注册表这几项的正常值为：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]

先启动SRENG,再运行ICESWORD-禁止进程创建.然后SRENG-启动项-注册表-删除下列启动项
<1e1mr><; C:\DOCUME~1\左自强\LOCALS~1\Temp\Rav.exe> []
<h54tw6j><; C:\DOCUME~1\左自强\LOCALS~1\Temp\Rav.exe> []
<svc><; C:\DOCUME~1\左自强\LOCALS~1\Temp\spolive.exe> [N/A]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> []
<msccrt><; C:\WINDOWS\msccrt.exe> []
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> []
<dasa><; C:\DOCUME~1\左自强\LOCALS~1\Temp\daso.exe> [N/A]
<testrun><; C:\DOCUME~1\左自强\LOCALS~1\Temp\zt.exe> [N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINDOWS\system32\msacn.dll> []
<{442BC423-3713-224D-3F55-32B35C62B1E4}><C:\WINDOWS\system32\atlpri.dll> []
服务
<C:\WINDOWS\system32\WInservi.INI><N/A>
[Windows InstallService / WindowsDown][Stopped/Disabled]
<C:\WINDOWS\system32\servet.exe><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
驱动
[ceulvq0 / ceulvq03][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ceulvq03.sys><N/A>
[kpmesl4 / kpmesl40][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\kpmesl40.sys><N/A>
[lupzir5 / lupzir58][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\lupzir58.sys><N/A>
[nenbjk1 / nenbjk15][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\nenbjk15.sys><N/A>
[rdaajq5 / rdaajq56][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\rdaajq56.sys><N/A>
[saluhh9 / saluhh96][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\saluhh96.sys><N/A>
[unexjh7 / unexjh70][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\unexjh70.sys><N/A>
[vgatoe1 / vgatoe16][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\vgatoe16.sys><N/A>
文件
[C:\WINDOWS\system32\msacn.dll] [N/A, ]
[C:\WINDOWS\system32\msport.dll] [N/A, ]
[C:\WINDOWS\system32\wscsv.dll] [N/A, ]
[C:\WINDOWS\system32\fksdy.dll] [N/A, ]
[C:\WINDOWS\system32\wgptl.dll] [N/A, ]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, ]
[C:\WINDOWS\system32\hreax.dll] [N/A, ]
[C:\WINDOWS\system32\wstsj.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\atlpri.dll] [N/A, ]
[C:\WINDOWS\system32\nwizAsktao.dll] [N/A, ]
[C:\WINDOWS\system32\wstsj.dll] [N/A, ]
[C:\WINDOWS\system32\hreax.dll] [N/A, ]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, ]
[C:\WINDOWS\system32\wgptl.dll] [N/A, ]
[C:\WINDOWS\system32\fksdy.dll] [N/A, ]
[C:\WINDOWS\system32\msport.dll] [N/A, ]
[C:\WINDOWS\system32\atlpri.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
删不掉用ICESWORD强制删除
最后,不要双击E盘,删除E盘下Autorun.inf和SysAuto.exe