用户系统信息：Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)

Log generated by networkedition use mdecoder 0.54
[root]http://top.jschina.com.cn/forumdisplay.php?fid=7&sid=DDhWym(防务快讯 -  鼎盛防务论坛 鼎盛军事防务论坛 - Powered by Discuz!)
    [script]http://top.jschina.com.cn/include/js/common.js?AL1
    [script]http://www.crcf.org.cn/css/ad.gif?¨
        [exp]http://36027.8866.org:6677/a/ads.html(Exploit.Ie0dayCVE0806.a)
            [script]http://36027.8866.org:6677/a/pps.js
            [virus]http://82tsgg.3322.org:6677/a/hs.exe
    [iframe]http://www.top81.com.cn/sda/sda_960X90_1.html
        [script]http://www.top81.com.cn/api/js.php?tagname=九九_图片调用1
        [script]http://www.top81.com.cn/api/js.php?tagname=九九_文字调用1
        [script]http://www.top81.com.cn/api/js.php?tagname=九九_图片调用2
        [script]http://www.top81.com.cn/api/js.php?tagname=九九_文字调用2
    [iframe]http://www.37cs.com/html/click/1849_566.html
        [flash]http://cimg.1stcngame.com/images/astd71/950X90.swf
    [script]http://js.tongji.cn.yahoo.com/702548/ystat.js
    [script]http://utk.baidu.com/usv/uc.sv?pe=yOV2248KUfg8hN6W45oYSSQUPJAhtXzVXexRBYXye2zI8nba&sn=4320&an=106237&rn=770

Log generated by networkedition use mdecoder 0.54
[root]http://www1.jctrans.com/tongguan/tariff/2003querytariff/control.asp?ma=4ABtxy
    [script]http://www.800816.com.cn/cache/yahoo.js
        [exp]http://www.800816.com.cn/cache/ad.htm(Exploit.Ie0dayCVE0806.a)
            [virus]http://www.jwsc.cn/images/s.exe
        [iframe]http://www.800816.com.cn/cache/news.html
        [iframe]http://www.800816.com.cn/cache/count.html
    [script]http://www.800816.com.cn/cache/yahoo.js
    [script]http://www.800816.com.cn/cache/yahoo.js
    [script]http://www.800816.com.cn/cache/yahoo.js
    [script]http://www.800816.com.cn/cache/yahoo.js

Log generated by networkedition use mdecoder 0.54
[root]http://youth.dlmu.edu.cn/wen/ouou/2205.html
    [script]http://www.games520.cn/swf.js
        [iframe]http://wow.games520.cn/gana.html?统计
            [flash]http://wow.games520.cn/banner.swf
            [virus]http://down.games520.cn/uusee.exe
    [script]http://js.users.51.la/3624100.js

Log generated by networkedition use mdecoder 0.54
[root]http://www.ljdsj.gov.cn/(罗江县地方税务局信息网)
    [iframe]http://www.119sf.com/images/inc/index.html
        [script]http://www.119sf.com/images/inc/middle.gif
            [iframe]http://www.119sf.com/images/inc/a6.htm
                [script]http://www.119sf.com/images/inc/ah0.js
                [script]http://www.119sf.com/images/inc/ah1.js
                    [exe]http://www.119sf.com/images/inc/ftp2.exe
                [script]http://www.119sf.com/images/inc/ah2.js
                [script]http://www.119sf.com/images/inc/ah3.js
            [exp]http://www.119sf.com/images/inc/a7.htm(Exploit.Ie0dayCVE0806.a)
                [script]http://www.119sf.com/images/inc/AHHS.js
                [script]http://www.119sf.com/images/inc/AHHS2.js
                [script]http://www.119sf.com/images/inc/AHHS3.js
                [virus]http://www.119sf.com/images/inc/ftp2.exe
            [iframe]http://www.119sf.com/images/inc/fox.htm
                [script]http://www.119sf.com/images/inc/ahey0.js
                    [exe]http://www.119sf.com/images/inc/ftp2.exe
                [script]http://www.119sf.com/images/inc/ahey1.js
                [script]http://www.119sf.com/images/inc/ahey2.js
                [script]http://www.119sf.com/images/inc/ahey3.js
            [iframe]http://www.119sf.com/images/inc/nivea3.htm
                [iframe]http://www.119sf.com/images/inc/ac.htm
            [iframe]http://www.119sf.com/images/inc/nivea.htm
                [iframe]http://www.119sf.com/images/inc/snoopy.htm
    [script]http://www.ljdsj.gov.cn/js/incldufuc.js
    [script]http://www.ljdsj.gov.cn/js/top.js
        [flash]http://www.ljdsj.gov.cn/js/../images/webflagp/dsweb_f.swf
    [script]http://www.ljdsj.gov.cn/deflist.asp?n=8&listnum=20&listkey1=罗江税讯
        [iframe]http://www.119sf.com/images/inc/index.html
    [script]http://www.ljdsj.gov.cn/deflist.asp?n=7&listnum=0&listkey1=地税驿站&listkey2=法律法规
        [iframe]http://www.119sf.com/images/inc/index.html
    [script]http://www.ljdsj.gov.cn/deflist.asp?n=6&listnum=0&listkey1=办税导航&listkey2=优惠政策
        [iframe]http://www.119sf.com/images/inc/index.html
    [script]http://www.ljdsj.gov.cn/deflist.asp?n=6&listnum=0&listkey1=地税驿站&listkey2=财政与税收
        [iframe]http://www.119sf.com/images/inc/index.html
    [script]http://www.ljdsj.gov.cn/deflist.asp?n=6&listnum=0&listkey1=地税驿站&listkey2=税收征管
        [iframe]http://www.119sf.com/images/inc/index.html
    [script]http://www.ljdsj.gov.cn/deflist.asp?listnum=0&listkey1=罗江税讯&listkey2=重要通知
        [iframe]http://www.119sf.com/images/inc/index.html
    [flash]http://www.ljdsj.gov.cn/tax_vote/vote.asp?id=2
    [script]http://www.ljdsj.gov.cn/js/bot.js

Log is generated by FreShow.
[wide]http://youth.dlmu.edu.cn/wen/ouou/2205.html
    [script]http://www.games520.cn/swf.js
        [frame]http://wow.games520.cn/gana.html?统计
            [object]http://wow.games520.cn/banner.swf
                [object]http://down.games520.cn/uusee.exe
    [script]http://js.users.51.la/3624100.js
第一个为flash网马 如老师给的解密方法可以解除此小马

Log is generated by FreShow.
[wide]http://www.119sf.com/images/inc/index.html
    [script]http://www.119sf.com/images/inc/\'middle.gif\'
        [frame]http://www.119sf.com/images/inc/a6.htm
            [frame]http://www.119sf.com/images/inc/ac.htm
            [script]http://www.119sf.com/images/inc/ah0.js
            [script]http://www.119sf.com/images/inc/ah1.js
                [object]http://www.119sf.com/images/inc/ftp2.exe
            [script]http://www.119sf.com/images/inc/ah2.js
            [script]http://www.119sf.com/images/inc/ah3.js
        [frame]http://www.119sf.com/images/inc/a7.htm
            [script]http://www.119sf.com/images/inc/AHHS.js
            [script]http://www.119sf.com/images/inc/AHHS2.js
            [script]http://www.119sf.com/images/inc/AHHS3.js
            [object]http://www.119sf.com/images/inc/ftp2.exe
        [frame]http://www.119sf.com/images/inc/fox.htm
            [script]http://www.119sf.com/images/inc/ahey0.js
            [script]http://www.119sf.com/images/inc/ahey1.js
            [script]http://www.119sf.com/images/inc/ahey2.js
            [script]http://www.119sf.com/images/inc/ahey3.js
        [frame]http://www.119sf.com/images/inc/nivea3.htm
            [frame]http://www.119sf.com/images/inc/ac.htm
                [script]http://www.119sf.com/images/inc/anti.js
                [script]http://www.119sf.com/images/inc/anti2.js
        [frame]http://www.119sf.com/images/inc/nivea.htm
            [frame]http://www.119sf.com/images/inc/snoopy.htm
                [frame]http://www.119sf.com/images/inc/xi.htm
                    [script]http://www.119sf.com/images/inc/swfobject.js
                    [frame]http://www.119sf.com/images/inc/ecfl.htm
                    [frame]http://www.119sf.com/images/inc/f0.htm
                    [frame]http://www.119sf.com/images/inc/f0.htm
                [frame]http://www.119sf.com/images/inc/xf.htm
                    [script]http://www.119sf.com/images/inc/swfobject.js
                    [frame]http://www.119sf.com/images/inc/ecfl.htm
                    [frame]http://www.119sf.com/images/inc/f0.htm
                    [frame]http://www.119sf.com/images/inc/f0.htm
                [frame]http://www.119sf.com/images/inc/xi.htm
    [script]http://js.tongji.linezing.com/1781664/tongji.js

上面几个为前两天的黑名单，昨天那个还是不会解密，跑去剑盟看到是昔流芳MM贴出的和那个差不多，再研究研究

好好学习，天天向上