瑞星卡卡安全论坛

http://school.cfan.com.cn/soft/sys/2006-07-05/1152050298d8253.shtml


http://www.baidu.com/s?tn=sitehao123&bs=COOKIES%C3%DC%C2%EB%B2%E9%BF%B4&f=3&wd=16%BD%F8%D6%C6%B1%E0%BC%AD%C6%F7&oq=16%BD%F8%D6%C6&rsp=0&sugT=8422

具体未知，求分析

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

:kaka2: 怀疑那里挂马了？

Log generated by networkedition use mdecoder 0.54
[root]http://www.rsdown.cn/downinfo/498.html(WINHEX【16进制编辑器】 V15.7 SR-3 多国语言绿色特别版 - 文件处理 - 红软基地 - 国内最好的免费软件下载站)
    [script]http://www.rsdown.cn/downinfo/../js/soft.js
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
            [script]http://36077.2288.org:6677/a/mc12.js
            [virus]http://147arr.3322.org:6677/a/kor.exe
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
        [exp]http://36077.2288.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
    [script]http://www.rsdown.cn/other/js/rsdowngood_14.js
    [iframe]http://unstat.baidu.com/bdun.bsc?tn=cpx2004&cv=0&cid=216647&csid=261&bgcr=ffffff&ftcr=000000&urlcr=0000ff&tbsz=265&sropls=1,2,3,4,5,6,7,9,10,99&insiteurl=www.rsdown.cn;bbs.rsdown.cn&defid=99&kwgp=2
        [script]http://unstat.baidu.com/code/js/fyb_2.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_23.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_24.js
    [script]http://cpro.baidu.com/cpro/ui/c.js
        [script]http://wm.baidu.com/preview/preview.js
        [script]http://cpro.baidu.com/cpro/ui/+
    [script]http://www.rsdown.cn/other/js/rsdowngood_19.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_20.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_21.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_22.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_30.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_12.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_10.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_18.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_3.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_2.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_27.js
    [script]http://www.rsdown.cn/other/js/rsdowngood_26.js
    [script]http://www.rsdown.cn/downurl.asp?id=498&RandomLink=True
    [script]http://www.rsdown.cn/other/js/rsdowngood_28.js
    [script]http://cpro.baidu.com/cpro/ui/c.js
    [script]http://www.rsdown.cn/downinfo/hm.baidu.com/h.js?2a42f07bd604cffcce901353f9025c54
    [script]http://www.rsdown.cn/other/js/rsdowngood_31.js
    [script]http://www.rsdown.cn/comment.asp?style=default&category=soft&id=498&type=js
    [script]http://cpro.baidu.com/cpro/ui/f.js
        [script]http://wm.baidu.com/preview/floatPreview.js
        [script]http://cpro.baidu.com/cpro/ui/+
    [script]http://www.rsdown.cn/vip_img/fumeiti.js
    [script]http://www.rsdown.cn/vip_img/tan.js
        [script]http://new.netgy.com/cpm/turn?s=10175
            [script]http://new.netgy.com:80/cpm/turn?s=10175&cpmMode=&cookie=netgyCookieName_turn+
        [script]http://v.naqigs.com/Position/javas/CPM_2469_84898.js
            [script]http://v.naqigs.com/position/applit/na7PopClass.js
                [iframe]http://i.na7.cc/empty.html