希望本列表能够被不断维护、更新、补充，成为解读HijackThis扫描结果的一份有价值的参考文献。

    本文的写作目的是为大家分析HijackThis扫描结果提供一个恶意O16项列表。网上已有O2、O3、O4项目的列表，但如本文这样的O16列表在下却没有找到。这里我定义的恶意O16项指的是明确被杀毒软件认定为木马、木马释放器、木马下载器、广告/间谍软件、后门程序、恶意拨号小程序、危险工具的那些程序（真正的病毒似乎尚未在O16项目中看到）。
    当然，还有许多（比本文提到的那些多得多）安装上之后可能造成浏览器运行缓慢、系统不稳定的属于O16项的程序，但尚未被杀毒软件确认为恶意程序（有些反广告/间谍软件可能会报告这些项目）。这些程序在本文中并未收录，这是有意的，我想，那些应该属于“推荐删除的O16项目”，而不是本文针对的“恶意O16项”。
    本人检测文中提到的各恶意O16项时使用的杀毒软件是kaspersky（卡巴斯基）4.5版，选择这款杀毒软件的主要原因是：
    1 这些O16项绝大部分来自国外，国产杀毒软件在检测它们时不占优势，所以选择一款国外杀毒软件更合适些。
    2 卡巴斯基的病毒库比较大。
    3 卡巴斯基的扩展库分类清晰，很好地覆盖了本文提到的“恶意O16项”。
    我也试用了另外几款国外的杀毒软件，最终还是选定卡巴斯基作主要的“法官”来裁定“恶意O16项”。这一选择在相当程度上仅仅是本人的使用偏好。卡巴斯基当然不是万能的，但我已努力将遗漏的风险降到最低。我可给卡巴斯基实验室处理新样本的工程师添了不少麻烦，有一次我一晚上发过去大量样本，最终Eugene先生回复我：“下次升级后自己看吧（see the stuff in next updates）。”

本文主要内容的格式如下
O16 - DPF: {class ID}-(名称)
例一 卡巴斯基检测结果
例二 卡巴斯基检测结果
……
其中，(名称)一项不是一定会有的，下面的例子也仅仅是其中的一部分。

    检测结果中，Trojan、TrojanClicker指木马，TrojanDropper指木马释放器，TrojanDownloader指木马下载器，Backdoor为后门程序。所有标明“not-a-virus”的都未被卡巴斯基收录到标准病毒库中，它们是卡巴斯基的扩展库查出来的，其类别包括广告程序（AdvWare）、恶意拨号程序（Dialer）、可能被用来做坏事的危险工具（RiskWare）等。

    在解读HijackThis扫描结果的O16项时，如果您愿意参考本文，请以class ID (即CLSID，大括号里那串数字)为准（文中有特别说明的几个除外）。本文中 class ID 后面列出的那些链接仅仅是部分例子，如果您发现您面前的某份HijackThis扫描结果中出现了本文中某个class ID，而后面的链接未在本文中提供的那些例子中出现，您可以——
    1 用杀毒软件检验相应文件，查不出的可以上报
    2 自己简单分析一下，如果链接中的网站名称与现有的例子相同或相似、最终指向的文件的名称与现有的例子相同或相似，那么是恶意项的可能相当大。如果文件名或者链接中带有“sex”、“adult”、“dialer”、“casino”、“free_plugin”字样， 一般应该修复。如果是cab文件的话，甚至可以下载下来打开看看，如果其内容与例子中提到的某个cab包中的内容差不多，则高度可疑。
    3 如果您能将情况顺便通知本版版主，那么十分感谢！让大家共同维护此列表吧！

    还要说明一下，为写作本文，本人浏览了大量的HijackThis扫描结果，本文里所列举的所有例子本人均下载到样本进行了检验。有很多十分可疑的项目，由于相应的下载链接已失效，最终全部被排除在本文之外。我当时可以下载，不代表那些例子中的链接在您阅读本文时依然有效（这一点本人深有体会）。

    如果您使用卡巴斯基检查某样本，没能得到本文中例子里相应的杀毒结果——
    1 卡巴斯基现在不报告：可能该恶意程序“回心向善”了（可能不大），但更可能该样本换了新版（我常遇到），别犹豫，赶紧上报。还有一种可能就是卡巴斯基调整病毒库后的确不再报告它了。
    2 卡巴斯基现在报告，但版本号码不同：该样本换了新版。
    3 卡巴斯基现在报告它为另一种恶意程序：可能该样本换了新版，也可能卡巴斯基调整了病毒库，比如原先报告为木马或木马下载器，后来被改划为广告程序或危险工具，这个也有过。

    如果卡巴斯基查出的某样本您中意的某杀毒软件不报告——
    赶紧上报呀！国产3大杀软都承诺首报有奖。但我运气不好，常常上报人家“已有”的样本，现在我把上报的机会留给运气好的朋友啦！不过，对本列表中的“not-a-virus”（非病毒）类样本，大多数国产杀毒软件是不报告的，这是病毒定义的不同，我们在这里不讨论这个。如果一个样本卡巴斯基报“not-a-virus”，而其它杀毒软件报告为木马或别的什么，那也是常事。这还是不同公司对病毒的分类标准不同造成的。

注：
1 HijackThis扫描结果的O16项 - 下载的程序文件，就是Downloaded Program Files目录下的那些ActiveX对象。这些ActiveX对象来自网络，存放在Downloaded Program Files目录下，其CLSID记录在注册表中。
2 使用HijackThis修复某个O16项后，请建议该用户手动检查“Downloaded Program Files”目录下的相应文件是否被删除。虽然HijackThis修复某个O16项时会试图删除相应文件，但由于各种原因，有时可能无法真正删除。
3 本文没有提到3721的O16项（虽然卡巴斯基视它作广告程序），愿意装的朋友自有其道理，想卸载或免疫则可以求助于专门工具，反正只清除其O16项并不能彻底清除它。
4 为安全意见，所有例子中的http都被改为hoop。

