下载冰刃,用冰刃删除下列文件
冰刃1.22地址:http://www.onlinedown.net/soft/53325.htm
C:\WINNT\webwork\webwork.dll
C:\WINNT\explorers.exe
C:\WINNT\system32\jetspeed.dll
C:\WINNT\system32\drivers\00006da0.SYS
C:\WINNT\System32\DRIVERS\4pjo7w.sys
用SRENG删除注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<webwork><C:\WINNT\webwork\webwork.dll> [N/A]
删除服务
[COM+ System Support Center / COM+ System Support Center][Stopped/Auto Start]
<C:\WINNT\explorers.exe><N/A>
[Servicel / Servicel][Others/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\jetspeed.dll><N/A>
删除驱动程序
[00006da0 / 00006da0][Stopped/Boot Start]
<\SystemRoot\system32\drivers\00006da0.SYS><N/A>
[4pjo7 / 4pjo7w][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\4pjo7w.sys><N/A>
[f50538vj / f50538vj][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\f50538vj.sys><N/A>(这个是可疑的,不急删)
[ytgsvrm / ytgsvrm][Running/Boot Start]
<\SystemRoot\system32\drivers\ytgsvrm.sys><>(这个是可疑的,不急删)
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
