咏者 - 2005-5-2 22:30:00
开头数字为A
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A}-
hoop://akamai.downloadv3.com/binaries/DialHTML/EGCOMLIB_1035_pack_XP.cab
not-a-virus:PornWare.Dialer.InstantAccess
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3}-(NSLiteUpdateCtrl Class)
hoop://217.145.76.16/nslite/nslite.cab TrojanDownloader.Win32.Agent.p
O16 - DPF: {A0FEEBD0-29C4-DD14-0F5F-B1EEEB6BCF52}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/016/gsqimkqo.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794}-
hoop://www.jraun.com/activex/src/KeyActivex.ocx TrojanDownloader.Win32.samll.fi
hoop://www.jraun.com/activex/src/KeyActivexTest.ocx TrojanDownloader.Win32.Small.gz
O16 - DPF: {A1ADB2CA-DCD7-4602-507F-44DFF2C2CBAA}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/338/bcmiivbj.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {A1DC3241-B122-195F-B21A-00}-
hoop://www.serialsite.com/serial.exe TrojanDownloader.Win32.Small.bp
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000}-
hoop://dload.ipbill.com/del/240315.cab TrojanDownloader.Win32.small.gc
hoop://www.xxx-porns.com/download/xxxporn.cab not-a-virus:PornWare.Dialer.AdultBrowser
hoop://www.ultradownloads.com/games.exe TrojanDownloader.Win32.Swizzor.c
hoop://mp3-downloads.net/newnapster.exe TrojanDownloader.Win32.Small.bp
O16 - DPF: {A3852FBD-AC5C-88C0-3AEC-B8B0AD7EE3A9}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/348/rpuxgbdz.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464}-
hoop://php.offshoreclicks.com/dialup_files/99950202.cab not-a-virus:PornWare.Dialer.Generic
hoop://php.offshoreclicks.com/dialup_files/99950811.cab not-a-virus:PornWare.Dialer.Generic
hoop://www.accessplugin.com/diallerfiles/015692.exe not-a-virus:PornWare.Dialer.BTV
O16 - DPF: {A4A435CF-3583-11D4-91BD-0048546A1450}-
hoop://www.nocreditcard.com/ncc/hoopload.cab not-a-virus:PornWare.Downloader.NoCredit
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748}-
hoop://exe.dialer.tintel.nl/tcw.cab not-a-virus:PornWare.Dialer.TintDial
O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EA00}-
hoop://www.wenera.of.pl/hardcore/hardcore.exe not-a-virus:PornWare.Dialer.Plsex
O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE}-
hoop://www.liveshow.pl/liveshow.exe not-a-virus:PornWare.Dialer.Plsex
hoop://grom.free.s-ex.pl/sex.exe not-a-virus:PornWare.Dialer.Plsex
O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607}-(download Class)
hoop://www.gigex.com/ActiveX/vxpspeeddelivery.dll not-a-virus:AdWare.SpeedDelivery.a
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E}-
hoop://www.riversoftware.net/x0ff.cab not-a-virus:AdvWare.RideMark.a
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834}-
hoop://www.xpehbam.biz/5/load.exe TrojanDownloader.Win32.Delf.ch
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}-(loader Class)
hoop://dload.ipbill.com/del/loader.cab TrojanDownloader.Win32.Small.aa
hoop://217.73.66.1/del/d_a_loader.cab TrojanDownloader.Win32.Small.bw
hoop://66.230.143.209/loader/dploader.cab TrojanDownloader.Win32.Small.dg
O16 - DPF: {AE6CEFA8-1223-4337-8D94-977268FF9AA0}-(DownloadUL Class)
hoop://www2.skoobidoo.com/softwares//Download_2.cab Trojan.Win32.TalkStocks.b
hoop://www2.skoobidoo.com/softwares//Download_UL.cab Trojan.Win32.TalkStocks.b
风之咏者 - 2005-5-2 22:31:00
开头数字为B
O16 - DPF: {B0623CBA-AD18-6EC6-595F-AC1172D25ACD}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/336/tpkeyhqb.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}-(Cltbuilder Class)
hoop://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab TrojanDownloader.Win32.Wintrim.bj
O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972}-
hoop://link.exxxit.com/pce3/download/Uncensored_Sex.exe not-a-virus:AdvWare.GoHip
O16 - DPF: {B5638081-D53F-481E-85A9-E5DFD5BC8F5D}-
hoop://media.euniverse.com/cursorzone/files/flowgo_freddy_setup_td035.cab
TrojanDownloader.Win32.Keenval.c
O16 - DPF: {B67E0278-CD82-4CCA-AD9D-C1FBF538774A}-(XPink.XPinkCtl)
hoop://cc.st82.arena.ne.jp/secret/XPink.CAB not-a-virus:PornWare.Dialer.Cutygirls.e
hoop://av.st44.arena.ne.jp/XPink.CAB not-a-virus:PornWare.Dialer.Cutygirls.e
O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF}-(HTMLDialer Class)
hoop://usa-download.nocreditcard.com/download/Object/DialerHTML/EGHTMLDialer.cab
not-a-virus:PornWare.Tool.EghtmlDialer
hoop://usa-download.nocreditcard.com/download/Object/DialerHTML/EGHTMLDialerXP.cab
TrojanDownloader.Win32.Wintrim.n
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637}-
hoop://www.isurfplus.com/sure.cab not-a-virus:AdvWare.Toolbar.Surebar
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7}-(HoopDownloader Control)
hoop://www.instantplugin.com/SexDownloader.cab not-a-virus:PornWare.Downloader.HoopDown
O16 - DPF: {BB0578ED-E672-4697-9663-EC5A0460B949}-(SomaticCAB.Setup)
hoop://downloads.searchcentrix.com/install/weblz.CAB not-a-virus:AdvWare.SaveNow.f
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B}-(VacPro.UserControl1)
hoop://www.7adpower.com/dialer/EMSAT.CAB not-a-virus:PornWare.Dialer.Creazione.a
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE}-
hoop://www.sexfiles.nu/newdial/cab15.cab TrojanDownloader.Win32.VB.cp
hoop://www.sexfiles.nu/newdial/Info_sex4_nh.cab Trojan.Win32.Dialer.t
另外,本项下类似file://C:\Info_sex4.cab的项目是在利用漏洞运行程序。
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAF}-
hoop://www.talkingbuddy.com/talkingbuddyinstall.exe not-a-virus:AdWare.ToolBar.AmBar.2159
hoop://images.bonzi.com/freebuddy/wd/bbsetupkaa.exe not-a-virus:AdWare.VirtualBouncer.e
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515}-
hoop://traffichog.com/toolbar/bmeb.cab not-a-virus:AdvWare.EZula.k
hoop://ads.adultcash.com/toolbar/bmeb.cab not-a-virus:AdvWare.EZula.k
O16 - DPF: {BEC65CAF-8156-CFAD-DD7E-AD4D1E173FBB}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/005/ocgvprml.cab Trojan.Win32.TalkStocks.a
风之咏者 - 2005-5-2 22:31:00
开头数字为C
O16 - DPF: {C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}-
hoop://www.altnet.com/install/adm4.cab
not-a-virus:AdWare.Altnet.a 和 not-a-virus:AdWare.Altnet.b
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14}-(TIBSLoader Class)
hoop://directplugin.com/tl4000.dll TrojanDownloader.Win32.Tibser.a
hoop://www.movie-browser.com/tl4000.dll TrojanDownloader.Win32.Tibser.a
hoop://www.goinnow.com/tl4000.dll TrojanDownloader.Win32.Tibser.a
O16 - DPF: {C2D116ED-2466-4909-A75C-F8030A39A77D}-
hoop://media.euniverse.com/cursorzone/files/angel_setup_td035.cab
TrojanDownloader.Win32.Keenval\TrojanDownloader.Win32.Keenval.b\TrojanDownloader.Win32.Keenval.c
O16 - DPF: {C3D96A02-EEA7-4264-98D7-D882A7338DE5}-
hoop://imgfarm.com/images/nocache/community/x8NotifierInitialSetup1.0.0.4.cab TrojanDropper.Win32.FunWeb.b
O16 - DPF: {C3FDA8CE-9414-4E33-AC6B-4922922259A5}-
hoop://www.jambalala.com/movies2.exe Trojan.Win32.StartPage.z
hoop://www.mtreexxx.net/cpd/cab/?wmid=403370&args=1+302993+the+cab TrojanDownloader.Win32.Dyfuca.bm
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB}-
hoop://www.sado-x.com/acces/257/sado-x.exe not-a-virus:PornWare.Glodial
O16 - DPF: {C7ABF7AE-67A7-495C-88E1-3D1B295E25F7}-(VacPro.usa_cic)
hoop://www.advnt01.com/dialer/usa_cic.CAB TrojanClicker.Win32.Adpower.h
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98}-(CSS Web Installer Class)
hoop://61.156.7.37/cabs/cssweb.cab not-a-virus:AdvWare.CSSWeb.a
hoop://flash.vg.no/codvg/cabs/cssweb.cab not-a-virus:AdWare.CSSWeb.b
O16 - DPF: {C94158E1-6151-4442-ABE6-FD53D6534EFB}-
hoop://searchfind.info/bar/win32.cab not-a-virus:AdvWare.ToolBar.WinThirtyTwo.a
O16 - DPF: {CABF0009-90CF-467D-86A4-D54C5B7674EA}-
hoop://media.euniverse.com/cursorzone/files/mouse_setup_td035.cab TrojanDownloader.Win32.Keenval.c
O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C}-(MyWebOperator Class)
hoop://66.128.204.6/Loader.cab TrojanDownloader.Win32.Small.gm
hoop://198.143.27.21/dialer_loader/uk.cab TrojanDownloader.Win32.Small.ft
hoop://198.143.27.21/dialer_loader/uk.cab not-a-virus:PornWare.Dialer.WildFlicks
hoop://198.143.27.5/Loader.cab TrojanDownloader.Win32.Small.ft
O16 - DPF: {CC6DBC0C-BF63-CD9E-F2F2-CCB5FBCA83ED}-
hoop://public.searchbarcash.com/cab/334/ccfzchgb.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841}-(Dialer Class)
hoop://sessa.isprime.com:81/tel2net/CABEDialer.cab Trojan.Win32.Dialer.fe
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39}-(EGP2ECOM Class)
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1006_1034_pack_XP.cab
not-a-virus:PornWare.Dialer.InstantAccess
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1025
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack.cab Backdoor.Magicon.f
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1011_EN.cab Trojan.Win32.P2E.o
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1011_EN_XP.cab Trojan.Win32.P2E.x
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack.cab
not-a-virus:PornWare.Dialer.InstantAccess 和 Trojan.Win32.P2E.b
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack_XP.cab
not-a-virus:PornWare.Dialer.InstantAccess 和 Trojan.Win32.P2E.c
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack.cab
TrojanDownloader.Win32.Wintrim.y 和 Trojan.Win32.P2E.h
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1004a_pack_XP.cab
not-a-virus:PornWare.Dialer.InstantAccess 和 Trojan.Win32.P2E.r
O16 - DPF: {CFC31C26-538C-42C3-B5EA-8ACCF825711F}-
hoop://media.euniverse.com/cursorzone/files/Monkey_setup_td035.cab
TrojanDownloader.Win32.Keenval.c
moonforest - 2005-5-2 22:32:00
——精品!收藏了!不过市面上没有看见023方面的讲解,可能是因为是服务就忽略了。
风之咏者 - 2005-5-2 22:32:00
开头数字为D
O16 - DPF: {D1222EBB-F86E-4D6C-826A-B342A3D36D99}-(VacPro.austria_ver3)
hoop://www.advnt01.com/dialer/austria_ver3.CAB TrojanClicker.Win32.Adpower.i
O16 - DPF: {D14D6793-9B65-11D3-80B6-00500487BDBA}-(CSBHO Class)
hoop://files.cc.cometsystems.com/cc2/release/bin/plat-4-3-333-ccct.cab not-a-virus:AdvWare.Comet
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101}-(plug Class)
hoop://gxb.nastydollars.com/gxplugin/gxbplug.dll not-a-virus:AdWare.GXB.a
hoop://www.gxplugin.com/loader/dll/gxbplug.dll not-a-virus:AdWare.GXB.a
O16 - DPF: {D35A69A7-7A34-4C67-814A-3F508C0BF371}-(Inst Class)
hoop://toolbar.i-lookup.com/ineb.cab not-a-virus:AdvWare.EZula.b
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7}-
hoop://alley.ten.com/sexconnection/gid/dialer_activex.cab not-a-virus:PornWare.Dialer.Generic
hoop://vad.mainentrypoint.com/dialer/bin/CE11155/dialer_activex.cab not-a-virus:PornWare.Dialer.Generic
hoop://preview.erosconnect.com/dialer/goin/1/dialer_activex.cab not-a-virus:PornWare.Dialer.GoInDirect
O16 - DPF: {D61570B1-61E1-6851-CBF7-B7915CBDFA4E}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/002/zqonalph.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000}-(BHO.clsInetSpeak)
hoop://www.sexxx-direct.com/BHO.CAB Trojan.Win32.Toras.b
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482}-(Loader Class)
hoop://www.orbitexplorer.com/OELoader.cab not-a-virus:AdvWare.Toolbar.OWS
O16 - DPF: {D879A0F1-2B3B-4409-8879-FAD6E49E1EA9}-
hoop://www.123mania.com/softhtml.cab not-a-virus:AdvWare.123Mania.b
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}-(NSUpdateLiteCtrl Class)
hoop://204.177.92.201/quickdl/proclaim/NSupd9x.cab TrojanDownloader.Win32.Dyfuca.bb
hoop://204.177.92.201/quickdl/action/NSupd9x.cab TrojanDownloader.Win32.Dyfuca.bb
hoop://204.177.92.201/quickdl/proclaim2/NSupd9x.cab TrojanDownloader.Win32.Dyfuca.bb
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF}-
hoop://205.177.28.163/access/download/1018835.exe Trojan.Win32.Dialer.q
hoop://63.217.31.84/access/download/1014672.exe Trojan.Win32.Dialer.q
hoop://deposito.hostance.net/dialer/1014041.exe Trojan.Win32.Dialer.br
hoop://www.desktoplife.net/1014061.exe Trojan.Win32.Dialer.bn
hoop://deposito.hostance.net/dialer/1025972.exe Trojan.Win32.Diamin.gen
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F}-
hoop://203.199.200.61/ads/shareit/da/cab/SysUpd.CAB TrojanDownloader.Win32.Small.kt
hoop://203.199.200.61/ads/shareit/da/trans/SysUpd.CAB TrojanDownloader.Win32.Small.kt
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726}-
hoop://www.aimphuck.com/Imbum_bw.cab not-a-virus:AdvWare.Look2Me.g
hoop://www.bundleware.com/activeX/DS3/DS3.cab TrojanDownloader.Win32.Lookme.a
hoop://www.zestyfind.com/app/DS4/DS4.cab TrojanDownloader.Win32.Lookme.a
hoop://www.bundleware.com/activeX/BM2/BM2.cab TrojanDownloader.Win32.Lookme.a
hoop://www.zestyfind.com/app/AX/AX.cab TrojanDownloader.Win32.Lookme.b
O16 - DPF: {DFABA77C-F8BB-4AB9-BED7-7D48AE103E24}-
hoop://www.myfreeicons.com/cabs/bs4-htgy.cab not-a-virus:AdvWare.BookedSpace.d
风之咏者 - 2005-5-2 22:34:00
开头数字为E
O16 - DPF: {E04A205E-577F-406C-BE79-64270E74DECE}-
hoop://www.cursorzone.com/cursors/Frog_setup_td035.cab not-a-virus:AdvWare.IGetNet
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}-(GpcContainer Class)
hoops://trintech.webex.com/client/latest/webex/ieatgpc.cab not-a-virus:AdvWare.WebEx
hoops://microsoft.china-webex.com/client/leverest/training/ieatgpc.cab not-a-virus:AdvWare.WebEx
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF}-(StarInstall Control)
hoop://install.serviceurl.de/StarInstall.ocx not-a-virus:PornWare.Dialer.Star
hoop://www.stardialer.de/install/StarInstall.ocx not-a-virus:PornWare.Dialer.Star
hoop://install.download-url.de/StarInstall.ocx not-a-virus:PornWare.Dialer.Star
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4}-(IObjSafety.DemoCtl)
hoop://cabs.roings.com/cabs/roing.cab TrojanDownloader.Win32.VB.bo
hoop://cabs.roings.com/cabs/mp3.cab TrojanDownloader.Win32.VB.db
hoop://cabs.roings.com/cabs/mmed.cab TrojanDownloader.Win32.VB.db
hoop://cabs.media-motor.net/cabs/mmed.cab TrojanDownloader.Win32.VB.ez
O16 - DPF: {E154BEBA-3CC0-2DB8-DBC7-06BB55D82A6B}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/033/eizclghe.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {E28E4DF0-2BCA-4904-BCF9-A983E3A80A64}-(DialerX Control)
hoop://net.iii.tv/a001/DialerX.cab not-a-virus:RiskWare.Dialer.Telemedia.a
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18}-
hoop://www.whenusearch.com/WUInstSEWC.cab not-a-virus:AdvWare.SaveNow.r
hoop://www.whenusearch.com/WUInstCSSF.cab not-a-virus:AdvWare.SaveNow.r
(新版为not-a-virus:AdvWare.SaveNow.ab)
hoop://www.whenusearch.com/WUInstSECS.cab not-a-virus:AdvWare.SaveNow.ab
hoop://spweb.whenu.com/WUInstSYNC.cab not-a-virus:AdvWare.SaveNow.r
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7}-(EGStripDownload Class)
hoop://usa-download.strip-player.com/download/stripplayer/bin/activestripsetup.cab
Trojan-Downloader.Win32.Wintrim.ck
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2}-
hoop://www.zuvio.com/UCSearch.CAB TrojanDownloader.Win32.VB.dc
O16 - DPF: {E87EA803-2DBB-DE1A-511B-E2A48A8B86A0}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/023/phpwgjpp.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7}-(MoneyTree Dialer)
hoop://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB TrojanDownloader.Win32.Dyfuca.t
hoop://xbs.sea.mtree.com/mt/dialers/fc/UniDistIO.CAB TrojanDownloader.Win32.Dyfuca.u
hoop://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB TrojanDownloader.Win32.Dyfuca.aa
hoop://xbs.mtree.com/mt/dialers/fc/UniDist.CAB TrojanDownloader.Win32.Dyfuca.bm
hoop://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB TrojanDownloader.Win32.Dyfuca.bm
hoop://xbscc1.mtree.com/mt/dialers/fc/UniDist.CAB TrojanDownloader.Win32.Dyfuca.bm
hoop://xbs.climaxbucks.com/mt/dialers/fc/UniDist.CAB TrojanDownloader.Win32.Dyfuca.as
O16 - DPF: {E9041F85-3C18-4A7E-A29D-E24F84B79BF1}-
hoop://64.7.220.98/downloads/UGO20.exe TrojanDownloader.Win32.Small.fe
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC}-
hoop://download.fordaleltd.com/install/setup.cab TrojanDownloader.Win32.Agent.t
hoop://download.mediacharger.com/movienetworks.cab TrojanDownloader.Win32.Agent.r
hoop://download.mediacharger.com/swimsuitnetwork.cab TrojanDownloader.Win32.Agent.r
O16 - DPF: {EBAF2F10-CED4-5EA8-83CE-7BAE4FAECDC8}-
hoop://public.searchbarcash.com/cab/354/jkagdquv.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {ED3ADB6E-5AA9-41B0-9DDC-6F31A34552BE}-
hoop://www.fsc2k.com/install.exe not-a-virus:RiskWare.Downloader.ScratchCards
hoop://www.free-scratch-cards.com/install.exe not-a-virus:RiskWare.Downloader.ScratchCards
O16 - DPF: {EE776ADF-4F69-95A6-A5D0-ED1AA4F71BC1}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/020/skhjpndm.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}-
hoop://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab TrojanDownloader.Win32.Wintrim.bb
hoop://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab TrojanDownloader.Win32.Wintrim.bb
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001}-(iiittt Class)
hoop://toolbar2.globalwebsearch.com/winenc32.cab TrojanSpy.Win32.Globar.c
新样本有Trojan-Spy.Win32.Globar.d、not-a-virus:AdWare.ToolBar.Ilookup.b等。
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B}-(Installer Class)
hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab TrojanDownloader.Win32.IstBar.dw
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762}-(SysWebTelecomInt Class) - hoop://www.sponsoradulto.com/en/SysWebTelecom.cab not-a-virus:AdvWare.ToolBar.SysWebTelecom
(同一样本,病毒库调整后报告Trojan.Win32.Dialer.fu)
风之咏者 - 2005-5-2 22:35:00
开头数字为F
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}-(IMDownloader Class)
hoop://www2.incredimail.com/contents/setup/downloader/imloader.cab not-a-virus:RiskWare.Downloader.ImLoader.b
O16 - DPF: {F08555B0-9CC3-11D2-AA8E-000000000000}-
hoop://www.pornmail.com/cglbar.cab not-a-virus:AdvWare.Toolbar.LiveCam
O16 - DPF: {F08555B1-9CC3-11D2-AA8E-000000000000}-
hoop://www.freshgirls.com/download/freshgirls.cab not-a-virus:PornWare.Downloader.FreshGirls
O16 - DPF: {F0AA2376-F073-4E57-86E8-0238F99087C7}-(AInst Class)
hoop://216.129.173.30/xxxnaughty/activeinstaller.dll TrojanDownloader.Win32.IstBar.ar
hoop://cnt.rapidblaster.com/install/activeinstaller.dll TrojanDownloader.Win32.IstBar.ar
O16 - DPF: {F1A51F21-59DF-4486-BA31-5B816DA481EB}-
hoop://www.fastseeker.com/toolbar/download/FastSeekerSetup2.cab not-a-virus:AdvWare.ToolBar.FastSeeker
O16 - DPF: {F20AE630-6DE2-43CA-A988-7CD40C36EF0B}-
hoop://download.quicklaunch.com/quicklaunch154.cab
not-a-virus:AdvWare.Toolbar.Cash 和 TrojanDownloader.Win32.Braidupdate.b
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C}- (ddm_download.ddm_control)
hoop://download.rfwnad.com/cab/crack.CAB TrojanDownloader.Win32.Dia.a
hoop://download.rfwnad.com/cab/dlaccell.CAB TrojanDownloader.Win32.Dia.a
hoop://216.65.38.226/crack.CAB TrojanDownloader.Win32.Dia.a
hoop://download.rfwnad.com/cab/ieplugin.CAB TrojanDownloader.Win32.Dia.a
hoop://download.rfwnad.com/cab/dlexe.CAB TrojanDownloader.Win32.Dia.a
hoop://download.rfwnad.com/cab/download.CAB TrojanDownloader.Win32.Dia.a
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7}-
hoop://66.230.146.53/EPlugin.cab not-a-virus:PornWare.Dialer.SexGate
hoop://66.230.146.53/EPlugin_NL.cab not-a-virus:PornWare.Dialer.SexGate
hoop://66.230.146.53/EPlugin_AT.cab not-a-virus:PornWare.Dialer.SexGate
hoop://66.230.146.53/EPlugin_0_DE2.cab TrojanClicker.Win32.XLite.a
hoop://66.230.146.53/EPlugin_0_OTH.cab TrojanClicker.Win32.XLite.a
hoop://66.230.146.53/EPlugin_0_GB.cab TrojanClicker.Win32.XLite.a
hoop://66.230.146.53/EPlugin_GB.cab TrojanClicker.Win32.XLite.a
O16 - DPF: {F6F8B94A-A2D8-EA2E-B262-27D241F5CDDA}-
hoop://public.searchbarcash.com/cab/360/wfqmejja.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249}-
hoop://public.searchbarcash.com/cab/351/atrwzpca.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {FB2131ED-4534-45FB-B765-4800EFE34D4C}-
hoop://www.cursorzone.com/cursors/inlove_setup_td035.cab not-a-virus:AdvWare.IGetNet
O16 - DPF: {FB408C5D-959A-E39A-306B-FADCC43FA011}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/021/lpggwedb.cab Trojan.Win32.TalkStocks.a
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3}-
hoop://www.clock-sync.com/ClockSyncAutoSYNC9999.cab not-a-virus:AdvWare.SaveNow.m
hoop://www.getweathercast.com/WeatherAutoCAST0010.cab not-a-virus:AdvWare.SaveNow.ab
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C}-
hoop://www.2020search.com/9891/toolbar/2020Search.cab not-a-virus:AdvWare.ToolBar.2020Search.a
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64}-(MultiDist)
hoop://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB TrojanDownloader.dyfuca.x
hoop://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB TrojanDownloader.dyfuca.o
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1}-
hoop://64.158.165.147/060570/de/fullgames/fullgames.exe not-a-virus:RiskWare.Dialer.PlayGames
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0}-
hoop://toolbar2.i-lookup.com/toolbar2/windec32.cab not-a-virus:AdvWare.EZula.b
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3}-(WMService Class)
hoop://download.overpro.com/WildApp.cab not-a-virus:AdvWare.WinFetcher.d
(新版为not-a-virus:AdvWare.MetaDirect.b、not-a-virus:AdvWare.MetaDirect.c)
O16 - DPF: {FFA6CE4C-2199-4A4F-9542-12E0163D6841}-
hoop://sessa.isprime.com:8080/tel2net/CABDialer.cab TrojanDownloader.Win32.Small.qz
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC}-
hoop://direct.data-line.us/gba10.exe not-a-virus:PornWare.Dialer.Juicy
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD}-
hoop://direct.data-line.us/gba10.exe not-a-virus:PornWare.Dialer.Juicy
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB}-
hoop://stat.trafficadvance.net/dialer/304348.exe trojan.win32.dialer.q
hoop://stat.trafficadvance.net/dialer/303470.exe trojan.win32.dialer.q
hoop://deposito.hostance.net/dialer/610569.exe Trojan.Win32.Dialer.q
hoop://www.sessounico.com/dialer/sex.exe Trojan.Win32.Dialer.e
hoop://63.217.31.12/dial/FreeVideoDownload.exe Trojan.Win32.Dialer.e
hoop://www.wowvirgins.com/xxx/ypp108bes1m_adult.exe Trojan.Win32.Dialer.e
hoop://66.230.145.48/pornuk.exe Trojan.Win32.Dialer.e
O16 - DPF: {FFFF0018-0001-101A-A3C9-08002B2F49FB}-
hoop://www.aste-giudiziarie-online.com/astem.exe Trojan.Win32.Dialer.e
建能 - 2005-5-2 22:36:00
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll请问楼主我电脑的这一项是什么东东?谢谢!1
风之咏者 - 2005-5-2 22:36:00
附录:
忘记class ID(不好意思)
plat-4-3-334-smiley.cab not-a-virus:AdvWare.ToolBar.Comet.a
installer-SB.cab not-a-virus:AdWare.SaveNow.bj
此处为本文末尾。
建能 - 2005-5-2 22:41:00
楼主请解答好吗!谢谢!!
moonforest - 2005-5-2 22:42:00
收集这么多东西听不容易的,每次在http://www.sysinfo.org/找就很麻烦,而且国内的很多id都没有。
endurer - 2005-5-3 14:14:00
谢谢风之咏者朋友
本贴链接已加入
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
魔法学徒 - 2005-5-3 17:02:00
非常感谢咏者的资料!
受他的委托,为维护该列表的干净,锁贴了。
有问题的朋友请另开一贴。
1
© 2000 - 2024 Rising Corp. Ltd.