这几天经常出现假死机.特别是浏览网页时.
有时屏幕突然就不动了,硬盘灯也不亮.
有时操作变得很慢,但CPU的使用却只有10%左右.
下面是日志,请各位大哥指教.谢谢.

ijackThis(zww3008汉化版)V1.99.1
保存于      00:07:39 上午, 日期 2005-11-5
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\capp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
E:\ADSL\HNMainUI.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rav\RAVMON.EXE
D:\Program Files\盛大圈圈\SDOClient.exe
E:\HijackThis V1.99.1 完全汉化版\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\PROGRA~1\P4P\ToolBar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,"C:\Program Files\HFEE\SVOH0ST.EXE" un userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\SoDAIE.dll (file missing)
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\UC\UCddt\ddtinit.dll (file missing)
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - D:\PROGRA~1\UC\UCddt\ddtkillw.ocx
O2 - BHO: ACA Capture - {93C69D87-A11D-4FFC-BC56-BE7EE0D235BA} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - IE工具栏增项: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - D:\Program Files\CyberArticle\CAExp.dll (file missing)
O3 - IE工具栏增项: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\UC\UCddt\DDTONG~1.DLL
O3 - IE工具栏增项: 捜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\PROGRA~1\P4P\ToolBar.dll (file missing)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - IE工具栏增项: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [CApp] C:\WINDOWS\system32\capp.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "D:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [qpbbq] C:\WINDOWS\system32\qpbbq.exe
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - “启动”文件夹: Y'z Toolbar.lnk = ?
O8 - IE右键菜单中的新增项目： 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目： 使用Kugoo下载 - D:\PROGRA~1\KUGOO2\KugooDownX.htm
O8 - IE右键菜单中的新增项目： 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - IE右键菜单中的新增项目： 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目： 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目： 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - IE右键菜单中的新增项目： 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目： 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目： 火狐Flash保存 - C:\PROGRA~1\FOXFLA~1\PlugIns\GetFlash.htm
O8 - IE右键菜单中的新增项目： 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮： 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O9 - 浏览器额外的“工具”菜单项： 中文域名 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\system32\CdnIEHlp.dll
O9 - 浏览器额外的按钮： Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的“工具”菜单项： Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll
O9 - 浏览器额外的按钮： FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项： &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮： (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\PROGRA~1\UC\UCddt\rssband.dll (HKCU)
O9 - 浏览器额外的“工具”菜单项： 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\PROGRA~1\UC\UCddt\rssband.dll (HKCU)
O9 - 浏览器额外的按钮： 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - D:\PROGRA~1\UC\UCddt\rssband.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PG_ATL.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120661706686
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} (Blueskyvoice Control) - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - https://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38496.3634143519
O16 - DPF: {C7420698-3CCE-4823-8795-1C098F2D3A4B} (WebFtp Class) - http://10000.gd.cn/AT/WebPerformance.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{282A8BA9-3AAA-4E14-AB54-013EBF3DFDC5}: NameServer = 202.96.128.68,202.96.128.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7749C66-6F64-4AD0-94AF-2F35021C748E}: NameServer = 202.96.128.86 202.96.128.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{282A8BA9-3AAA-4E14-AB54-013EBF3DFDC5}: NameServer = 202.96.128.68,202.96.128.110
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

死啦,我都不知那是什么东东啊.
有那个知道啊?

This is a report processed by VirusTotal on 11/05/2005 at 15:03:36 (CET) after scanning the file "qpbbq.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.05.2005 no virus found
Avast 4.6.695.0 11.04.2005 no virus found
AVG 718 11.03.2005 no virus found
Avira 6.32.0.6 11.05.2005 no virus found
BitDefender 7.2 11.05.2005 no virus found
CAT-QuickHeal 8.00 11.05.2005 (Suspicious) - DNAScan
ClamAV devel-20050917 11.05.2005 no virus found
DrWeb 4.33 11.05.2005 no virus found
eTrust-Iris 7.1.194.0 11.04.2005 no virus found
eTrust-Vet 11.9.1.0 11.04.2005 no virus found
Fortinet 2.48.0.0 11.04.2005 no virus found
F-Prot 3.16c 11.03.2005 no virus found
Ikarus 0.2.59.0 11.04.2005 no virus found
Kaspersky 4.0.2.24 11.05.2005 no virus found
McAfee 4620 11.04.2005 Generic VB.b
NOD32v2 1.1276 11.04.2005 a variant of Win32/TrojanClicker.VB.GG
Norman 5.70.10 11.04.2005 no virus found
Panda 8.02.00 11.05.2005 no virus found
Sophos 3.99.0 11.05.2005 no virus found
Symantec 8.0 11.05.2005 no virus found
TheHacker 5.9.1.028 11.04.2005 no virus found
VBA32 3.10.4 11.04.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com

Service load:  0%        100% 

File:  qpbbq.exe 
Status:  INFECTED/MALWARE 
MD5  f1d7ba92c49141ca30ce76b194d7978b 
Packers detected:  UPX
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found a variant of Win32/TrojanClicker.VB.GG 
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

【回复“天使之剑”的帖子】
天使兄,已经将两个扫描送上.
请看看是怎么回事.
小狼先谢了.

谢过天使兄了.
小狼按天使兄教的做了.
现在暂时没发现什么问题.
谢谢.