facebook-pic.co.cc 88.255.120.174 * C&C Server: 88.255.120.174:7575 * Server Password: * Username: ccviglx * Nickname: [DEU|XP|578551] * Channel: #im (Password: heur) * Channeltopic: :.p2p |.msn.link comedy porn video :)) http://www.sevdamiz.net |.msn.email comedy porn video :)) http://www.sevdamiz.net |.aim.start comedy porn video :)) http://www.sevdamiz.net Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Services” = antiver.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminalRead more...
winudpmgr.mydyn.net
Remote Host Port Numberwinudpmgr.mydyn.net 8080 NICK [XP]|239064039USER bvuucwlfl 0 0 :[XP]|239064039USERHOST [XP]|239064039MODE [XP]|239064039 -xi+BJOIN #ddosbotNICK [XP]|756551194USER jvecgoeyl 0 0 :[XP]|756551194USERHOST [XP]|756551194MODE [XP]|756551194 -xi+BNICK [XP]|617625980USER hojfuelqopx 0 0 :[XP]|617625980USERHOST [XP]|617625980MODE [XP]|617625980 -xi+B Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftOLE * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MicrosoftRead more...
www.melankolik.us
www.melankolik.us 174.120.135.28Download URLshttp://174.120.135.28/202/yenibot.php?hddseri=ACE1-A30C (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)http://174.120.135.28/202/kontrol.php (www.melankolik.us)Outgoing connection to remote server: www.melankolik.us TCP port 80Outgoing connection to remote server: www.melankolik.us TCP port 80Outgoing connection to remote server: www.melankolik.us TCP port 80Outgoing connection to remote server: www.melankolik.us TCP port 80Outgoing connection to remote server: www.melankolik.us TCP port 80Outgoing connection to remote server:Read more...
deli.byinter.net (turkish lamers)
deli.byinter.net 93.190.138.202 * C&C Server: 93.190.138.202:6667 * Server Password: * Username: ryatoaj * Nickname: [DEU|XP|516568] * Channel: #!x!# (Password: cih4n1313) * Channeltopic: : * C&C Server: 93.190.138.202:6667 * Server Password: * Username: XP-4392 * Nickname: [00|DEU|636610] * Channel: #x# (Password: hacimackackac) * Channeltopic: :.msn.stop|.msn.msg þu resme bi bakarmýsýn (yemekteyim) http://www.facebookbul.co.cc/images.php?=resim166-jpeg?= * C&C Server: 93.190.138.202:6667 *Read more...
bozoo.no-ip.biz
bozoo.no-ip.biz 94.120.148.91Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.biz TCP port 15963Outgoing connection to remote server: bozoo.no-ip.bizRead more...
67.43.226.2
ip : 67.43.226.2 port : 5540#tegane /NICK x|XP|132701#sutido /NICK ESP-NPUKP#final /NICK [JUM]-390187#surtido!login misamores lasamoo found by bi0
louisianadynamics.com
ip : 66.252.13.214h : louisianadynamics.comport : 9890 9890NICK F-olmgmodpUSER F-olmgmodp 0 0 :F-olmgmodpJOIN ##S## whith pass J
proxim.ircgalaxy.pl
Remote Host Port Numberproxim.ircgalaxy.pl 65520 NICK zttwuhgsUSER t020501 . . :-Service Pack 2JOIN &virtu * The following files were modified: o [pathname with a string SHARE]msinfo32.exe o [pathname with a string SHARE]sapisvr.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn1.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwconn2.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwrmind.exe o %ProgramFiles%Internet ExplorerConnection Wizardicwtutor.exe o %ProgramFiles%Internet ExplorerConnection Wizardinetwiz.exe o %ProgramFiles%Internet ExplorerConnectionRead more...
cx10man.weedns.com(Mouse’s 100k net)
Remote Host Port Numbercx10man.weedns.com 3305 PASS secretpassNICK b2s5zj80qUSER cb5tcxdf2 * 0 :USA|XP|373 Resolved : [cx10man.weedns.com] To [210.166.223.51]Resolved : [cx10man.weedns.com] To [209.235.252.106]Resolved : [cx10man.weedns.com] To [200.49.145.197]Resolved : [cx10man.weedns.com] To [92.240.234.164] * To mark the presence in the system, the following Mutex object was created: o gx000032 * The following port was open in the system: PortRead more...
cracker019.dyndns.tv
cracker019.dyndns.tv:6667 NICK {USA-XP-3917184}USER {USA-XP-3917184} * 0 :COMPUTERNAMEMODE {USA-XP-3917184} +iRJOIN #torrentPRIVMSG #torrent :.4.New Infection!MODE #torrent +iMmNICK {USA-XP-5140760}USER {USA-XP-5140760} * 0 :COMPUTERNAMEMODE {USA-XP-5140760} +iRNICK {USA-XP-4060724}USER {USA-XP-4060724} * 0 :COMPUTERNAMEMODE {USA-XP-4060724} +iR Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MSN Messanger = “%Windir%System.exe” so that System.exe runs every time Windows starts Memory ModificationsRead more...