Trojan.Encoder.38055

Техническая информация

Изменения в файловой системе

Создает следующие файлы

C:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\cultures\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\1033\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\msinfo\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\msinfo\en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\msclientdatamgr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\zh-tw\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\uk-ua\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\tr-tr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\th-th\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\sv-se\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\sr-latn-cs\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\sl-si\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\sk-sk\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\ru-ru\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\ro-ro\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\pt-pt\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\pt-br\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\pl-pl\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\zh-cn\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.ww\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\onenote.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\outlook.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\capsules\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\canyon\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\breeze\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\boldstri\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\blueprnt\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\bluecalm\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\blends\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\axis\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\arctic\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\aftrnoon\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\textconv\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\stationery\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\source engine\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\smart tag\lists\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\smart tag\lists\1033\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\smart tag\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\smart tag\1033\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\proof\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\word.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\publisher.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\proplus\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\proofing.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.fr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.es\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.en\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\office14\office setup controller\powerpoint.en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\nl-nl\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\cascade\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\nb-no\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\lt-lt\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\euro\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\equation\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\equation\1033\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\dw\readme_or_die.txt
%CommonProgramFiles%\designer\readme_or_die.txt
C:\readme_or_die.txt
C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\readme_or_die.txt
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\readme_or_die.txt
C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\filters\readme_or_die.txt
C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\readme_or_die.txt
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\readme_or_die.txt
C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\readme_or_die.txt
C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\readme_or_die.txt
C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\readme_or_die.txt
C:\kms\readme_or_die.txt
<Текущая директория>\readme_or_die.txt
C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\grphflt\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\help\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\ko-kr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\ja-jp\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\it-it\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\hu-hu\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\hr-hr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\he-il\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\web\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\symbols\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskpred\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\osknumpad\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskmenu\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\numbers\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fr-fr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\fi-fi\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\et-ee\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\es-es\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\en-us\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\el-gr\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\de-de\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\da-dk\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\cs-cz\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\bg-bg\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\ar-sa\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\ink\lv-lv\readme_or_die.txt
%CommonProgramFiles%\microsoft shared\themes14\compass\readme_or_die.txt

Подменяет следующие исполняемые файлы

C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ose.exe
%CommonProgramFiles%\Microsoft Shared\OFFICE14\OFFREL.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig.companion.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\pidgenx.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\OSetupPS.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\OSETUP.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OSETUPUI.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\ODeploy.exe
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Oarpmany.exe
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MUOPTIN.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\CsiSoap.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSSOAP30.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSOXMLED.EXE
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSOXEV.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\msoshext.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSORES.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSOICONS.EXE
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSO.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\LICLUA.EXE
%CommonProgramFiles%\Microsoft Shared\OFFICE14\IACOM2.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\FLTLDR.EXE
%CommonProgramFiles%\Microsoft Shared\OFFICE14\EXP_XPS.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\EXP_PDF.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MSPTLS.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\EXPSRV.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\OPHPROXY.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\FBIBLIO.DLL
%CommonProgramFiles%\Microsoft Shared\TextConv\Wks9Pxy.cnv
%CommonProgramFiles%\Microsoft Shared\TextConv\RECOVR32.CNV
%CommonProgramFiles%\Microsoft Shared\TextConv\MSCONV97.DLL
%CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE
%CommonProgramFiles%\Microsoft Shared\Smart Tag\SmartTagInstall.exe
%CommonProgramFiles%\Microsoft Shared\Smart Tag\MOFL.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\METCONV.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\IMCONTACT.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\IETAG.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\FSTOCK.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\FPLACE.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\FPERSON.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\RICHED20.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\OPTINPS.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\1033\STINTL.DLL
%CommonProgramFiles%\Microsoft Shared\PROOF\MSLID.DLL
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\WISC30.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\VBAJET32.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\USP10.DLL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\FDATE.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Csi.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEXBE.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEWSS.DLL
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\PNG32.FLT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\PICTIM32.FLT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\JPEGIM32.FLT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\CGMIMP32.FLT
%CommonProgramFiles%\Microsoft Shared\Filters\offfiltx.dll
%CommonProgramFiles%\Microsoft Shared\Filters\odffilt.dll
%CommonProgramFiles%\Microsoft Shared\Filters\msgfilt.dll
%CommonProgramFiles%\Microsoft Shared\EURO\MSOEURO.DLL
%CommonProgramFiles%\Microsoft Shared\EQUATION\EQNEDT32.EXE
%CommonProgramFiles%\Microsoft Shared\Help\hxds.dll
%CommonProgramFiles%\Microsoft Shared\EQUATION\1033\EEINTL.DLL
%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE
%CommonProgramFiles%\Microsoft Shared\DW\DBGHELP.DLL
%CommonProgramFiles%\DESIGNER\MSADDNDR.DLL
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\setup.exe
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll
%CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.EXE
%CommonProgramFiles%\Microsoft Shared\Help\ITIRCL55.DLL
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\WPGIMP32.FLT
%CommonProgramFiles%\Microsoft Shared\Help\msitss55.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEWDAT.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEERR.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACETXT.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEREP.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACERCLR.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACER3X.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEOLEDB.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEODTXT.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEODEXL.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEODDBS.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEODBC.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEEXCL.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEEXCH.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEES.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACEDAO.DLL
%CommonProgramFiles%\Microsoft Shared\MSClientDataMgr\MSCDM.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\ACECORE.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ACERECR.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL
%CommonProgramFiles%\Microsoft Shared\TextConv\WPFT532.CNV
%CommonProgramFiles%\Microsoft Shared\TextConv\WPFT632.CNV

