用SRENG删除注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<webwork><C:\WINNT\webwork\webwork.dll> [N/A
删除服务
[COM+ System Support Center / COM+ System Support Center][Stopped/Auto Start]
<C:\WINNT\explorers.exe><N/A>
[Servicel / Servicel][Others/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\jetspeed.dll><N/A>
删除驱动
[00006da0 / 00006da0][Stopped/Boot Start]
<\SystemRoot\system32\drivers\00006da0.SYS><N/A>
[4pjo7 / 4pjo7w][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\4pjo7w.sys><N/A>
[f50538vj / f50538vj][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\f50538vj.sys><N/A>
用冰刃删除文件(冰刃1.22地址:http://www.onlinedown.net/soft/53325.htm)
C:\WINNT\system32\drivers\f50538vj.sys
C:\WINNT\system32\drivers\4pjo7w.sys
C:\WINNT\system32\drivers\00006da0.SYS
C:\WINNT\system32\jetspeed.dll
C:\WINNT\explorers.exe
C:\WINNT\webwork\webwork.dll
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
PS:SRENG的使用方法在:http://forum.ikaka.com/topic.asp?board=28&artid=8270267&page=1
