我们网吧的一台机器，开浏览器浏览网页、上QQ聊天之类都是好，没有问题。可是点游戏时就卡住了，卡的厉害啊，半天没反映。就是双击游戏或者右键单击，菜单半天不显示 出来，就是那种一个箭头+沙漏的指针状态。然后这个放游戏快截图标的文件夹就没有响应了。打开任务管理器，很慢才出来，没有在里面看到什么特殊进程，都是我认识系统进程+万象进程+冰点还原的，总共才20个左右。点游戏后，机器就卡了接近死机的那种样子，只能按主机的ReSet键重启了。我还没有恢复系统，虽然我想可能恢复下就好了，但是我就是想知道这是什么原因造成的？？是病毒吗？应该不是，可是又说不准。大家来说说看吧，谢过了！

不好意思，那种机器卡的跟死机样的状态根本没法开截图软件来截图！更何况网吧里的系统附件里面工具也都安装的，没有画笔。

========Content========
哦，谢谢啊！！
我看了事件查看器，里面竟然多了一项，一般应该是三项的吧：应用程序、安全性、系统这3个。可是竟然多出了一个，在这3个之上，是第一个，名字叫：ACEEventLog

我这台机器是11号，可是这个项里的事件，显示的计算机是07号的。请帮我看看

安全性里面就一个日志：
类型      成功审核
日期      2006-11-10
时间      13:53:09
来源      Security
分类      系统事件
事件      517
用户      system
计算机    NDEERXP

哦，对了，因为网吧的机器都有还原精灵，可自动还原，我想这里只显示一个是不是装系统好了后，再安装还原精灵前产生的一个吧，还原精灵安装好后，就算产生其他的可能也被还原了。

应用程序里全是警告！
系统项里 显示了8，9个错误

截好图片了，来看看， 谢过！！

这个是事件查看器里多出来的个：

4楼兄弟，你那确是好东西。下面是扫描结果，麻烦了！

[CODE]

2007-01-30,10:04:41

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wxClient><C:\NDEERWS\System32\wxspmn.exe>  [N/A]
    <BigDog303><C:\NDEERWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <WIAWizardMenu><RUNDLL32.EXE C:\NDEERWS\System32\sti_ci.dll,WiaCreateWizardMenu>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\NDEERWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><LogUser.dll>  [N/A]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\NDEERWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay>  [N/A]
    <BigDog303><; C:\NDEERWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================

启动文件夹
[internat]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\internat.lnk --> C:\NDEERWS\system32\internat.exe [Microsoft Corporation]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\NDEERWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\NDEERWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\NDEERWS\system32\ati2sgag.exe><>
[DF5Serv / DF5Serv][Running/Auto Start]
  <C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe><Faronics Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\NDEERWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Smart Card Helper / SCardDrv][Stopped/Manual Start]
  <><N/A>
[UPS / UPS][Stopped/Manual Start]
  <C:\NDEERWS\System32\ups.exe><N/A>
[万象网络文件同步客户端 / wxsyncsrv][Running/Auto Start]
  <C:\NDEERWS\System32\wxsyfcli.exe><成都吉胜科技有限公司>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Stopped/Manual Start]
  <System32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\NDEERWS\System32\drivers\kmsinput.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\学习聊天\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Running/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

==================================

浏览器加载项
[手机短信]
  {00000000-0000-0001-0001-596BAEDD1289} <http://sms.3721.com/ie/index.htm?pid=U_wanxiang_18961, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\网络游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.mail.yahoo.com/promo/rd1, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://rd.3721.com/taobao.rd?http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/buy1.php, N/A>
[上网助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://assistant.3721.com/index.htm?fb=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://assistant.3721.com/security1.htm?fb=Cns, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://assistant.3721.com/clean1.htm?fb=Cns, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\NDEERWS\System32\msdxm.ocx, Microsoft Corporation>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\学习聊天\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 308][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 368][\??\C:\NDEERWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 392][\??\C:\NDEERWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\NDEERWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\System32\LogUser.dll]  [N/A, N/A]
    [C:\NDEERWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4124]
    [C:\NDEERWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 436][C:\NDEERWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 448][C:\NDEERWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 596][C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe]  [Faronics Corporation, 5,70,220,1426]
[PID: 620][C:\NDEERWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4124]
    [C:\NDEERWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 660][C:\NDEERWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 768][C:\NDEERWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 912][C:\NDEERWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4124]
    [C:\NDEERWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 996][C:\NDEERWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\NDEERWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
[PID: 1064][C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe]  [Faronics Corporation, 5,70,220,1426]
[PID: 1116][C:\NDEERWS\System32\clsmn.exe]  [, 16.3.12.589]
    [C:\NDEERWS\System32\RegCode.dll]  [N/A, N/A]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1124][C:\NDEERWS\VM303_STI.EXE]  [Vimicro, 4, 3, 625, 61]
    [C:\NDEERWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\NDEERWS\System32\VM303Prp.Ax]  [Vimicro, 4.3. 625.61]
[PID: 1200][C:\NDEERWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1216][C:\NDEERWS\System32\wxsyfcli.exe]  [成都吉胜科技有限公司, 0.0.6.8176]
[PID: 1252][C:\NDEERWS\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1968][C:\NDEERWS\system32\mmc.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\NDEERWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\NDEERWS\System32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9041.040]
[PID: 1528][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\NDEERWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\NDEERWS\System32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
    [C:\NDEERWS\System32\WINABC.IME]  [PKUETI, 5.22.216]
[PID: 1652][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\NDEERWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\NDEERWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\NDEERWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\NDEERWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
124.42.125.244    auto.search.msn.com

==================================
API HOOK
N/A

==================================


[/CODE]

再三谢过1楼和4楼的朋友！！！

========Content========
呵呵，浏览器中了几个流氓软件，我自己有办法清除。看那个智能扫描工具提示的，搞不好是中了毒，可能是懂黑客技术的人把系统改了的。

事件查看器——系统：
2个“警告”(黄色感叹号)
第一个描述是：键盘复位后，设备发生错误的响应。
第二个是：无法设置键盘的输入速率及延迟。
关于键盘，可以打字，不然我就不能回复了，呵呵！但是肯定有问题

在系统启动时出现的8个“错误”（红色的叉叉）
描述是：
DCOM 遇到错误“无法启动服务，原因可能是已被禁用或与其相关联的设备没有启动。 ”，试图以参数“”启动服务 SENS 以运行服务器:

事件查看器——应用程序：
很多“警告”
大致描述相同，说的是：
第一种：
COM+ 事件系统无法创建订阅者 partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} 的实例。CoGetObject 返回 HRESULT 80070422。

第二种：
COM+ 事件系统尝试启动 EventObjectChange::ChangedSubscription 事件，但收到一个不正确的返回代码。HRESULT 是 80040201。

用户组里，多了个用户！名字叫ASPNET，属于USER组的。