Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rwinih' = '<SYSTEM32>\rwinih.exe.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'winxzti' = '<SYSTEM32>\winxzti.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wiennwu' = '<SYSTEM32>\wiennwu.exe'
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- '<SYSTEM32>\rwinih.exe'
- '<SYSTEM32>\Inteii.exe'
- '<SYSTEM32>\at.exe' 2:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\rwinih.exe
- '<SYSTEM32>\at.exe' 1:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\rwinih.exe
- '<SYSTEM32>\at.exe' 4:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\rwinih.exe
- '<SYSTEM32>\at.exe' 3:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\rwinih.exe
- '<SYSTEM32>\sc.exe' config Schedule start= AUTO
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\ScheTime.bat
- '<SYSTEM32>\at.exe' 0:00 /interactive /every:M,T,W,Th,F,S,Su <SYSTEM32>\rwinih.exe
- '<SYSTEM32>\net1.exe' start schedule
- <SYSTEM32>\bnwork.exe
- <SYSTEM32>\winxzti.exe
- <SYSTEM32>\rwinih.exe
- <SYSTEM32>\ScheTime.bat
- <SYSTEM32>\winnwor.exe
- <SYSTEM32>\my2.ini
- <SYSTEM32>\Inteii.exe
- <SYSTEM32>\winnwurl.exe
- <SYSTEM32>\wiennwu.exe
- ClassName: '' WindowName: '????2.12'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''