删除启动项
<upxdnd><C:\DOCUME~1\cre\LOCALS~1\Temp\upxdnd.exe> [N/A]
<Kvsc3><C:\WINDOWS\8Sy.exe> [N/A]
<mhsa><C:\DOCUME~1\cre\LOCALS~1\Temp\mhso.exe> [N/A]
<wosa><C:\DOCUME~1\cre\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\cre\LOCALS~1\Temp\ztso.exe> [N/A]
<jtsa><C:\DOCUME~1\cre\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wmso.exe> [N/A]
<fysa><C:\DOCUME~1\cre\LOCALS~1\Temp\fyso.exe> [N/A]
<qjsa><C:\DOCUME~1\cre\LOCALS~1\Temp\qjso.exe> [N/A]
<rxsa><C:\DOCUME~1\cre\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><C:\DOCUME~1\cre\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><C:\DOCUME~1\cre\LOCALS~1\Temp\daso.exe> [N/A]
<zxsa><C:\DOCUME~1\cre\LOCALS~1\Temp\zxso.exe> [N/A]
<N/A><C:\WINDOWS\system32\nwizAsktao.exe> [N/A]
<N/A><C:\WINDOWS\system32\nwizqjsj.exe> [N/A]
禁用服务
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32rundll32.exe windds32.dll,input><N/A>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\cre\LOCALS~1\Temp\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\cre\LOCALS~1\Temp\RAVWM.EXE><N/A>
重启系统,显示隐藏文件,删除上述相干文件及:

[C:\DOCUME~1\cre\LOCALS~1\Temp\rsv4.tmp]
[C:\DOCUME~1\cre\LOCALS~1\Temp\rsv7.tmp]
[C:\DOCUME~1\cre\LOCALS~1\Temp\zxso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\woso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\DOCUME~1\cre\LOCALS~1\Temp\mhso0.dll] [N/A, ]

找到下面的文件复制到桌面，用RAR压缩，传给我 QQ：510704033或enao@people.com.cn 麻烦你了
C:\WINDOWS\uninstall\rundl132.exe

安全模式下
删除注册表项目
<load><C:\WINDOWS\uninstall\rundl132.exe> [N/A]
<upxdnd><C:\DOCUME~1\cre\LOCALS~1\Temp\upxdnd.exe> [N/A]
<Kvsc3><C:\WINDOWS\8Sy.exe> [N/A]
<mhsa><C:\DOCUME~1\cre\LOCALS~1\Temp\mhso.exe> [N/A]
<wosa><C:\DOCUME~1\cre\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\cre\LOCALS~1\Temp\ztso.exe> [N/A]
<jtsa><C:\DOCUME~1\cre\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wmso.exe> [N/A]
<fysa><C:\DOCUME~1\cre\LOCALS~1\Temp\fyso.exe> [N/A]
<qjsa><C:\DOCUME~1\cre\LOCALS~1\Temp\qjso.exe> [N/A]
<rxsa><C:\DOCUME~1\cre\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><C:\DOCUME~1\cre\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><C:\DOCUME~1\cre\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><C:\DOCUME~1\cre\LOCALS~1\Temp\daso.exe> [N/A]
<zxsa><C:\DOCUME~1\cre\LOCALS~1\Temp\zxso.exe> [N/A]
<{0FAD2E16-C8EF-5AC1-1E6A-AE3FD8EF56B3}><C:\Program Files\Internet Explorer\msvcrt.dll> [Microsoft Corporation]
<N/A><C:\WINDOWS\system32\nwizAsktao.exe> [N/A]
N/A><C:\WINDOWS\system32\nwizqjsj.exe> [N/A]

删除服务
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32rundll32.exe windds32.dll,input><N/A>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\cre\LOCALS~1\Temp\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\cre\LOCALS~1\Temp\RAVWM.EXE><N/A>

删除
C:\WINDOWS\uninstall\rundl132.exe
C:\DOCUME~1\cre\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\8Sy.exe
C:\WINDOWS\system32\windds32.dll

清空C:\DOCUME~1\cre\LOCALS~1\Temp下所有文件

下载瑞星/江民的饿威金专杀安全模式下运行