Remote Host Port Number
195.122.131.10 80
204.0.5.41 80
204.0.5.51 80
204.0.5.58 80
204.0.5.59 80
207.38.101.12 80
208.43.36.96 80
216.178.38.168 80
63.135.80.46 80
63.135.80.58 80
75.102.36.13 2345 PASS xxx
NICK NEW-[USA|00|P|00029]
USER XP-4625 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|00029] -ix
JOIN #!gf! test
PONG 22 MOTD
* The data identified by the following URLs was then requested from the remote web server:
o http://rapidshare.com/files/407304525/decc.html
o http://js.myspacecdn.com/modules/common/static/js/atlas/msglobal_gkobjrav.js
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://c2.ac-images.myspacecdn.com/images02/135/s_1cd5f6eddaf64f0abe5262bc45a28b61.jpg
o http://c2.ac-images.myspacecdn.com/images02/132/s_df74cd5d90f6487c9d7f6284af623fd1.jpg
o http://c2.ac-images.myspacecdn.com/images02/119/s_683f9968335c40e7996ef5b9aa847151.jpg
o http://c2.ac-images.myspacecdn.com/images02/83/s_9b1512da36e74886bab4d78b5e9626d5.jpg
o http://c2.ac-images.myspacecdn.com/images02/121/s_2a5ba4159d0e4a2da076548aae45c7c5.jpg
o http://c2.ac-images.myspacecdn.com/images02/121/s_982a38be30e4424685b5c0523c15a509.jpg
o http://c2.ac-images.myspacecdn.com/images02/135/s_c3c5b2ff1aaf4e22b379b8ec15b0ba09.jpg
o http://c2.ac-images.myspacecdn.com/images02/105/s_164821f70cfe46d2befd76e10324b50d.jpg
o http://c2.ac-images.myspacecdn.com/images02/148/s_781cb165159941638764b162a1195ce1.jpg
o http://cache.fimservecdn.com/contents/973/628/628973/BleachA%20160×600.gif
o http://js.myspacecdn.com/modules/common/static/js/atlas/tracking/tynt_yjp6wvuu.js?user=bjNOt4bfyr35kFadbiUt4I&lang=en
o http://js.myspacecdn.com/modules/common/static/js/atlas/quickpost_zi74gmig.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/splash/static/img/bgSheet.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/modules/common/static/css/global_sffgqafc.css
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/common/static/img/header/SearchButtonsGradients.png
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://cms.myspacecdn.com/cms/js/ad_wrapper0153.js
o http://c1.ac-images.myspacecdn.com/images02/93/s_d710dc7dbb1648f3b62424eaa8eb0ebc.jpg
o http://c1.ac-images.myspacecdn.com/images02/107/s_2927570610ee4bb181086abff588f400.jpg
o http://c3.ac-images.myspacecdn.com/images02/138/s_6b5460feba15495ebcb82a63ba35241a.gif
o http://c3.ac-images.myspacecdn.com/images01/71/s_ac95a1c81c2318a8852f7063b7152d4a.jpg
o http://c1.ac-images.myspacecdn.com/images02/139/s_74873d477ff147f2ad4968d061aebb64.jpg
o http://c1.ac-images.myspacecdn.com/images02/132/s_0da673c1284747a2818ae081e68d713c.jpg
o http://c3.ac-images.myspacecdn.com/images02/47/s_0ee97d192e7649fe9a8b77a77f90c5e2.jpg
o http://c1.ac-images.myspacecdn.com/images02/140/s_02e1054a1d384e64acbcf09033595b18.jpg
o http://c1.ac-images.myspacecdn.com/images02/131/s_8bf7753a47b44a1cbb62e7cd867c4e08.jpg
o http://c3.ac-images.myspacecdn.com/images02/152/s_5c0aa5aeb96f4275af4fb3281a2f2436.jpg
o http://c1.ac-images.myspacecdn.com/images02/97/s_d3282b2af4b94c099363a084509ff0fc.jpg
o http://c3.ac-images.myspacecdn.com/images01/11/s_8b52062b6055e6d539eeeafcc21b7cda.jpg
o http://c3.ac-images.myspacecdn.com/images02/85/s_e99a0003670f4593ac14a85e63a56a3e.jpg
o http://c3.ac-images.myspacecdn.com/images02/110/s_4b5aa3c45ded4516a6e2f76908340cc6.jpg
o http://c3.ac-images.myspacecdn.com/images02/79/s_8c1cd40c5ea54d22b244ace3f46dd33a.jpg
o http://c3.ac-images.myspacecdn.com/images02/144/s_6ee5a0a53cb74802bd6f673fe8a58fb6.jpg
o http://c3.ac-images.myspacecdn.com/images02/139/s_04e205bd8856429dbdf6f10ea2fc37fa.jpg
o http://c3.ac-images.myspacecdn.com/images02/95/s_2193437bdb8c468ab686d8b911ecb02a.jpg
o http://c3.ac-images.myspacecdn.com/images02/105/s_f57d483771564e488c9ba395b5bdc382.jpg
o http://c4.ac-images.myspacecdn.com/images02/123/s_56db9cf5f00142d6802e6ceb24a09a0f.jpg
o http://c4.ac-images.myspacecdn.com/images02/138/s_7a499c240b0640c2b17cb4c8c89ccab3.jpg
o http://c4.ac-images.myspacecdn.com/images02/72/s_8e5c8d44478643fb9879da079980265b.jpg
o http://c4.ac-images.myspacecdn.com/images02/122/s_4fdbf2962b2c4567b4d331209a51f567.jpg
o http://c4.ac-images.myspacecdn.com/images02/121/s_4c6124d875884466b8cfddb04c49b113.jpg
o http://c4.ac-images.myspacecdn.com/images02/91/s_0cc89b9661b64ac992635398541309b7.jpg
o http://c4.ac-images.myspacecdn.com/images01/27/s_2465a3de066c6cd9835444d40afbef27.jpg
o http://c4.ac-images.myspacecdn.com/images02/75/s_4f78fd3b7d4445f7af8438fcbd9e8d97.jpg
o http://c4.ac-images.myspacecdn.com/images02/67/s_42d21736d589497e9f317d2fc74751ff.jpg
o http://c4.ac-images.myspacecdn.com/images02/134/s_3ac328c396d44a7bab50be75f1ccaf7b.jpg
o http://208.43.36.96/index.php
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://www.myspace.com/Modules/Common/HttpHandlers/CMS.ashx?google_ad_client=fim_myspace_images_js&google_ad_channel=fim_myspace_images_browse-basic,fim_myspace_united-states&pfc=Browse&culture=en-US&undefined
o http://desk.opt.fimserve.com/adopt/?r=h&l=24000000&pos=skyscraper&rnd=477698960
o http://delb.opt.fimserve.com/adopt/?r=h&l=24000000&pos=leaderboard&rnd=477698960
o http://bid.ace.advertising.com/bid/ebs=1/site=744646/size=728090/tags=1/callback=C1Me6Tq4Nx1A.b0Yl6Xz4Fc1H/bnum=1279403288492
o http://bid.ace.advertising.com/ctst=1/bid/ebs=1/site=744646/size=728090/tags=1/callback=C1Me6Tq4Nx1A.b0Yl6Xz4Fc1H/bnum=1279403288492
o http://p.dev-ic.tynt.com/b/p?id=bjNOt4bfyr35kFadbiUt4I&ts=1279403289227&t=Browse%20MySpace%20Friends%20and%20Profiles
o http://www.google-analytics.com/ga.js
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js
Other details
* The following ports were open in the system:
Port Protocol Process
1061 TCP jusched.exe (%Windir%jusched.exe)
1087 TCP jusched.exe (%Windir%jusched.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”
so that jusched.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”
so that jusched.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”
so that jusched.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
jusched.exe %Windir%jusched.exe 3 141 632 bytes
* The following system service was modified:
Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:do.exe 48 523 bytes MD5: 0xB9721336FCEE5F54652AC2A67CC02473
SHA-1: 0xB73EE29B424E15E9FA23B6D854DC186989F03384 (not available)
2 %Windir%jusched.exe
[file and pathname of the sample #1] 80 896 bytes MD5: 0xA496C8CA6051943C4CF1A7CBE0E8BF78
SHA-1: 0x7AD67ECF27926AA64C88486DA365F477EA3264BB Worm:Win32/Pushbot.SW [Microsoft]
IM-Worm.Win32.Yahos [Ikarus]
3 %Windir%mdll.dl 2 189 bytes MD5: 0xDE1911FA729C6E4913AFA2FE68888041
SHA-1: 0x388C6CF39C89E7C2489DB4346825A1FDF66ABFED (not available)
4 %Windir%wintybrd.png 3 416 bytes MD5: 0xD3A3A9391EA080EDFEF8BA202CC36D2E
SHA-1: 0xD771C5BA93DC6FC0438AF3FF1E909338F63EC283 (not available)
5 %Windir%wintybrdf.jpg 3 968 bytes MD5: 0xE246233F7DCFE923D7A54F29B63CC30E
SHA-1: 0xB512DA23F7D01E8BD23133583103A83DC6D5C787 (not available)
Anonymous - July 18, 2010 at 1:33 am
與其期盼別人疼你,不如自己疼自己。..................................................
Anonymous - July 20, 2010 at 10:06 am
「仁慈」二個字,就能讓冬天三個月都溫暖。..................................................