Подменяет следующие файлы

C:\$Recycle.Bin\S-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUS\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML
%CommonProgramFiles%\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\MUAUTH.CAB
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\README.HTM
%CommonProgramFiles%\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML
%CommonProgramFiles%\Microsoft Shared\PROOF\MSWDS_EN.LEX
%CommonProgramFiles%\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\CANYON\CANYON.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\CANYON\CANYON.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml
%CommonProgramFiles%\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML
%CommonProgramFiles%\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL
%CommonProgramFiles%\Microsoft Shared\Smart Tag\METCONV.TXT
%CommonProgramFiles%\Microsoft Shared\Smart Tag\MSTAG.TLB
%CommonProgramFiles%\Microsoft Shared\Stationery\Desktop.ini
%CommonProgramFiles%\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\AXIS\AXIS.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\AXIS\AXIS.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF
%CommonProgramFiles%\Microsoft Shared\PROOF\MSWDS_ES.LEX
%CommonProgramFiles%\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM
%CommonProgramFiles%\Microsoft Shared\PROOF\MSWDS_FR.LEX
%CommonProgramFiles%\Microsoft Shared\OFFICE14\1033\ADO210.CHM
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.WPG
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.PNG
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi
C:\kms\KMS_VL_ALL_AIO.cmd
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPlusWW.msi
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPlusWW.xml
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW.cab
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab
C:\kms\KMS_VL_ALL_AIO_Debug.log
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml
%CommonProgramFiles%\Microsoft Shared\EQUATION\EQNEDT32.CNT
%CommonProgramFiles%\Microsoft Shared\EQUATION\eqnedt32.exe.manifest
%CommonProgramFiles%\Microsoft Shared\EQUATION\EQNEDT32.HLP
%CommonProgramFiles%\Microsoft Shared\EQUATION\MTEXTRA.TTF
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\CGMIMP32.CFG
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\CGMIMP32.FNT
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.CGM
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.EPS
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.GIF
%CommonProgramFiles%\Microsoft Shared\GRPHFLT\MS.JPG
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST
%CommonProgramFiles%\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF
%CommonProgramFiles%\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm
%CommonProgramFiles%\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF

Изменяет множество файлов пользовательских данных (Trojan.Encoder).

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней