HijackThis参考文献——恶意O16项目列表【原创】 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 菜鸟学堂 HijackThis参考文献——恶意O16项目列表【原创】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

HijackThis参考文献——恶意O16项目列表【原创】

本主题由在线技术支持工程师瑞星工程师20 于 2012-2-28 15:57:41 执行移动主题操作

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:20 \| 显示全部短消息资料字号：小中大 1楼 HijackThis参考文献——恶意O16项目列表【原创】希望本列表能够被不断维护、更新、补充，成为解读HijackThis扫描结果的一份有价值的参考文献。本文的写作目的是为大家分析HijackThis扫描结果提供一个恶意O16项列表。网上已有O2、O3、O4项目的列表，但如本文这样的O16列表在下却没有找到。这里我定义的恶意O16项指的是明确被杀毒软件认定为木马、木马释放器、木马下载器、广告/间谍软件、后门程序、恶意拨号小程序、危险工具的那些程序（真正的病毒似乎尚未在O16项目中看到）。当然，还有许多（比本文提到的那些多得多）安装上之后可能造成浏览器运行缓慢、系统不稳定的属于O16项的程序，但尚未被杀毒软件确认为恶意程序（有些反广告/间谍软件可能会报告这些项目）。这些程序在本文中并未收录，这是有意的，我想，那些应该属于“推荐删除的O16项目”，而不是本文针对的“恶意O16项”。本人检测文中提到的各恶意O16项时使用的杀毒软件是kaspersky（卡巴斯基）4.5版，选择这款杀毒软件的主要原因是： 1 这些O16项绝大部分来自国外，国产杀毒软件在检测它们时不占优势，所以选择一款国外杀毒软件更合适些。 2 卡巴斯基的病毒库比较大。 3 卡巴斯基的扩展库分类清晰，很好地覆盖了本文提到的“恶意O16项”。我也试用了另外几款国外的杀毒软件，最终还是选定卡巴斯基作主要的“法官”来裁定“恶意O16项”。这一选择在相当程度上仅仅是本人的使用偏好。卡巴斯基当然不是万能的，但我已努力将遗漏的风险降到最低。我可给卡巴斯基实验室处理新样本的工程师添了不少麻烦，有一次我一晚上发过去大量样本，最终Eugene先生回复我：“下次升级后自己看吧（see the stuff in next updates）。” 本文主要内容的格式如下 O16 - DPF: {class ID}-(名称) 例一卡巴斯基检测结果例二卡巴斯基检测结果 …… 其中，(名称)一项不是一定会有的，下面的例子也仅仅是其中的一部分。检测结果中，Trojan、TrojanClicker指木马，TrojanDropper指木马释放器，TrojanDownloader指木马下载器，Backdoor为后门程序。所有标明“not-a-virus”的都未被卡巴斯基收录到标准病毒库中，它们是卡巴斯基的扩展库查出来的，其类别包括广告程序（AdvWare）、恶意拨号程序（Dialer）、可能被用来做坏事的危险工具（RiskWare）等。在解读HijackThis扫描结果的O16项时，如果您愿意参考本文，请以class ID (即CLSID，大括号里那串数字)为准（文中有特别说明的几个除外）。本文中 class ID 后面列出的那些链接仅仅是部分例子，如果您发现您面前的某份HijackThis扫描结果中出现了本文中某个class ID，而后面的链接未在本文中提供的那些例子中出现，您可以—— 1 用杀毒软件检验相应文件，查不出的可以上报 2 自己简单分析一下，如果链接中的网站名称与现有的例子相同或相似、最终指向的文件的名称与现有的例子相同或相似，那么是恶意项的可能相当大。如果文件名或者链接中带有“sex”、“adult”、“dialer”、“casino”、“free_plugin”字样，一般应该修复。如果是cab文件的话，甚至可以下载下来打开看看，如果其内容与例子中提到的某个cab包中的内容差不多，则高度可疑。 3 如果您能将情况顺便通知本版版主，那么十分感谢！让大家共同维护此列表吧！还要说明一下，为写作本文，本人浏览了大量的HijackThis扫描结果，本文里所列举的所有例子本人均下载到样本进行了检验。有很多十分可疑的项目，由于相应的下载链接已失效，最终全部被排除在本文之外。我当时可以下载，不代表那些例子中的链接在您阅读本文时依然有效（这一点本人深有体会）。如果您使用卡巴斯基检查某样本，没能得到本文中例子里相应的杀毒结果—— 1 卡巴斯基现在不报告：可能该恶意程序“回心向善”了（可能不大），但更可能该样本换了新版（我常遇到），别犹豫，赶紧上报。还有一种可能就是卡巴斯基调整病毒库后的确不再报告它了。 2 卡巴斯基现在报告，但版本号码不同：该样本换了新版。 3 卡巴斯基现在报告它为另一种恶意程序：可能该样本换了新版，也可能卡巴斯基调整了病毒库，比如原先报告为木马或木马下载器，后来被改划为广告程序或危险工具，这个也有过。如果卡巴斯基查出的某样本您中意的某杀毒软件不报告—— 赶紧上报呀！国产3大杀软都承诺首报有奖。但我运气不好，常常上报人家“已有”的样本，现在我把上报的机会留给运气好的朋友啦！不过，对本列表中的“not-a-virus”（非病毒）类样本，大多数国产杀毒软件是不报告的，这是病毒定义的不同，我们在这里不讨论这个。如果一个样本卡巴斯基报“not-a-virus”，而其它杀毒软件报告为木马或别的什么，那也是常事。这还是不同公司对病毒的分类标准不同造成的。注： 1 HijackThis扫描结果的O16项 - 下载的程序文件，就是Downloaded Program Files目录下的那些ActiveX对象。这些ActiveX对象来自网络，存放在Downloaded Program Files目录下，其CLSID记录在注册表中。 2 使用HijackThis修复某个O16项后，请建议该用户手动检查“Downloaded Program Files”目录下的相应文件是否被删除。虽然HijackThis修复某个O16项时会试图删除相应文件，但由于各种原因，有时可能无法真正删除。 3 本文没有提到3721的O16项（虽然卡巴斯基视它作广告程序），愿意装的朋友自有其道理，想卸载或免疫则可以求助于专门工具，反正只清除其O16项并不能彻底清除它。 4 为安全意见，所有例子中的http都被改为hoop。 2005-05-03 17:02:14
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	分享到：

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:22 \| 显示全部短消息资料字号：小中大 2楼 HijackThis恶意O16项目列表正文（以class ID为序）无class ID O16 - DPF: v2cab - hoop://install.searchmiracle.com/cab/v2cab.cab not-a-virus:AdvWare.ToolBar.EliteBar.l O16 - DPF: v3cab - hoop://searchmiracle.com/cab/v2cab.cab TrojanDownloader.Win32.Small.xo O16 - DPF: IEToolbarCab - hoop://www.dailytoolbar.com/DailyToolbarAff.CAB Trojan.Win32.StartPage.ny
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:22 \| 显示全部短消息资料字号：小中大 3楼开头数字为0 O16 - DPF: {00000000-0000-0000-0000-000020030000}- hoop://www.7adpower.com/dialer/newz.exe not-a-virus:RiskWare.Dialer.Vact.a hoop://www.accessoveloce.com/webline/x/wgodscp1x.exe trojan.win32.dialer.a hoop://xxxtrayicon.com/xtrayinst.exe Trojan.Win32.VB.jl hoop://www.accessoveloce.com/mar/x/igmp4f.exe not-a-virus:PornWare.Dialer.Libero hoop://www.cartoni-porno.com/CartoniPorno.exe Trojan.Win32.Dialer.a hoop://www.accessoveloce.com/webline/x/brigida1x.exe Trojan.Win32.Dialer.a O16 - DPF: {00000000-0000-0000-0000-000020040000}- hoop://207.234.185.217/ABoxInst_int5.exe Trojan-Downloader.Win32.VB.ft O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC}- hoop://install.global-netcom.de/ieloader.cab TrojanDownloader.Win32.Ladder O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC}-(IELoaderCtl Class) hoop://freeload.cc/secure/ieloader.cab TrojanDownloader.Win32.Ladder O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA}- hoop://test.outwar.com/np/Otw0i.cab TrojanDropper.Win32.Bunch (F1 Organizer Class) - hoop://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab TrojanDownloader.Win32.Rameh.c hoop://www.addictivetechnologies.net/DM0/cab/aess11.cab TrojanDownloader.Win32.Rameh.c hoop://www.addictivetechnologies.net/DM0/cab/AESS2.cab TrojanDownloader.Win32.Rameh.c hoop://www.originalicons.com/members/arrtv.cab TrojanDownloader.Win32.Rameh.c O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040}-(VacPro.olanda_ver3) hoop://www.advnt01.com/dialer/olanda_ver3.CAB TrojanClicker.Win32.Adpower.a O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D}-(Installer Class) hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab TrojanDownloader.Win32.IstBar.ci (新版为TrojanDownloader.Win32.IstBar.dw) hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab TrojanDownloader.Win32.IstBar.dc (新版为TrojanDownloader.Win32.IstBar.dw) hoop://www.negativebeats.com/mp3.plugin.exe TrojanDownloader.Win32.Swizzor.t hoop://www.lyricsdomain.com/download.mp3.exe TrojanDownloader.Win32.Swizzor.t hoop://www.mp3.mbytes.net/free/MP3_Plugin.exe TrojanDownloader.Win32.Small.bp O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8}-(SBITAX7Ctrl Class) hoop://ultimateplugin.com/tl7000.dll TrojanProxy.Win32.Sobit hoop://ultimateplugin.com/tl7000_cert1.dll TrojanProxy.Win32.Sobit hoop://download.tibsystems.com/tl7000.dll TrojanProxy.Win32.Sobit.c hoop://directplugin.com/tl7000.dll TrojanProxy.Win32.Sobit.c hoop://www.movie-browser.com/tl7000.dll TrojanProxy.Win32.Sobit.c O16 - DPF: {01A477AC-21E7-49F7-BCB6-A42663187299}-(XEng004.XEng004Ctl) hoop://iii.tv/pink/004/XEng004.CAB not-a-virus:PornWare.Dialer.Cutygirls.a [形如XEng0??.CAB（?代表一个数字）的文件，包括 hoop://iii.tv/pink/001/XEng001.CAB …… hoop://iii.tv/pink/038/XEng038.CAB 或 hoop://cutygirls.net/pink/001/XEng001.CAB …… hoop://cutygirls.net/pink/038/XEng038.CAB 均为not-a-virus:PornWare.Dialer.Cutygirls类的恶意拨号器。其class ID (CLSID)各不相同，在此就不一一列出了。] O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90}-(Loader Class) hoop://connect.online-dialer.com/MaConnect.cab TrojanDownloader.Win32.IstBar.s hoop://63.217.29.115/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer (Moniker32 Class) – hoop://63.219.181.7/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer (Moniker32 Class) – hoop://63.217.29.115/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer (Moniker32 Class) – hoop://connect.online-dialer.com/cax.cab not-a-virus:PornWare.Dialer.OnlineDialer O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} hoop://64.62.232.4/gamesplayground/060548/uk/fullgames/fullgames.exe TrojanDownloader.Win32.PlayGames.a hoop://64.156.31.70/058776uk.exe not-a-virus:PornWare.Dialer.Playground.b hoop://64.156.31.70/058565uk.exe not-a-virus:PornWare.Dialer.Playground.b hoop://access.gamezdump.com/output/060560/uk/fullgames/fullgames.exe not-a-virus:PornWare.Dialer.Playground.c hoop://access.gamesplayground.com/output/011259/uk/fullgames/fullgames.exe not-a-virus:PornWare.Dialer.Playground.c hoop://64.156.31.99/060219/se/fullgames/fullgames.exe not-a-virus:PornWare.Dialer.Generic O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D}-(preload control) hoop://www.thepaymentcentre.com/build/preload.cab TrojanDownloader.Win32.Dyfuca.w hoop://www.thepaymentcentre3.com/build/preload.cab TrojanDownloader.Win32.Dyfuca.w O16 - DPF: {03D2A95A-0AA6-1EF5-6370-092512235D29}- hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A}-(Marcador Class) hoop://acceso.masminutos.com/software.cab not-a-virus:PornWare.Dialer.Lanzar O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E}-(VacPro.win98_P) hoop://www9.advnt01.com/dialer/win98_P.CAB not-a-virus:Porn-Dialer.Win32.Creazione.i O16 - DPF: {04E67FD9-0D85-463B-06D9-0CB62CDB2C67}- hoop://69.50.188.54/1/gdnAU208.exe Trojan.Win32.Dialer.ay O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8}-(EGEGAUTH Class) hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab Trojan.Win32.P2E.g hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_FR_XP.cab Trojan.Win32.P2E.g O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78}-(preload control) hoop://www.thepaymentcentre.com/build/preload2.cab TrojanDownloader.Win32.Dyfuca.aw O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE}-(iiittt Class) hoop://www.begin2search.com/toolbar/winb2s32.cab not-a-virus:AdWare.Beginto.a O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F}-(AsyncDownloader Class) hoop://survey.otxresearch.com/Preloader.dll not-a-virus:RiskWare.Downloader.OTXloader O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D}- hoop://www.searchwww.com/search.cab TrojanClicker.VBS.Krepper O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602}-(vviewer control) hoop://www.thepaymentcentre.com/build/vviewer.cab TrojanDownloader.Win32.Dyfuca.ch O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650}- hoop://corp.mail.com/bargainbuddy/emcam_bbi8015.cab not-a-virus:AdvWare.BargainBuddy.a O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}- hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab TrojanDownloader.Win32.Wintrim.ah hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab TrojanDownloader.Win32.Wintrim.ai hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab TrojanDownloader.Win32.Wintrim.ai hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab TrojanDownloader.Win32.Wintrim.ah O16 - DPF: {0D676488-AEB4-455D-9A8F-4E241092A0F0}- hoop://media.euniverse.com/cursorzone/files/Butterfly_ani_setup_td035.cab TrojanDownloader.Win32.Keenval.c O16 - DPF: {0DCBCE0D-74B5-CE5F-39ED-4C3EE4EF5B61}- hoop://public.searchbarcash.com/cab/019/hxpgzotx.cab Trojan.Win32.TalkStocks.a O16 - DPF: {0EDE9EAA-A2DB-79A9-38EB-BFBF5C5236DF}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/335/kdsaqcfv.cab Trojan.Win32.TalkStocks.a
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:24 \| 显示全部短消息资料字号：小中大 4楼开头数字为1 O16 - DPF: {10000000-1000-0000-1000-000000000000}- ms-its:mhtml:file://C:\foo.mht!hoop://www.free32.com/POP.CHM::/sp.exe TrojanDownloader.VBS.Psyme.q 和 Trojan.Win32.Spooner.f ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//bestporn/main.chm::/load.exe TrojanDownloader.Win32.Donn.r 和 TrojanProxy.Win32.Mitglieder.x ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//ruzan/main.chm::/load.exe TrojanDownloader.Win32.Donn.r mhtml:file://C:\ARCHIVE.MHT!hoop://195.225.176.3//mas2/server.exe Trojan.Win32.Scagent.d O16 - DPF: {10003000-1000-0000-1000-000000000000}- ms-its:mhtml:file://c:\nosuch.mht!hoop://195.225.177.8/count/chm/cool.chm::/cool.exe TrojanDownloader.Win32.Agent.av ms-its:mhtml:file://C:\foo.mht!hoop://81.211.105.37/30096/online.chm::/on-line.exe TrojanDownloader.Win32.Agent.k ms-its:mhtml:file://C:\foo.mht!hoop://195.225.177.13/11223/online.chm::/on-line.exe TrojanDropper.Win32.Small.hx ms-its:mhtml:file://C: oo.mht!hoop://sexxxxtv.com/module.chm::/in.exe Trojan-Downloader.JS.generic O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736}- hoop://hot.thebugs.ws/fav.exe Trojan.Win32.StartPage.fg O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E}- hoop://directplugin.com/dialers/109446.exe not-a-virus:PornWare.Downloader.Tibsystems O16 - DPF: {11010101-1001-1111-1000-110112345678}- ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.179.54/winsearchie32.chm::/winsearchie32.exe TrojanDropper.Win32.Small.ig ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.173.253/winsearchie32.chm::/winsearchie32.exe TrojanDropper.Win32.Small.ig ms-its:mhtml:file://c:\nosuch.mht!hoop://69.31.79.102/searchinfoxyz.chm::/searchinfoxyz.exe TrojanDownloader.Win32.Small.zd ms-its:mhtml:file://C:oo.mht!hoop://cellaphone.net/helps/079057/iehelp.chm::/win.exe Trojan-Downloader.Win32.Small.aag O16 - DPF: {11010101-1001-1111-1000-110164567732}- ms-its:mhtml:file://C:MAIN.MHT!hoop://www.008i.com//x//f//10213//inst.chm::/f10213.exe TrojanDownloader.Win32.WinShow.af O16 - DPF: {11111111-1111-1111-1111-11??????????}- mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f10213.exe TrojanDownloader.Win32.Petrolin.a mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f22776.exe TrojanDownloader.Win32.Small.ug [请注意，?在这里代表某个数字，该种木马下载器的CLSID后几位是变动的，指向的是以f开头后加5个数字作为文件名的exe文件。] O16 - DPF: {11111111-1111-1111-1111-111111111111}- mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?xdat=&url=hoop://66.117.38.54:80/dexDK534.exe mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE554.exe mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE535.exe mhtml:file://C:NXSFT.MHT!hoop://66.117.37.5:80/iex/ofile.exe?url=hoop://66.117.37.5:80/dexGB285.exe mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexUS585.exe 以上各exe文件均属于TrojanDownloader.Win32.Small家族 hoop://ams-download.nocreditcard.com/download/newdial-erp/1498/dialer.exe not-a-virus:PornWare.Dialer.TBS-Access hoop://ams-download.nocreditcard.com/download/newdial-erp/1676/dialer.exe not-a-virus:PornWare.Dialer.TBS-Access hoop://usa-download.nocreditcard.net/download/newdial-erp/1736/dialer.exe not-a-virus:PornWare.Dialer.TBS-Access hoop://207.246.124.105/cabs/ROOSTRS3002/TPS108.cab not-a-virus:AdvWare.BiSpy.d hoop://www.springboard.nl/plugin/hotpages3.exe not-a-virus:PornWare.Dialer.Generic hoop://seks.a4.pl/porno-filmy.exe not-a-virus:PornWare.Dialer.Plsex [遇到CLSID:11111111-1111-1111-1111-111111111111（也许末尾几位有变动）请大家多加注意，因为这些项目可能与IE一个漏洞相关。这个CLSID下，如下的几个都很可能是恶意的。 file://c:\info6.cab file://c:\windows\temp\demo.exe file://c:\windows\calc.exe] O16 - DPF: {11111111-1111-1111-1111-111111111112}- hoop://www.latenight.nl/launcher.exe TrojanDownloader.Win32.Small.et O16 - DPF: {11111111-1111-1111-1111-111111111123}- ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/148.chm::/file.exe TrojanDropper.Win32.Small.ig ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/123.chm::/file.exe TrojanDropper.Win32.Small.ig 新版本为 TrojanDropper.Win32.Small.lf ms-its:mhtml:file://D:est.mht!hoop://yanliangbbs.com/Skins/Default/_notes/test.chm::/test.exe TrojanDropper.Win32.Delf.ef its:mhtml:file://C:.mht!hoop://69.50.191.52/2484/b.chm::/b.exe Trojan.Win32.StartPage.hb O16 - DPF: {11111111-1111-1111-1111-111111111157}- ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/legal/x.chm::/load.exe TrojanDownloader.Win32.Harnig.w ms-its:mhtml:file://c:\nosuch.mht!hoop://petite-virgins.biz/dl/adv15/x.chm::/load.exe TrojanDownloader.Win32.Harnig.l ms-its:mhtml:file://c:\nosuch.mht!hoop://cashsearch.biz/legal/x.chm::/load.exe TrojanDownloader.Win32.Harnig.r ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/dl/adv94/x.chm::/load.exe TrojanDownloader.Win32.Harnig.y ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv74/x.chm::/load.exe TrojanDownloader.Win32.Harnig.y ms-its:mhtml:file://c:\nosuch.mht!hoop://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe TrojanDownloader.Win32.Donn.u ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv63/x.chm::/load.exe TrojanDownloader.Win32.Harnig.gen ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv65/x.chm::/load.exe TrojanDownloader.Win32.Harnig.al ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv156/x.chm::/load.exe TrojanDownloader.Win32.Small.yx O16 - DPF: {11111111-1111-1111-1111-111111111171}- ms-its:mhtml:file://c:\\nosuch.mht!hoop://line-plus.com/newhelp.chm::/newhelp.exe Trojan.Win32.StartPage.ij O16 - DPF: {11111111-1111-1111-1111-111111111237}- hoop://69.31.87.70/1/deaDE348.exe Trojan.Win32.Dialer.ay O16 - DPF: {11111111-1111-1111-1111-111111111435}- hoop://popka1978.ud-dial.biz/dexmsbb.exe Trojan.Win32.Dialer.av O16 - DPF: {11111111-1111-1111-1111-11237}- hoop://63.219.178.91/1/deaNZ309.exe Trojan.Win32.Dialer.ay O16 - DPF: {11120607-1001-1111-1000-110199901123}- hoop://www.n28.net/n009/on-line.exe Trojan.Win32.Dialer.ce ms-its:mhtml:file://C:\x.mht!hoop://sxwall.com//page1.chm::/test.exe TrojanDownloader.Win32.Small.xt O16 - DPF: {11212111-2121-1311-1141-115611111222} – ms-its:mhtml:file://d: oo.mht!hoop://69.50.166.213/users/john/web/axe/x.chm::/update.exe Trojan-Downloader.Win32.Small.anf O16 - DPF: {1167BEEB-1CB0-47C0-A491-1E40B8EF1285}- hoop://www.cursorzone.com/cursors/Cherub_setup_td035.cab not-a-virus:AdvWare.IGetNet hoop://media.euniverse.com/cursorzone/files/Cherub_setup_td035.cab TrojanDownloader.Win32.Keenval.c O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000}- hoop://www.eingang69.de/EroticAccess/Cabs/1796024.cab Trojan.Win32.Dialer.ck hoop://www.browserplugin.com/eroticAccess/cabs/1764015.cab Trojan.Win32.Dialer.ck O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797}-(Installer Class) hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab TrojanDownloader.Win32.IstBar.fa hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab TrojanDownloader.Win32.IstBar.gen O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489}- hoop://www.2nd-thought.com/files/install052.exe Trojan.Win32.SecondThought.g hoop://www.2nd-thought.com/files/install.exe Trojan.Win32.SecondThought.r hoop://www.2nd-thought.com/files/install042.exe Trojan.Win32.SecondThought.c [注：hoop://www.2nd-thought.com/files/install0??.exe（??为两位数字）均为Trojan.Win32.SecondThought及其变种] O16 - DPF: {13D81535-D540-41F0-E8C3-6B94033D7FA9}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {142016BF-5CCA-4C8D-AC01-C4A8F4044AD5}- hoop://media.euniverse.com/cursorzone/files/Cat_Running_setup_td035.cab TrojanDownloader.Win32.Keenval TrojanDownloader.Win32.Keenval.b TrojanDownloader.Win32.Keenval.c O16 - DPF: {146D0CDE-BDC7-0DD9-25CA-00BB7ECE235A}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {14B4AA8C-B624-440E-9730-26BA47E48A24}- hoop://www.cursorzone.com/cursors/waving_flag2_setup_td035.cab not-a-virus:AdvWare.IGetNet O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A}- hoop://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe TrojanDownloader.Win32.Agent.h O16 - DPF: {15651C7C-E812-44A2-A9AC-B467A2233E7D} (SrchHook Class) - hoop://www.123mania.com/GIDCAI32.cab not-a-virus:AdvWare.123Mania.c O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - hoop://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1 bridge-c284.cab/WinAdCtlX.dll not-a-virus:AdWare.WinAD hoop://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c1.cab not-a-virus:AdWare.WinAD.j hoop://static.windupdates.com/cab/CDTInc/ie/bridge-c8.cab not-a-virus:AdWare.WinAD.j hoop://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c15.cab not-a-virus:AdWare.WinAD.w O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - hoop://files.cometsystems.com/cometcursor/21_cometzone/comet.cab not-a-virus:AdWare.Comet.a hoop://files.cometsystems.com/cometcursor/cobrand/comet.cab not-a-virus:AdWare.Comet.a hoop://files.cometsystems.com/cometcursor/comet.cab not-a-virus:AdWare.Comet.g O16 - DPF: {171DFC0E-BE53-4919-9DFB-528560D5153B}- hoop://media.euniverse.com/cursorzone/files/spider_setup_td035.cab TrojanDownloader.Win32.Keenval 和 TrojanDownloader.Win32.Keenval.b O16 - DPF: {172AD74F-3EB9-6839-80BA-2C9F70F7C31B}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {17716803-0E74-1448-ECCC-179A4786F337}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:24 \| 显示全部短消息资料字号：小中大 5楼开头数字为1（续） O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) - hoop://www.nakayubi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://hitoriasobi.com/hello/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.futomomo.com/netidol/idolhappy/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.futomomo.com/netidol/morning/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.futomomo.com/netidol/sailor/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.futomomo.com/sexypocket1/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.futomomo.com/sexypocket51/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.hitoriasobi.com/netidol/idoler/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew hoop://www.hitoriasobi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB Trojan.Win32.Dialer.ew O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81}-(TEInstallPlugIn) hoop://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab not-a-virus:RiskWare.Downloader.Skilin.a O16 - DPF: {1951A928-84D6-4CF0-D413-5DA623BD3DB3}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85}- hoop://dm.cometsystems.com/dm/dm_286.cab not-a-virus:AdvWare.Comet (DMProxyCtl Class) – hoop://dm.cometsystems.com/dm/dm_274.cab not-a-virus:AdvWare.Comet O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B}- hoop://www.netbroadcaster.com/player/MovieNetworks1.exe not-a-virus:AdvWare.Downloadware O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1}- hoop://streamp.babenet.com/cabs/videox.cab not-a-virus:AdWare.BHO.RedHotNet.a O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC}-(IEDial Class) hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2XP.cab TrojanDownloader.Win32.Wintrim.l hoop://usa-download.nocreditcard.net/download/Object/DialerHTML/ieaccess3XP.cab TrojanDownloader.Win32.wintrim.q hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab TrojanDownloader.Win32.Wintrim.bg hoop://usa-download.nocreditcard.com/download/Object/ieaccess2.cab TrojanDownloader.Win32.Wintrim.bg hoop://download.nocreditcard.com/download/Object/ieaccess2.cab TrojanDownloader.Win32.Wintrim.bg O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}- hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab not-a-virus:RiskWare.Downloader.FunWeb hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab not-a-virus:RiskWare.Downloader.FunWeb hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab TrojanDropper.Win32.FunWeb.a hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab TrojanDropper.Win32.FunWeb.a hoop://imgfarm.com/images/nocache/funwebproducts/MySignatureInitialSetup1.0.0.5.cab not-a-virus:RiskWare.Downloader.FunWeb O16 - DPF: {1E50B82A-0D78-48B9-97EC-391B2F81CE8A}-(IELoaderCtl Class) hoop://acxd.freeload.cc/ieloader.cab TrojanDownloader.Win32.Ladder.b O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2}- hoop://directplugin.com/plugin/109738.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://directplugin.com/plugin/109998.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://directplugin.com/plugin/111939.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://ultimateplugin.com/plugin/109185.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://ultimateplugin.com/plugin/111116.exe not-a-virus:PornWare.Downloader.Tibsystems O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D}- hoop://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab not-a-virus:RiskWare.Dialer.E-Group.f hoop://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab not-a-virus:RiskWare.Dialer.E-Group.f O16 - DPF: {1F20CF42-B381-4181-8C2A-A389B1022E6E}-(Dialer.Class1) hoop://www.ipxs.nl/php/fundate.CAB not-a-virus:PornWare.Dialer.Fundial O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150}-(UCSearch.ucUCSearch) hoop://www.armbender.com/UCSearch.CAB TrojanDownloader.Win32.VB.bn hoop://www.zuvio.com/UCSearch.CAB TrojanDownloader.Win32.VB.dc
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:25 \| 显示全部短消息资料字号：小中大 6楼开头数字为2 O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167}- hoop://download.abetterinternet.com/download/cabs/STOP8105/payload.cab Trojan.Win32.KeyHost.a 和 Trojan.Win32.KeyHost.e O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA}- hoop://c.coolshader.com/download/dialer/us_cax.cab TrojanDownloader.Win32.Small.fy hoop://cl55.biz/tracker/eu_cax.cab TrojanDownloader.Win32.Small.fy (CAX Object) - hoop://dl.dialerssolution.com/cax.cab TrojanDownloader.Win32.Small.fy O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C}- hoop://www.stop-sign.com/pub/download/stop-sign_stp.cab TrojanDownloader.Win32.Wren.e hoop://www.stop-sign.com/pub/download/stop-sign_spy.cab TrojanDownloader.Win32.Wren.e hoop://raven.veloz.com/pub/download/oodlz_8bl.cab TrojanDownloader.Win32.Wren.e 和 TrojanDownloader.Win32.Wren.h O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8}- hoop://pms.localscripts.nl/plugins/1/ms7531_nl.cab Backdoor.Delf.el hoop://pms.localscripts.nl/plugins/1/ms7531_be.cab Backdoor.Delf.el O16 - DPF: {22E5705C-991A-4646-9053-A9525CA7222A}- hoop://www.topmoxie.com/external/builds/mypoints/mpmoxie.cab not-a-virus:AdvWare.HelpExpress O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201}-(ddm_download.ddm_control) hoop://download.rfwnad.com/cab/ddm_control.CAB TrojanDownloader.Win32.Dia.a O16 - DPF: {23DABBAF-6ED2-3A4C-BC1A-06BD22501901}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {24DDF073-9652-1E44-BEA7-46E1091021ED}- hoop://213.159.117.150/1/rdgCN10.exe Trojan.Win32.Dialer.ay O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322}- hoop://download.websearch.com/Dnl/T_50024/QDow.cab TrojanDownloader.Win32.QDown及其变种（相当于例子中T_50024的位置实际上可能出现的数字组合很多） hoop://dst.trafficsyndicate.com/Dnl/T_50015/btiein.cab not-a-virus:RiskWare.Tool.Exporun 和 TrojanDownloader.Win32.QDown.h O16 - DPF: {28798E4E-C408-4BA7-8D60-AD24BFF4211F}- hoop://media.euniverse.com/cursorzone/files/star_setup_td035.cab TrojanDownloader.Win32.Keenval.c O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98}-(CR64Loader Object) hoop://www.miniclip.com/bestfriends/retro64_loader.dll TrojanDownloader.Win32.Agent.de O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F}-(AInst Class) hoop://209.47.15.72/inst/activeinstaller.dll TrojanDownloader.Win32.IstBar.s hoop://images.emailhello.com/f-credit/activeinstaller.dll TrojanDownloader.Win32.IstBar.s O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45}- hoop://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML.cab TrojanDownloader.Win32.Wintrim.al hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab TrojanDownloader.Win32.Wintrim.al hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US.cab TrojanDownloader.Win32.Wintrim.y hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1027 hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1027 O16 - DPF: {2AEBF56B-88C4-7EC4-3B3F-24F1B5AD40FF}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/006/asqkfkgw.cab Trojan.Win32.TalkStocks.a O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87}- hoop://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1046_pack_XP.cab not-a-virus:RiskWare.Dialer.E-Group.1046 和 not-a-virus:RiskWare.Dialer.E-Group.b O16 - DPF: {2B1B6023-0462-0384-AEDE-7B533E5D09AB}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3}-(IntRuboskizo Class) hoop://www.britator.com/micab/dialerweb.cab Trojan.Win32.Dialer.s hoop://www.goxproductions.com/dialers/dialerweb.cab Trojan.Win32.Dialer.s O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A}- hoop://67.72.100.27/dialerhost/download/Zdst8XLq/sexsoftware.cab not-a-virus:PornWare.Dialer.BillPrayer.b O16 - DPF: {2EB9EEE6-2E9F-7583-13D7-39B721C78DF8}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {2FC760C7-F4B5-4289-BA28-745D69F9B244}- hoop://www.cursorzone.com/cursors/flowgo_bird_setup_td035.cab not-a-virus:AdvWare.IGetNet
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:25 \| 显示全部短消息资料字号：小中大 7楼开头数字为3 O16 - DPF: {30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}- hoop://www.shopathomeselect.com/agent/realtimeSetup.cab not-a-virus:AdvWare.Sahat.c O16 - DPF: {3071D45B-D942-30FA-E39C-30AD7C0D437E}- hoop://69.50.188.54/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - hoop://64.156.31.79/100039/uk/ringtone/ringtone.exe not-a-virus:RiskWare.Dialer.PlayGames O16 - DPF: {31C54AFE-4D52-7855-1036-3A707C1DA5FC}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {34D84CD1-9D2F-4808-4C4D-524A37FA4A4D}- hoop://213.159.117.150/1/rdgCN10.exe Trojan.Win32.Dialer.ay O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277}-(VacPro.emsat_ver3) hoop://www.advnt01.com/dialer/emsat_ver3.CAB TrojanClicker.Win32.Adpower.d O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D}-(WebDownLoad Control) hoop://www.bypp.com/plmm/3721.ocx TrojanDownloader.Win32.Delf.ab hoop://www.down99.com/download/Microsoft.ocx TrojanDownloader.Win32.Delf.ab hoop://www.8975.8u8.com/download/aven.ocx Trojan-Downloader.Win32.Delf.ab O16 - DPF: {37C0D091-EDEB-4701-8873-B358A4368210}- hoop://media.euniverse.com/cursorzone/files/pumpkin_setup_td035.cab TrojanDownloader.Win32.Keenval TrojanDownloader.Win32.Keenval.b TrojanDownloader.Win32.Keenval.c O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6}-(38545C2A-03CD-42C3-BC62-C537A6D5A8F6) hoop://download.online-dialer.com/LiveContent.cab TrojanDownloader.Win32.Small.gd O16 - DPF: {3AA90BC2-58C0-4F4D-A87C-2C6F3D3CD5FE}-(WBMInstaller Class) hoop://your.wishbone.com/download/uinstall.cab not-a-virus:AdvWare.Downloadware O16 - DPF: {3BB64370-3F2A-3F8B-8F87-44F4500CD2AD}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC}-(Loader Class) hoop://www.sqwire.com/toolbar/SQLoader.cab TrojanDownloader.Win32.Squire.b hoop://www.sqwire.com/toolbar/SQLoader3303.cab TrojanDownloader.Win32.Squire.b O16 - DPF: {3F99890F-959A-5E25-6A24-21D53C961B59}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:26 \| 显示全部短消息资料字号：小中大 8楼开头数字为4 O16 - DPF: {400C5DA4-C3F9-265F-4632-5B5A52E1B260}- hoop://69.50.188.54/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D}- hoop://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE not-a-virus:AdWare.VirtualBouncer.e O16 - DPF: {4208564C-62F0-45E6-87DE-0861D11C0613}- hoop://www.7adpower.com/dialer/usa.CAB not-a-virus:PornWare.Dialer.Creazione.c O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000}- hoop://www.oyunfabrikasi.com/nl/last/10/060229nl.exe not-a-virus:PornWare.Dialer.Generic hoop://www.oyunfabrikasi.com/as/2/060172as.exe Trojan.Win32.Dialer.bo hoop://www.andlotsmore.com/factory/058343be.exe not-a-virus:RiskWare.Dialer.PlayGames hoop://www.andlotsmore.com/factory/058348nl.exe not-a-virus:PornWare.Dialer.Generic hoop://www.andlotsmore.com/factory/058440de.exe not-a-virus:RiskWare.Dialer.PlayGames hoop://64.156.31.98/060128uk.exe not-a-virus:PornWare.Dialer.Silence.a hoop://63.217.31.12/dial1/058362uk.exe not-a-virus:PornWare.Dialer.Playground.c hoop://63.217.31.12/dial6/058439uk.exe not-a-virus:PornWare.Dialer.Playground.c hoop://www.oyunfabrikasi.com/nl/2/060187nl.exe Trojan.Win32.Dialer.cc hoop://64.156.31.77/nzgames.exe not-a-virus:RiskWare.Dialer.PlayGames O16 - DPF: {445DCF30-5EBE-25CF-DD26-A286CDC57DA3}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/015/aqqunrih.cab Trojan.Win32.TalkStocks.a O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3}-(No description) hoop://naupoint.com/toolbar/installer/iEBINST2.cab not-a-virus:AdWare.Naupoint.a O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C}- hoop://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab not-a-virus:RiskWare.Dialer.E-Group.d O16 - DPF: {472AC34B-FC4B-4D62-9DC2-82283B618931}- hoop://www.cursorzone.com/cursors/Bear_setup_td035.cab not-a-virus:AdvWare.IGetNet O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822}- hoop://akamai.downloadv3.com/binaries/IA/ia.cab not-a-virus:PornWare.Dialer.IA hoop://akamai.downloadv3.com/binaries/IA/ia_XP.cab TrojanDownloader.Win32.Wintrim.w O16 - DPF: {494C4BEF-FAC9-FE5D-ADA1-85B08BA2C789}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/349/wtvuvzaw.cab Trojan.Win32.TalkStocks.a O16 - DPF: {495290C2-F899-3F27-7DCD-F0A53C127EF2}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/340/dkxbhqqx.cab Trojan.Win32.TalkStocks.a O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28}-(IntRuboskizo2 Class) hoop://www.chicasmarcianas.com/ruboskizo2.cab Trojan.Win32.Dialer.c hoop://www.chicasmodelos.com/ruboskizo2.cab Trojan.Win32.Dialer.c hoop://www.mangahentaix.com/ruboskizo2.cab Trojan.Win32.Dialer.c O16 - DPF: {4BE26277-6508-4885-ADFD-CA8B2B5ADBF6}- hoop://media.euniverse.com/cursorzone/files/rainbow_setup_td035.cab TrojanDownloader.Win32.Keenval.c O16 - DPF: {4C0A5F06-35A1-0183-6929-4B052F006BEA}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {4C98718D-270A-3C39-EAF8-63456A1F102F}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000}- hoop://www.bc777.com/software/SiteHlpr.cab not-a-virus:AdvWare.BC777.a O16 - DPF: {4CF5275B-CDBC-11D3-A8AF-0090279A5978}- hoop://www.portalsearching.com/BHO.CAB Trojan.Win32.Toras.b hoop://www.sexxx-direct.com/BHO.CAB Trojan.Win32.Toras.b O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956}- hoop://www.terra.es/personal7/loversforever/sv/svchost.exe Trojan.Win32.Lolaweb.b O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D}- hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialTempSetup1.0.0.6.cab TrojanDownloader.Win32.FunWeb.c
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:26 \| 显示全部短消息资料字号：小中大 9楼开头数字为5 O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2}- hoop://directplugin.com/dialers/109178.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://www.exittraffic.net/nocreditcard/111602/sexplayer.cab not-a-virus:PornWare.Dialer.AsianRaw.b hoop://directplugin.com/dialers/109399.exe not-a-virus:PornWare.Downloader.Tibsystems hoop://directplugin.com/dialers/109664.exe not-a-virus:PornWare.Downloader.TibSystems O16 - DPF: {517E6ED4-892A-7B1A-6BE4-386C555BEA13}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0}-(WebPlugin Class) hoop://webinstall.tscash.com/webinstall.cab TrojanDownloader.Win32.Tinytest O16 - DPF: {522F629A-4DFE-43FA-8311-6F9C871016C5}- hoop://media.euniverse.com/cursorzone/files/flowgo_granny_setup_td035.cab TrojanDownloader.Win32.Keenval.c O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/350/anmqsrho.cab Trojan.Win32.TalkStocks.a O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9}-(InPop.InControl) hoop://adlogix.com/pop/InPop.CAB Trojan.Win32.VB.ex O16 - DPF: {544B28E8-4746-49EF-A4D5-8F4F3A3556BE}- hoop://www.cursorzone.com/cursors/flaghand_setup_td035.cab not-a-virus:AdvWare.IGetNet O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174}- hoop://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab not-a-virus:AdvWare.SideSearch.c hoop://dl.lygo.com/Sidesearch/en_US/gamesville/Sidesearch.cab not-a-virus:AdvWare.SideSearch.c O16 - DPF: {556DDE35-E955-11D0-A707-000000521958}- hoop://69.56.176.76/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e (新版为TrojanDownloader.Win32.OneClickNetSearch.f) hoop://wwb.ieplugin.com/adcampaigns/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.f hoop://www.marketdart.com/promo/200211aer/md_er_200211aer.cab not-a-virus:AdvWare.MarketDart O16 - DPF: {55A3DA4D-1EE2-3592-2B47-0855F68B8D7F}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/004/zscrjdjl.cab Trojan.Win32.TalkStocks.a O16 - DPF: {5794855A-B5E7-25B3-3ADE-400C6A0F45B1}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {582788CA-7014-4904-A4EE-6FB6108AFE8E}-(SrchHook Class) hoop://www.123mania.com/asrcware.cab not-a-virus:AdvWare.123Mania.a O16 - DPF: {586DDE35-E955-11D0-A707-000000521958}- hoop://69.56.176.227/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e hoop://ww3.ieplugin.com/adcampaigns/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e （新版均为TrojanDownloader.Win32.OneClickNetSearch.f） O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA}- hoop://ak.imgfarm.com/images/nocache/mysearch/s4initialsetup1.0.0.7.cab not-a-virus:AdvWare.Downloadware O16 - DPF: {5A024D01-AF8A-7F7C-1218-472943D521E1}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {5AF007F5-E4B1-4C9A-70A7-482B2D577CCA}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1}-(IntDialerData Class) hoop://www.grupomarineda.net/auto/DialerData.cab Trojan.Win32.Dialer.c O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}-(SpeedCtrl Class) hoop://www.atelys.com/src/Speedup.ocx TrojanDownloader.Win32.Agent.aa O16 - DPF: {5CBA93A3-E0ED-11D5-A70E-00C12601EADE}- hoop://private-pl.com/welcome/private.exe Trojan.Win32.Dialer.ad O16 - DPF: {5D8488E6-071F-4694-B3E4-BCD1976770B4}- hoop://media.euniverse.com/cursorzone/files/ACF11EE.cab TrojanDownloader.Win32.Keenval.e O16 - DPF: {5DA6A3EB-DEAA-45AD-B303-64A474879FA0}- hoop://toolbar.globalwebsearch.com/toolbar/gws.cab TrojanSpy.Win32.Globar.b O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89}-(Fswinst Control) hoop://www.freescratchandwin.com/files/fswinst07.cab not-a-virus:AdvWare.FreeScratch.a O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588}-(IntSfTx Class) hoop://213.229.160.219/dialers/it.cab Trojan.Win32.Dialer.ca O16 - DPF: {5E09168F-EBE4-4F16-54CC-151053885406}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483}- hoop://www.dotcomtoolbar.com/toolbar_nieuw13.cab not-a-virus:AdvWare.ToolBar.Dotcom.a hoop://www.dotcomtoolbar.com/toolbar_nieuw14.cab not-a-virus:AdvWare.ToolBar.Dotcom.b O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289}-(DialerWeb Class) hoop://212.145.159.194/251065/dialercab/WebRecomendada.cab not-a-virus:PornWare.Dialer.DialWeb
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡	发表于： 2005-05-02 22:27 \| 显示全部短消息资料字号：小中大 10楼开头数字为6 O16 - DPF: {607DF741-7D0A-11D4-9EDC-005004189684}- hoop://www.ucmore.com/download/UCmoreIEx.cab not-a-virus:AdvWare.Toolbar.Ucmore O16 - DPF: {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}- hoop://www.igetnet.com/downloads/NLN/NLNP40w.exe not-a-virus:AdvWare.IGetNet hoop://www.igetnet.com/downloads/NLN/NLNP1w.exe not-a-virus:AdvWare.IGetNet O16 - DPF: {6180ADE2-084F-B0E8-8C0F-150845BF1B73}-(DownloadUL Class) hoop://public.searchbarcash.com/cab/014/wkzgcnny.cab Trojan.Win32.TalkStocks.a O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A}-(DNL Control) hoop://www.xzoomy.com/media/MyFIDNL.ocx TrojanDownloader.Win32.Smfin.a O16 - DPF: {653F689B-250A-794C-DA31-55394F7F7E98}- hoop://82.179.166.72/1/gdnCN208.exe Trojan.Win32.Dialer.ay O16 - DPF: {666DDE35-E955-11D0-A707-000000521958}- hoop://69.56.176.227/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e （新版为TrojanDownloader.Win32.OneClickNetSearch.f） O16 - DPF: {666E4D35-E955-11D0-A707-000000521958}- hoop://www.ieplugin.com/webplugin.cab TrojanDownloader.Win32.OneClickNetSearch.e （新版为TrojanDownloader.Win32.OneClickNetSearch.f） O16 - DPF: {672EDB90-4569-267D-D6D3-4D4F019FEA7C}- hoop://82.179.166.72/1/gdnUS208.exe Trojan.Win32.Dialer.ay O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092}-(IELoaderCtl Class) hoop://freeload.cc/secure/ieloader.cab TrojanDownloader.Win32.Ladder O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32}-(VacPro.canada_ver3) hoop://www.advnt01.com/dialer/canada_ver3.CAB TrojanClicker.Win32.Adpower.c O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3}-(IntPagomaster Class) hoop://www.especialsexo.com/dll907/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a hoop://www.webcamenvivo.com/xxx/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a hoop://www.peterpaulxxx.com/iconos/dialer/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a hoop://www.lasfamosasdesnudas.com/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a hoop://www.webcamenvivo.com/xxx/pagomast.cab not-a-virus:RiskWare.Dialer.PageMaster.a O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002}-(XDialer Class) hoop://www.sex777.com/AX/XDialer2.CAB not-a-virus:PornWare.Dialer.XDial O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}-(BrowserProxy4 Class) hoop://download.alexa.com/clients/Alexa7.cab not-a-virus:AdvWare.ToolBar.AlexaBar.a O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F}- hoop://installs.hotbar.com/installs/hotbar/programs/hotbar.cab not-a-virus:AdvWare.ToolBar.Hotbar.g 和 not-a-virus:AdvWare.ToolBar.Hotbar.e O16 - DPF: {6DF7D126-CAAA-7486-945A-059E2ECB7686}- hoop://213.159.117.150/1/gdnUS14.exe Trojan.Win32.Dialer.ay O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702}-(nCaseInstaller Class) hoop://bis.180solutions.com/ActiveXInstallers/Installer/nCaseInstaller.cab not-a-virus:AdvWare.180solutions O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3}-(SCDataDialer Class) hoop://www.dinerotica.com/download/1,2,0,4/cabdll.cab Trojan.Win32.Dialer.cf O16 - DPF: {6F3D49A9-8DC8-4566-BF95-9A7776C56F8B}- hoop://rssexplorer.planet-hood.com/PlanetNews.cab not-a-virus:AdvWare.Toolbar.NewsGator
风之咏者社区嘉宾帖子:18942 注册: 2003-07-27 来自:此心安处是吾乡

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT