Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '.nvsvc' = '%WINDIR%\system\smss.exe /w'
- [<HKLM>\System\CurrentControlSet\Services\Windows Log] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Windows Log] 'ImagePath' = '<SYSTEM32>\nvsvcd.exe'
- Обновления системы (Windows Update)
- <SYSTEM32>\svchost.exe
- %TEMP%\tmp1.tmp
- %WINDIR%\system\smss.exe
- <SYSTEM32>\nvsvcd.exe
- DNS ASK rc.##zalof.com
- DNS ASK ba##.#eganumb.com
- DNS ASK ou#.#ohnfed.com
- DNS ASK mm#.##tervog.com
- DNS ASK ph#.##andawant.com
- '<SYSTEM32>\nvsvcd.exe' -install
- '<SYSTEM32>\svchost.exe'