HijackThis恶意O16项目列表正文（以class ID为序）

无class ID

O16 - DPF: v2cab - hoop://install.searchmiracle.com/cab/v2cab.cab
not-a-virus:AdvWare.ToolBar.EliteBar.l
O16 - DPF: v3cab - hoop://searchmiracle.com/cab/v2cab.cab
TrojanDownloader.Win32.Small.xo

O16 - DPF: IEToolbarCab - hoop://www.dailytoolbar.com/DailyToolbarAff.CAB
Trojan.Win32.StartPage.ny

开头数字为0

O16 - DPF: {00000000-0000-0000-0000-000020030000}-
hoop://www.7adpower.com/dialer/newz.exe  not-a-virus:RiskWare.Dialer.Vact.a
hoop://www.accessoveloce.com/webline/x/wgodscp1x.exe  trojan.win32.dialer.a
hoop://xxxtrayicon.com/xtrayinst.exe  Trojan.Win32.VB.jl
hoop://www.accessoveloce.com/mar/x/igmp4f.exe  not-a-virus:PornWare.Dialer.Libero
hoop://www.cartoni-porno.com/CartoniPorno.exe  Trojan.Win32.Dialer.a
hoop://www.accessoveloce.com/webline/x/brigida1x.exe  Trojan.Win32.Dialer.a

O16 - DPF: {00000000-0000-0000-0000-000020040000}-
hoop://207.234.185.217/ABoxInst_int5.exe  Trojan-Downloader.Win32.VB.ft

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC}-
hoop://install.global-netcom.de/ieloader.cab  TrojanDownloader.Win32.Ladder

O16 - DPF: {00000000-DDBB-0704-0B53-2C8830E9FAEC}-(IELoaderCtl Class)
hoop://freeload.cc/secure/ieloader.cab  TrojanDownloader.Win32.Ladder

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA}-
hoop://test.outwar.com/np/Otw0i.cab  TrojanDropper.Win32.Bunch
(F1 Organizer Class) - hoop://www.addictivetechnologies.net/DM0/cab/j3rk0of4.cab
TrojanDownloader.Win32.Rameh.c
hoop://www.addictivetechnologies.net/DM0/cab/aess11.cab  TrojanDownloader.Win32.Rameh.c
hoop://www.addictivetechnologies.net/DM0/cab/AESS2.cab  TrojanDownloader.Win32.Rameh.c
hoop://www.originalicons.com/members/arrtv.cab  TrojanDownloader.Win32.Rameh.c

O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040}-(VacPro.olanda_ver3)
hoop://www.advnt01.com/dialer/olanda_ver3.CAB  TrojanClicker.Win32.Adpower.a

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D}-(Installer Class)
hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006_mainstream.cab
TrojanDownloader.Win32.IstBar.ci
(新版为TrojanDownloader.Win32.IstBar.dw)
hoop://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
TrojanDownloader.Win32.IstBar.dc
(新版为TrojanDownloader.Win32.IstBar.dw)
hoop://www.negativebeats.com/mp3.plugin.exe  TrojanDownloader.Win32.Swizzor.t
hoop://www.lyricsdomain.com/download.mp3.exe  TrojanDownloader.Win32.Swizzor.t
hoop://www.mp3.mbytes.net/free/MP3_Plugin.exe  TrojanDownloader.Win32.Small.bp

O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8}-(SBITAX7Ctrl Class)
hoop://ultimateplugin.com/tl7000.dll  TrojanProxy.Win32.Sobit
hoop://ultimateplugin.com/tl7000_cert1.dll  TrojanProxy.Win32.Sobit
hoop://download.tibsystems.com/tl7000.dll  TrojanProxy.Win32.Sobit.c
hoop://directplugin.com/tl7000.dll  TrojanProxy.Win32.Sobit.c
hoop://www.movie-browser.com/tl7000.dll  TrojanProxy.Win32.Sobit.c

O16 - DPF: {01A477AC-21E7-49F7-BCB6-A42663187299}-(XEng004.XEng004Ctl)
hoop://iii.tv/pink/004/XEng004.CAB  not-a-virus:PornWare.Dialer.Cutygirls.a
[形如XEng0??.CAB（?代表一个数字）的文件，包括
hoop://iii.tv/pink/001/XEng001.CAB
……
hoop://iii.tv/pink/038/XEng038.CAB
或
hoop://cutygirls.net/pink/001/XEng001.CAB
……
hoop://cutygirls.net/pink/038/XEng038.CAB
均为not-a-virus:PornWare.Dialer.Cutygirls类的恶意拨号器。其class ID (CLSID)各不相同，在此就不一一列出了。]

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90}-(Loader Class)
hoop://connect.online-dialer.com/MaConnect.cab TrojanDownloader.Win32.IstBar.s
hoop://63.217.29.115/cax.cab  not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://63.219.181.7/cax.cab  not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://63.217.29.115/cax.cab  not-a-virus:PornWare.Dialer.OnlineDialer
(Moniker32 Class) –
hoop://connect.online-dialer.com/cax.cab  not-a-virus:PornWare.Dialer.OnlineDialer

O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7}
hoop://64.62.232.4/gamesplayground/060548/uk/fullgames/fullgames.exe  TrojanDownloader.Win32.PlayGames.a
hoop://64.156.31.70/058776uk.exe  not-a-virus:PornWare.Dialer.Playground.b
hoop://64.156.31.70/058565uk.exe  not-a-virus:PornWare.Dialer.Playground.b
hoop://access.gamezdump.com/output/060560/uk/fullgames/fullgames.exe
not-a-virus:PornWare.Dialer.Playground.c
hoop://access.gamesplayground.com/output/011259/uk/fullgames/fullgames.exe
not-a-virus:PornWare.Dialer.Playground.c
hoop://64.156.31.99/060219/se/fullgames/fullgames.exe  not-a-virus:PornWare.Dialer.Generic

O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D}-(preload control)
hoop://www.thepaymentcentre.com/build/preload.cab  TrojanDownloader.Win32.Dyfuca.w
hoop://www.thepaymentcentre3.com/build/preload.cab  TrojanDownloader.Win32.Dyfuca.w

O16 - DPF: {03D2A95A-0AA6-1EF5-6370-092512235D29}-
hoop://82.179.166.72/1/gdnUS208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A}-(Marcador Class)
hoop://acceso.masminutos.com/software.cab  not-a-virus:PornWare.Dialer.Lanzar

O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E}-(VacPro.win98_P)
hoop://www9.advnt01.com/dialer/win98_P.CAB  not-a-virus:Porn-Dialer.Win32.Creazione.i

O16 - DPF: {04E67FD9-0D85-463B-06D9-0CB62CDB2C67}-
hoop://69.50.188.54/1/gdnAU208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8}-(EGEGAUTH Class)
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab  Trojan.Win32.P2E.g
hoop://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_FR_XP.cab  Trojan.Win32.P2E.g

O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78}-(preload control)
hoop://www.thepaymentcentre.com/build/preload2.cab  TrojanDownloader.Win32.Dyfuca.aw

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE}-(iiittt Class)
hoop://www.begin2search.com/toolbar/winb2s32.cab  not-a-virus:AdWare.Beginto.a

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F}-(AsyncDownloader Class)
hoop://survey.otxresearch.com/Preloader.dll  not-a-virus:RiskWare.Downloader.OTXloader

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D}-
hoop://www.searchwww.com/search.cab TrojanClicker.VBS.Krepper

O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602}-(vviewer control)
hoop://www.thepaymentcentre.com/build/vviewer.cab  TrojanDownloader.Win32.Dyfuca.ch

O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650}-
hoop://corp.mail.com/bargainbuddy/emcam_bbi8015.cab  not-a-virus:AdvWare.BargainBuddy.a

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}-
hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab  TrojanDownloader.Win32.Wintrim.ah
hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab  TrojanDownloader.Win32.Wintrim.ai
hoop://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab  TrojanDownloader.Win32.Wintrim.ai
hoop://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab  TrojanDownloader.Win32.Wintrim.ah

O16 - DPF: {0D676488-AEB4-455D-9A8F-4E241092A0F0}-
hoop://media.euniverse.com/cursorzone/files/Butterfly_ani_setup_td035.cab
TrojanDownloader.Win32.Keenval.c

O16 - DPF: {0DCBCE0D-74B5-CE5F-39ED-4C3EE4EF5B61}-
hoop://public.searchbarcash.com/cab/019/hxpgzotx.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {0EDE9EAA-A2DB-79A9-38EB-BFBF5C5236DF}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/335/kdsaqcfv.cab  Trojan.Win32.TalkStocks.a

开头数字为1


O16 - DPF: {10000000-1000-0000-1000-000000000000}-
ms-its:mhtml:file://C:\foo.mht!hoop://www.free32.com/POP.CHM::/sp.exe
TrojanDownloader.VBS.Psyme.q 和 Trojan.Win32.Spooner.f
ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//bestporn/main.chm::/load.exe
TrojanDownloader.Win32.Donn.r 和 TrojanProxy.Win32.Mitglieder.x
ms-its:mhtml:file://C:\MAIN.MHT!hoop://d.dialer2004.com//ruzan/main.chm::/load.exe  TrojanDownloader.Win32.Donn.r
mhtml:file://C:\ARCHIVE.MHT!hoop://195.225.176.3//mas2/server.exe  Trojan.Win32.Scagent.d

O16 - DPF: {10003000-1000-0000-1000-000000000000}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://195.225.177.8/count/chm/cool.chm::/cool.exe
TrojanDownloader.Win32.Agent.av
ms-its:mhtml:file://C:\foo.mht!hoop://81.211.105.37/30096/online.chm::/on-line.exe
TrojanDownloader.Win32.Agent.k
ms-its:mhtml:file://C:\foo.mht!hoop://195.225.177.13/11223/online.chm::/on-line.exe
TrojanDropper.Win32.Small.hx

ms-its:mhtml:file://C: oo.mht!hoop://sexxxxtv.com/module.chm::/in.exe  Trojan-Downloader.JS.generic

O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736}-
hoop://hot.thebugs.ws/fav.exe  Trojan.Win32.StartPage.fg

O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E}-
hoop://directplugin.com/dialers/109446.exe  not-a-virus:PornWare.Downloader.Tibsystems

O16 - DPF: {11010101-1001-1111-1000-110112345678}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.179.54/winsearchie32.chm::/winsearchie32.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.50.173.253/winsearchie32.chm::/winsearchie32.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://69.31.79.102/searchinfoxyz.chm::/searchinfoxyz.exe
TrojanDownloader.Win32.Small.zd
ms-its:mhtml:file://C:oo.mht!hoop://cellaphone.net/helps/079057/iehelp.chm::/win.exe
Trojan-Downloader.Win32.Small.aag

O16 - DPF: {11010101-1001-1111-1000-110164567732}-
ms-its:mhtml:file://C:MAIN.MHT!hoop://www.008i.com//x//f//10213//inst.chm::/f10213.exe
TrojanDownloader.Win32.WinShow.af

O16 - DPF: {11111111-1111-1111-1111-11??????????}-
mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f10213.exe
TrojanDownloader.Win32.Petrolin.a
mhtml:file://C:NO_SUCH_MHT.MHT!hoop://www.008k.com/partner/inst/f22776.exe
TrojanDownloader.Win32.Small.ug
[请注意，?在这里代表某个数字，该种木马下载器的CLSID后几位是变动的，指向的是以f开头后加5个数字作为文件名的exe文件。]

O16 - DPF: {11111111-1111-1111-1111-111111111111}-
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?xdat=&url=hoop://66.117.38.54:80/dexDK534.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE554.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexDE535.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.37.5:80/iex/ofile.exe?url=hoop://66.117.37.5:80/dexGB285.exe
mhtml:file://C:NXSFT.MHT!hoop://66.117.38.54:80/iex/ofile.exe?url=hoop://66.117.38.54:80/dexUS585.exe
以上各exe文件均属于TrojanDownloader.Win32.Small家族
hoop://ams-download.nocreditcard.com/download/newdial-erp/1498/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://ams-download.nocreditcard.com/download/newdial-erp/1676/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://usa-download.nocreditcard.net/download/newdial-erp/1736/dialer.exe
not-a-virus:PornWare.Dialer.TBS-Access
hoop://207.246.124.105/cabs/ROOSTRS3002/TPS108.cab  not-a-virus:AdvWare.BiSpy.d
hoop://www.springboard.nl/plugin/hotpages3.exe  not-a-virus:PornWare.Dialer.Generic
hoop://seks.a4.pl/porno-filmy.exe  not-a-virus:PornWare.Dialer.Plsex
[遇到CLSID:11111111-1111-1111-1111-111111111111（也许末尾几位有变动）请大家多加注意，因为这些项目可能与IE一个漏洞相关。这个CLSID下，如下的几个都很可能是恶意的。
file://c:\info6.cab
file://c:\windows\temp\demo.exe
file://c:\windows\calc.exe]

O16 - DPF: {11111111-1111-1111-1111-111111111112}-
hoop://www.latenight.nl/launcher.exe TrojanDownloader.Win32.Small.et

O16 - DPF: {11111111-1111-1111-1111-111111111123}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/148.chm::/file.exe
TrojanDropper.Win32.Small.ig
ms-its:mhtml:file://c:\nosuch.mht!hoop://www.search-and-more.com/clk/123.chm::/file.exe
TrojanDropper.Win32.Small.ig
新版本为 TrojanDropper.Win32.Small.lf
ms-its:mhtml:file://D:est.mht!hoop://yanliangbbs.com/Skins/Default/_notes/test.chm::/test.exe
TrojanDropper.Win32.Delf.ef
its:mhtml:file://C:.mht!hoop://69.50.191.52/2484/b.chm::/b.exe  Trojan.Win32.StartPage.hb

O16 - DPF: {11111111-1111-1111-1111-111111111157}-
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/legal/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.w
ms-its:mhtml:file://c:\nosuch.mht!hoop://petite-virgins.biz/dl/adv15/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.l
ms-its:mhtml:file://c:\nosuch.mht!hoop://cashsearch.biz/legal/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.r
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.131/dl/adv94/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.y
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv74/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.y
ms-its:mhtml:file://c:\nosuch.mht!hoop://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe
TrojanDownloader.Win32.Donn.u
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv63/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.gen
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv65/x.chm::/load.exe
TrojanDownloader.Win32.Harnig.al
ms-its:mhtml:file://c:\nosuch.mht!hoop://213.159.117.133/dl/adv156/x.chm::/load.exe
TrojanDownloader.Win32.Small.yx

O16 - DPF: {11111111-1111-1111-1111-111111111171}-
ms-its:mhtml:file://c:\\nosuch.mht!hoop://line-plus.com/newhelp.chm::/newhelp.exe
Trojan.Win32.StartPage.ij

O16 - DPF: {11111111-1111-1111-1111-111111111237}-
hoop://69.31.87.70/1/deaDE348.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {11111111-1111-1111-1111-111111111435}-
hoop://popka1978.ud-dial.biz/dexmsbb.exe  Trojan.Win32.Dialer.av

O16 - DPF: {11111111-1111-1111-1111-11237}-
hoop://63.219.178.91/1/deaNZ309.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {11120607-1001-1111-1000-110199901123}-
hoop://www.n28.net/n009/on-line.exe Trojan.Win32.Dialer.ce
ms-its:mhtml:file://C:\x.mht!hoop://sxwall.com//page1.chm::/test.exe
TrojanDownloader.Win32.Small.xt

O16 - DPF: {11212111-2121-1311-1141-115611111222} –
ms-its:mhtml:file://d: oo.mht!hoop://69.50.166.213/users/john/web/axe/x.chm::/update.exe
Trojan-Downloader.Win32.Small.anf

O16 - DPF: {1167BEEB-1CB0-47C0-A491-1E40B8EF1285}-
hoop://www.cursorzone.com/cursors/Cherub_setup_td035.cab  not-a-virus:AdvWare.IGetNet
hoop://media.euniverse.com/cursorzone/files/Cherub_setup_td035.cab  TrojanDownloader.Win32.Keenval.c

O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000}-
hoop://www.eingang69.de/EroticAccess/Cabs/1796024.cab  Trojan.Win32.Dialer.ck
hoop://www.browserplugin.com/eroticAccess/cabs/1764015.cab  Trojan.Win32.Dialer.ck

O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797}-(Installer Class)
hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab  TrojanDownloader.Win32.IstBar.fa
hoop://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab  TrojanDownloader.Win32.IstBar.gen

O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489}-
hoop://www.2nd-thought.com/files/install052.exe  Trojan.Win32.SecondThought.g
hoop://www.2nd-thought.com/files/install.exe  Trojan.Win32.SecondThought.r
hoop://www.2nd-thought.com/files/install042.exe  Trojan.Win32.SecondThought.c
[注：hoop://www.2nd-thought.com/files/install0??.exe（??为两位数字） 均为Trojan.Win32.SecondThought及其变种]

O16 - DPF: {13D81535-D540-41F0-E8C3-6B94033D7FA9}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {142016BF-5CCA-4C8D-AC01-C4A8F4044AD5}-
hoop://media.euniverse.com/cursorzone/files/Cat_Running_setup_td035.cab
TrojanDownloader.Win32.Keenval
TrojanDownloader.Win32.Keenval.b
TrojanDownloader.Win32.Keenval.c

O16 - DPF: {146D0CDE-BDC7-0DD9-25CA-00BB7ECE235A}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {14B4AA8C-B624-440E-9730-26BA47E48A24}-
hoop://www.cursorzone.com/cursors/waving_flag2_setup_td035.cab  not-a-virus:AdvWare.IGetNet

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A}-
hoop://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe  TrojanDownloader.Win32.Agent.h

O16 - DPF: {15651C7C-E812-44A2-A9AC-B467A2233E7D} (SrchHook Class) -
hoop://www.123mania.com/GIDCAI32.cab  not-a-virus:AdvWare.123Mania.c

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
hoop://public.windupdates.com/get_file.php?bt=ie&p=742ae6aabe7d3a41bcf4a5afcbb90dcf34dad1f7e20e580a8628a9310ebdbc79ff97ebe1e10940b1a7ee84d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1
bridge-c284.cab/WinAdCtlX.dll  not-a-virus:AdWare.WinAD
hoop://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c1.cab  not-a-virus:AdWare.WinAD.j
hoop://static.windupdates.com/cab/CDTInc/ie/bridge-c8.cab  not-a-virus:AdWare.WinAD.j
hoop://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c15.cab  not-a-virus:AdWare.WinAD.w

O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
hoop://files.cometsystems.com/cometcursor/21_cometzone/comet.cab  not-a-virus:AdWare.Comet.a
hoop://files.cometsystems.com/cometcursor/cobrand/comet.cab  not-a-virus:AdWare.Comet.a
hoop://files.cometsystems.com/cometcursor/comet.cab  not-a-virus:AdWare.Comet.g

O16 - DPF: {171DFC0E-BE53-4919-9DFB-528560D5153B}-
hoop://media.euniverse.com/cursorzone/files/spider_setup_td035.cab
TrojanDownloader.Win32.Keenval 和 TrojanDownloader.Win32.Keenval.b

O16 - DPF: {172AD74F-3EB9-6839-80BA-2C9F70F7C31B}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {17716803-0E74-1448-ECCC-179A4786F337}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

开头数字为1（续）

O16 - DPF: {18000D07-72C4-11D4-B4BD-004026422A29} (Hot_net Control) -
hoop://www.nakayubi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://hitoriasobi.com/hello/cab/Hot_net2.CAB
Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/idolhappy/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/morning/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/netidol/sailor/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/sexypocket1/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.futomomo.com/sexypocket51/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.hitoriasobi.com/netidol/idoler/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew
hoop://www.hitoriasobi.com/netidol/idolhappy/aiko/cab/Hot_net2.CAB  Trojan.Win32.Dialer.ew


O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81}-(TEInstallPlugIn)
hoop://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
not-a-virus:RiskWare.Downloader.Skilin.a

O16 - DPF: {1951A928-84D6-4CF0-D413-5DA623BD3DB3}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85}-
hoop://dm.cometsystems.com/dm/dm_286.cab  not-a-virus:AdvWare.Comet
(DMProxyCtl Class) –
hoop://dm.cometsystems.com/dm/dm_274.cab  not-a-virus:AdvWare.Comet

O16 - DPF: {1B77F337-2C1E-4D52-88F7-AAEE5BFB6F5B}-
hoop://www.netbroadcaster.com/player/MovieNetworks1.exe  not-a-virus:AdvWare.Downloadware

O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1}-
hoop://streamp.babenet.com/cabs/videox.cab  not-a-virus:AdWare.BHO.RedHotNet.a

O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC}-(IEDial Class)
hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2XP.cab
TrojanDownloader.Win32.Wintrim.l
hoop://usa-download.nocreditcard.net/download/Object/DialerHTML/ieaccess3XP.cab
TrojanDownloader.Win32.wintrim.q
hoop://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg
hoop://usa-download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg
hoop://download.nocreditcard.com/download/Object/ieaccess2.cab
TrojanDownloader.Win32.Wintrim.bg

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}-
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
not-a-virus:RiskWare.Downloader.FunWeb
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
not-a-virus:RiskWare.Downloader.FunWeb
hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab  TrojanDropper.Win32.FunWeb.a
hoop://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab  TrojanDropper.Win32.FunWeb.a
hoop://imgfarm.com/images/nocache/funwebproducts/MySignatureInitialSetup1.0.0.5.cab
not-a-virus:RiskWare.Downloader.FunWeb

O16 - DPF: {1E50B82A-0D78-48B9-97EC-391B2F81CE8A}-(IELoaderCtl Class)
hoop://acxd.freeload.cc/ieloader.cab  TrojanDownloader.Win32.Ladder.b

O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2}-
hoop://directplugin.com/plugin/109738.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/plugin/109998.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/plugin/111939.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://ultimateplugin.com/plugin/109185.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://ultimateplugin.com/plugin/111116.exe  not-a-virus:PornWare.Downloader.Tibsystems

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D}-
hoop://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab  not-a-virus:RiskWare.Dialer.E-Group.f
hoop://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab  not-a-virus:RiskWare.Dialer.E-Group.f

O16 - DPF: {1F20CF42-B381-4181-8C2A-A389B1022E6E}-(Dialer.Class1)
hoop://www.ipxs.nl/php/fundate.CAB  not-a-virus:PornWare.Dialer.Fundial

O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150}-(UCSearch.ucUCSearch)
hoop://www.armbender.com/UCSearch.CAB  TrojanDownloader.Win32.VB.bn
hoop://www.zuvio.com/UCSearch.CAB  TrojanDownloader.Win32.VB.dc

开头数字为2


O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167}-
hoop://download.abetterinternet.com/download/cabs/STOP8105/payload.cab
Trojan.Win32.KeyHost.a 和 Trojan.Win32.KeyHost.e

O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA}-
hoop://c.coolshader.com/download/dialer/us_cax.cab  TrojanDownloader.Win32.Small.fy
hoop://cl55.biz/tracker/eu_cax.cab  TrojanDownloader.Win32.Small.fy
(CAX Object) - hoop://dl.dialerssolution.com/cax.cab  TrojanDownloader.Win32.Small.fy

O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C}-

hoop://www.stop-sign.com/pub/download/stop-sign_stp.cab  TrojanDownloader.Win32.Wren.e
hoop://www.stop-sign.com/pub/download/stop-sign_spy.cab  TrojanDownloader.Win32.Wren.e
hoop://raven.veloz.com/pub/download/oodlz_8bl.cab
TrojanDownloader.Win32.Wren.e 和 TrojanDownloader.Win32.Wren.h

O16 - DPF: {214868A8-F71B-473E-8ECF-6EE1DE6B91D8}-
hoop://pms.localscripts.nl/plugins/1/ms7531_nl.cab  Backdoor.Delf.el
hoop://pms.localscripts.nl/plugins/1/ms7531_be.cab  Backdoor.Delf.el

O16 - DPF: {22E5705C-991A-4646-9053-A9525CA7222A}-
hoop://www.topmoxie.com/external/builds/mypoints/mpmoxie.cab  not-a-virus:AdvWare.HelpExpress

O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201}-(ddm_download.ddm_control)
hoop://download.rfwnad.com/cab/ddm_control.CAB  TrojanDownloader.Win32.Dia.a

O16 - DPF: {23DABBAF-6ED2-3A4C-BC1A-06BD22501901}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {24DDF073-9652-1E44-BEA7-46E1091021ED}-
hoop://213.159.117.150/1/rdgCN10.exe  Trojan.Win32.Dialer.ay


O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322}-
hoop://download.websearch.com/Dnl/T_50024/QDow.cab  TrojanDownloader.Win32.QDown及其变种（相当于例子中T_50024的位置实际上可能出现的数字组合很多）
hoop://dst.trafficsyndicate.com/Dnl/T_50015/btiein.cab
not-a-virus:RiskWare.Tool.Exporun 和 TrojanDownloader.Win32.QDown.h

O16 - DPF: {28798E4E-C408-4BA7-8D60-AD24BFF4211F}-
hoop://media.euniverse.com/cursorzone/files/star_setup_td035.cab  TrojanDownloader.Win32.Keenval.c

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98}-(CR64Loader Object)
hoop://www.miniclip.com/bestfriends/retro64_loader.dll  TrojanDownloader.Win32.Agent.de

O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F}-(AInst Class)
hoop://209.47.15.72/inst/activeinstaller.dll  TrojanDownloader.Win32.IstBar.s
hoop://images.emailhello.com/f-credit/activeinstaller.dll  TrojanDownloader.Win32.IstBar.s

O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45}-
hoop://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML.cab  TrojanDownloader.Win32.Wintrim.al
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab  TrojanDownloader.Win32.Wintrim.al
hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_US.cab
TrojanDownloader.Win32.Wintrim.y
hoop://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab  not-a-virus:RiskWare.Dialer.E-Group.1027
hoop://usa-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab  not-a-virus:RiskWare.Dialer.E-Group.1027

O16 - DPF: {2AEBF56B-88C4-7EC4-3B3F-24F1B5AD40FF}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/006/asqkfkgw.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87}-
hoop://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1046_pack_XP.cab
not-a-virus:RiskWare.Dialer.E-Group.1046 和 not-a-virus:RiskWare.Dialer.E-Group.b

O16 - DPF: {2B1B6023-0462-0384-AEDE-7B533E5D09AB}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3}-(IntRuboskizo Class)
hoop://www.britator.com/micab/dialerweb.cab  Trojan.Win32.Dialer.s
hoop://www.goxproductions.com/dialers/dialerweb.cab  Trojan.Win32.Dialer.s

O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A}-
hoop://67.72.100.27/dialerhost/download/Zdst8XLq/sexsoftware.cab  not-a-virus:PornWare.Dialer.BillPrayer.b

O16 - DPF: {2EB9EEE6-2E9F-7583-13D7-39B721C78DF8}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {2FC760C7-F4B5-4289-BA28-745D69F9B244}-
hoop://www.cursorzone.com/cursors/flowgo_bird_setup_td035.cab  not-a-virus:AdvWare.IGetNet

开头数字为3

O16 - DPF: {30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}-
hoop://www.shopathomeselect.com/agent/realtimeSetup.cab  not-a-virus:AdvWare.Sahat.c

O16 - DPF: {3071D45B-D942-30FA-E39C-30AD7C0D437E}-
hoop://69.50.188.54/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} -
hoop://64.156.31.79/100039/uk/ringtone/ringtone.exe  not-a-virus:RiskWare.Dialer.PlayGames

O16 - DPF: {31C54AFE-4D52-7855-1036-3A707C1DA5FC}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {34D84CD1-9D2F-4808-4C4D-524A37FA4A4D}-
hoop://213.159.117.150/1/rdgCN10.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277}-(VacPro.emsat_ver3)
hoop://www.advnt01.com/dialer/emsat_ver3.CAB  TrojanClicker.Win32.Adpower.d

O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D}-(WebDownLoad Control)
hoop://www.bypp.com/plmm/3721.ocx  TrojanDownloader.Win32.Delf.ab
hoop://www.down99.com/download/Microsoft.ocx  TrojanDownloader.Win32.Delf.ab
hoop://www.8975.8u8.com/download/aven.ocx  Trojan-Downloader.Win32.Delf.ab

O16 - DPF: {37C0D091-EDEB-4701-8873-B358A4368210}-
hoop://media.euniverse.com/cursorzone/files/pumpkin_setup_td035.cab
TrojanDownloader.Win32.Keenval
TrojanDownloader.Win32.Keenval.b
TrojanDownloader.Win32.Keenval.c

O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6}-(38545C2A-03CD-42C3-BC62-C537A6D5A8F6)
hoop://download.online-dialer.com/LiveContent.cab  TrojanDownloader.Win32.Small.gd

O16 - DPF: {3AA90BC2-58C0-4F4D-A87C-2C6F3D3CD5FE}-(WBMInstaller Class)
hoop://your.wishbone.com/download/uinstall.cab  not-a-virus:AdvWare.Downloadware

O16 - DPF: {3BB64370-3F2A-3F8B-8F87-44F4500CD2AD}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {3C5BA506-6C30-4738-9CED-797ACADEA8DC}-(Loader Class)
hoop://www.sqwire.com/toolbar/SQLoader.cab  TrojanDownloader.Win32.Squire.b
hoop://www.sqwire.com/toolbar/SQLoader3303.cab  TrojanDownloader.Win32.Squire.b

O16 - DPF: {3F99890F-959A-5E25-6A24-21D53C961B59}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

开头数字为4

O16 - DPF: {400C5DA4-C3F9-265F-4632-5B5A52E1B260}-
hoop://69.50.188.54/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D}-
hoop://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
not-a-virus:AdWare.VirtualBouncer.e

O16 - DPF: {4208564C-62F0-45E6-87DE-0861D11C0613}-
hoop://www.7adpower.com/dialer/usa.CAB  not-a-virus:PornWare.Dialer.Creazione.c

O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000}-
hoop://www.oyunfabrikasi.com/nl/last/10/060229nl.exe  not-a-virus:PornWare.Dialer.Generic
hoop://www.oyunfabrikasi.com/as/2/060172as.exe  Trojan.Win32.Dialer.bo
hoop://www.andlotsmore.com/factory/058343be.exe  not-a-virus:RiskWare.Dialer.PlayGames
hoop://www.andlotsmore.com/factory/058348nl.exe  not-a-virus:PornWare.Dialer.Generic
hoop://www.andlotsmore.com/factory/058440de.exe  not-a-virus:RiskWare.Dialer.PlayGames
hoop://64.156.31.98/060128uk.exe  not-a-virus:PornWare.Dialer.Silence.a
hoop://63.217.31.12/dial1/058362uk.exe  not-a-virus:PornWare.Dialer.Playground.c
hoop://63.217.31.12/dial6/058439uk.exe  not-a-virus:PornWare.Dialer.Playground.c
hoop://www.oyunfabrikasi.com/nl/2/060187nl.exe  Trojan.Win32.Dialer.cc
hoop://64.156.31.77/nzgames.exe  not-a-virus:RiskWare.Dialer.PlayGames

O16 - DPF: {445DCF30-5EBE-25CF-DD26-A286CDC57DA3}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/015/aqqunrih.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3}-(No description)
hoop://naupoint.com/toolbar/installer/iEBINST2.cab  not-a-virus:AdWare.Naupoint.a

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C}-
hoop://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab  not-a-virus:RiskWare.Dialer.E-Group.d

O16 - DPF: {472AC34B-FC4B-4D62-9DC2-82283B618931}-
hoop://www.cursorzone.com/cursors/Bear_setup_td035.cab  not-a-virus:AdvWare.IGetNet

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822}-
hoop://akamai.downloadv3.com/binaries/IA/ia.cab  not-a-virus:PornWare.Dialer.IA
hoop://akamai.downloadv3.com/binaries/IA/ia_XP.cab  TrojanDownloader.Win32.Wintrim.w

O16 - DPF: {494C4BEF-FAC9-FE5D-ADA1-85B08BA2C789}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/349/wtvuvzaw.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {495290C2-F899-3F27-7DCD-F0A53C127EF2}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/340/dkxbhqqx.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28}-(IntRuboskizo2 Class)
hoop://www.chicasmarcianas.com/ruboskizo2.cab  Trojan.Win32.Dialer.c
hoop://www.chicasmodelos.com/ruboskizo2.cab  Trojan.Win32.Dialer.c
hoop://www.mangahentaix.com/ruboskizo2.cab  Trojan.Win32.Dialer.c

O16 - DPF: {4BE26277-6508-4885-ADFD-CA8B2B5ADBF6}-
hoop://media.euniverse.com/cursorzone/files/rainbow_setup_td035.cab TrojanDownloader.Win32.Keenval.c

O16 - DPF: {4C0A5F06-35A1-0183-6929-4B052F006BEA}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {4C98718D-270A-3C39-EAF8-63456A1F102F}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000}-
hoop://www.bc777.com/software/SiteHlpr.cab  not-a-virus:AdvWare.BC777.a

O16 - DPF: {4CF5275B-CDBC-11D3-A8AF-0090279A5978}-
hoop://www.portalsearching.com/BHO.CAB  Trojan.Win32.Toras.b
hoop://www.sexxx-direct.com/BHO.CAB  Trojan.Win32.Toras.b

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956}-
hoop://www.terra.es/personal7/loversforever/sv/svchost.exe  Trojan.Win32.Lolaweb.b

O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D}-
hoop://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialTempSetup1.0.0.6.cab
TrojanDownloader.Win32.FunWeb.c

开头数字为5

O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2}-
hoop://directplugin.com/dialers/109178.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://www.exittraffic.net/nocreditcard/111602/sexplayer.cab  not-a-virus:PornWare.Dialer.AsianRaw.b
hoop://directplugin.com/dialers/109399.exe  not-a-virus:PornWare.Downloader.Tibsystems
hoop://directplugin.com/dialers/109664.exe  not-a-virus:PornWare.Downloader.TibSystems

O16 - DPF: {517E6ED4-892A-7B1A-6BE4-386C555BEA13}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0}-(WebPlugin Class)
hoop://webinstall.tscash.com/webinstall.cab  TrojanDownloader.Win32.Tinytest

O16 - DPF: {522F629A-4DFE-43FA-8311-6F9C871016C5}-
hoop://media.euniverse.com/cursorzone/files/flowgo_granny_setup_td035.cab  TrojanDownloader.Win32.Keenval.c

O16 - DPF: {52DCAD2D-D5DD-8EA5-315A-B4FE032A28F9}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/350/anmqsrho.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9}-(InPop.InControl)
hoop://adlogix.com/pop/InPop.CAB  Trojan.Win32.VB.ex

O16 - DPF: {544B28E8-4746-49EF-A4D5-8F4F3A3556BE}-
hoop://www.cursorzone.com/cursors/flaghand_setup_td035.cab not-a-virus:AdvWare.IGetNet

O16 - DPF: {54771E6F-A5A2-4413-8FB8-7B8F85398174}-
hoop://dl.lygo.com/Sidesearch/en_US/tripod/Sidesearch.cab  not-a-virus:AdvWare.SideSearch.c
hoop://dl.lygo.com/Sidesearch/en_US/gamesville/Sidesearch.cab  not-a-virus:AdvWare.SideSearch.c

O16 - DPF: {556DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.76/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.e
(新版为TrojanDownloader.Win32.OneClickNetSearch.f)
hoop://wwb.ieplugin.com/adcampaigns/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.f
hoop://www.marketdart.com/promo/200211aer/md_er_200211aer.cab  not-a-virus:AdvWare.MarketDart

O16 - DPF: {55A3DA4D-1EE2-3592-2B47-0855F68B8D7F}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/004/zscrjdjl.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {5794855A-B5E7-25B3-3ADE-400C6A0F45B1}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {582788CA-7014-4904-A4EE-6FB6108AFE8E}-(SrchHook Class)
hoop://www.123mania.com/asrcware.cab  not-a-virus:AdvWare.123Mania.a

O16 - DPF: {586DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.227/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.e
hoop://ww3.ieplugin.com/adcampaigns/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.e
（新版均为TrojanDownloader.Win32.OneClickNetSearch.f）

O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA}-
hoop://ak.imgfarm.com/images/nocache/mysearch/s4initialsetup1.0.0.7.cab  not-a-virus:AdvWare.Downloadware

O16 - DPF: {5A024D01-AF8A-7F7C-1218-472943D521E1}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {5AF007F5-E4B1-4C9A-70A7-482B2D577CCA}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay 

O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1}-(IntDialerData Class)
hoop://www.grupomarineda.net/auto/DialerData.cab  Trojan.Win32.Dialer.c

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A}-(SpeedCtrl Class)


hoop://www.atelys.com/src/Speedup.ocx  TrojanDownloader.Win32.Agent.aa

O16 - DPF: {5CBA93A3-E0ED-11D5-A70E-00C12601EADE}-
hoop://private-pl.com/welcome/private.exe  Trojan.Win32.Dialer.ad

O16 - DPF: {5D8488E6-071F-4694-B3E4-BCD1976770B4}-
hoop://media.euniverse.com/cursorzone/files/ACF11EE.cab  TrojanDownloader.Win32.Keenval.e

O16 - DPF: {5DA6A3EB-DEAA-45AD-B303-64A474879FA0}-
hoop://toolbar.globalwebsearch.com/toolbar/gws.cab  TrojanSpy.Win32.Globar.b

O16 - DPF: {5DD7B3BE-FDEC-4563-B038-FF80F2345B89}-(Fswinst Control)
hoop://www.freescratchandwin.com/files/fswinst07.cab  not-a-virus:AdvWare.FreeScratch.a

O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588}-(IntSfTx Class)
hoop://213.229.160.219/dialers/it.cab  Trojan.Win32.Dialer.ca

O16 - DPF: {5E09168F-EBE4-4F16-54CC-151053885406}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E483}-
hoop://www.dotcomtoolbar.com/toolbar_nieuw13.cab  not-a-virus:AdvWare.ToolBar.Dotcom.a
hoop://www.dotcomtoolbar.com/toolbar_nieuw14.cab  not-a-virus:AdvWare.ToolBar.Dotcom.b

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289}-(DialerWeb Class)
hoop://212.145.159.194/251065/dialercab/WebRecomendada.cab  not-a-virus:PornWare.Dialer.DialWeb

开头数字为6

O16 - DPF: {607DF741-7D0A-11D4-9EDC-005004189684}-
hoop://www.ucmore.com/download/UCmoreIEx.cab  not-a-virus:AdvWare.Toolbar.Ucmore

O16 - DPF: {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}-
hoop://www.igetnet.com/downloads/NLN/NLNP40w.exe  not-a-virus:AdvWare.IGetNet
hoop://www.igetnet.com/downloads/NLN/NLNP1w.exe  not-a-virus:AdvWare.IGetNet

O16 - DPF: {6180ADE2-084F-B0E8-8C0F-150845BF1B73}-(DownloadUL Class)
hoop://public.searchbarcash.com/cab/014/wkzgcnny.cab  Trojan.Win32.TalkStocks.a

O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A}-(DNL Control)
hoop://www.xzoomy.com/media/MyFIDNL.ocx  TrojanDownloader.Win32.Smfin.a

O16 - DPF: {653F689B-250A-794C-DA31-55394F7F7E98}-
hoop://82.179.166.72/1/gdnCN208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958}-
hoop://69.56.176.227/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.e
（新版为TrojanDownloader.Win32.OneClickNetSearch.f）

O16 - DPF: {666E4D35-E955-11D0-A707-000000521958}-
hoop://www.ieplugin.com/webplugin.cab  TrojanDownloader.Win32.OneClickNetSearch.e
（新版为TrojanDownloader.Win32.OneClickNetSearch.f）

O16 - DPF: {672EDB90-4569-267D-D6D3-4D4F019FEA7C}-
hoop://82.179.166.72/1/gdnUS208.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092}-(IELoaderCtl Class)
hoop://freeload.cc/secure/ieloader.cab TrojanDownloader.Win32.Ladder

O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32}-(VacPro.canada_ver3)
hoop://www.advnt01.com/dialer/canada_ver3.CAB  TrojanClicker.Win32.Adpower.c

O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3}-(IntPagomaster Class)
hoop://www.especialsexo.com/dll907/pagomast.cab  not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.webcamenvivo.com/xxx/pagomast.cab  not-a-virus:RiskWare.Dialer.PageMaster.a

hoop://www.peterpaulxxx.com/iconos/dialer/pagomast.cab  not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.lasfamosasdesnudas.com/pagomast.cab  not-a-virus:RiskWare.Dialer.PageMaster.a
hoop://www.webcamenvivo.com/xxx/pagomast.cab  not-a-virus:RiskWare.Dialer.PageMaster.a

O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002}-(XDialer Class)
hoop://www.sex777.com/AX/XDialer2.CAB  not-a-virus:PornWare.Dialer.XDial

O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}-(BrowserProxy4 Class)
hoop://download.alexa.com/clients/Alexa7.cab  not-a-virus:AdvWare.ToolBar.AlexaBar.a

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F}-
hoop://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
not-a-virus:AdvWare.ToolBar.Hotbar.g 和 not-a-virus:AdvWare.ToolBar.Hotbar.e

O16 - DPF: {6DF7D126-CAAA-7486-945A-059E2ECB7686}-
hoop://213.159.117.150/1/gdnUS14.exe  Trojan.Win32.Dialer.ay

O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702}-(nCaseInstaller Class)
hoop://bis.180solutions.com/ActiveXInstallers/Installer/nCaseInstaller.cab
not-a-virus:AdvWare.180solutions

O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3}-(SCDataDialer Class)
hoop://www.dinerotica.com/download/1,2,0,4/cabdll.cab  Trojan.Win32.Dialer.cf

O16 - DPF: {6F3D49A9-8DC8-4566-BF95-9A7776C56F8B}-
hoop://rssexplorer.planet-hood.com/PlanetNews.cab  not-a-virus:AdvWare.Toolbar.NewsGator