91.211.117.87

Remote Host Port Number
91.211.117.87 4723

NICK n{USA|XP}jjywrvd
USER n{USA|XP}jjywrvd 0 0 :n{USA|XP}jjywrvd
JOIN #E#

Registry Modifications

* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp

* The following Registry Keys were deleted:
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBoot
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalAppMgmt
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBase
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot Bus Extender
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot file system
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalCryptSvc
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalDcomLaunch
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmadmin
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmboot.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmio.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmload.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmserver
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalEventLog
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalFile system
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalFilter
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalHelpSvc
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalNetlogon
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPCI Configuration
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPlugPlay
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPNP Filter
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPrimary disk
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalRpcSs
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSCSI Class
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalsermouse.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalsr.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSRService
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSystem Bus Extender
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalvga.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalvgasave.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalWinMgmt
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkAFD
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkAppMgmt
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkBase
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkBoot Bus Extender
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkBoot file system
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkBrowser
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkCryptSvc
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkDcomLaunch
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkDhcp
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkdmadmin
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkdmboot.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkdmio.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkdmload.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkdmserver
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkDnsCache
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkEventLog
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkFile system
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkFilter
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkHelpSvc
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkip6fw.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkipnat.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkLanmanServer
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkLanmanWorkstation
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkLmHosts
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkMessenger
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNDIS
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNDIS Wrapper
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNdisuio
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBIOS
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBIOSGroup
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBT
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetDDEGroup
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetlogon
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetMan
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetwork
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetworkProvider
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworknm
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworknm.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNtLmSsp
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPCI Configuration
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPlugPlay
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPNP Filter
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPNP_TDI
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPrimary disk
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpcdd.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpdd.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpwd.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdsessmgr
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkRpcSs
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSCSI Class
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworksermouse.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSharedAccess
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworksr.sys
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSRService
o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkStreams Drivers

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Electronic Arrangement Graphical Lemur Error System = “%System%eaglez.exe”

so that eaglez.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp]
+ new = “yes”

* The following Registry Values were deleted:
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
+ (Default) = “Human Interface Devices”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
+ (Default) = “Volume”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E980-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Floppy disk drive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “System”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E97B-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “SCSIAdapter”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E977-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “PCMCIA Adapters”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Mouse”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Keyboard”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Hdc”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E969-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Standard floppy disk controller”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “DiskDrive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{4D36E965-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “CD-ROM Drive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimal{36FC9E60-C465-11CF-8056-444553540000}]
+ (Default) = “Universal Serial Bus controllers”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalWinMgmt]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalvgasave.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalvga.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSystem Bus Extender]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSRService]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalsr.sys]
+ (Default) = “FSFilter System Recovery”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalsermouse.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalSCSI Class]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalRpcSs]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPrimary disk]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPNP Filter]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPlugPlay]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalPCI Configuration]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalNetlogon]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalHelpSvc]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalFilter]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalFile system]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalEventLog]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmserver]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmload.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmio.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmboot.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimaldmadmin]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalDcomLaunch]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalCryptSvc]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot file system]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBoot Bus Extender]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalBase]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalAppMgmt]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
+ (Default) = “Human Interface Devices”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
+ (Default) = “Volume”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E980-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Floppy disk drive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E97D-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “System”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E97B-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “SCSIAdapter”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E977-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “PCMCIA Adapters”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E975-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “NetTrans”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E974-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “NetService”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E973-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “NetClient”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Net”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E96F-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Mouse”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E96B-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Keyboard”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E96A-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Hdc”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E969-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “Standard floppy disk controller”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “DiskDrive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{4D36E965-E325-11CE-BFC1-08002BE10318}]
+ (Default) = “CD-ROM Drive”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetwork{36FC9E60-C465-11CF-8056-444553540000}]
+ (Default) = “Universal Serial Bus controllers”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkWZCSVC]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkWinMgmt]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkvgasave.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkvga.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworktermservice]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworktdtcp.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworktdpipe.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkTDI]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkTcpip]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSystem Bus Extender]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkStreams Drivers]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSRService]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworksr.sys]
+ (Default) = “FSFilter System Recovery”
o [[pathname with a string SHARE]SharedAccess]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworksermouse.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkSCSI Class]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkRpcSs]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdsessmgr]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpwd.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpdd.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkrdpcdd.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPrimary disk]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPNP_TDI]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPNP Filter]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPlugPlay]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkPCI Configuration]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNtLmSsp]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworknm.sys]
+ (Default) = “Driver”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworknm]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetworkProvider]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetwork]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetMan]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetlogon]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetDDEGroup]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBT]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBIOSGroup]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNetBIOS]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNdisuio]
+ (Default) = “Service”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNDIS Wrapper]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkNDIS]
+ (Default) = “Driver Group”
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkMessenger]
+ (Default) = “Service”

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 630 784 bytes
eaglez.exe %System%eaglez.exe 630 784 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash Alias
1 %System%eaglez.exe
[file and pathname of the sample #1] 315 392 bytes MD5: 0x23872855C211750322DB09BB9008ED27
SHA-1: 0x36661AE5F7EF4255293EBF7A0D19B6BC24B75C18 Trojan:Win32/Ircbrute [Microsoft]
Trojan.Win32.Ircbrute [Ikarus]

Categories: Uncategorized
Previous post