ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Win32.HLLP.Legion.1

Added to the Dr.Web virus database: 2010-11-20

Virus description added:

Technical Information

To ensure autorun and distribution
Substitutes the following executable system files
  • %WINDIR%\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe with %WINDIR%\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\caspol.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\applaunch.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\addinutil.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess32.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\wsatconfig.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\vbc.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\smsvchost.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\servicemodelreg.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\regtlibv12.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ngen.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\ngen.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\mscorsvw.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\csc.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe
  • %WINDIR%\SysWOW64\FlashPlayerApp.exe with %WINDIR%\syswow64\flashplayerapp.exe
  • %WINDIR%\Microsoft.NET\NETFXRepair.exe with %WINDIR%\microsoft.net\netfxrepair.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\wsatconfig.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\vbc.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\vbc.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\servicemodelreg.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\regtlibv12.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\regsvcs.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\msbuild.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\jsc.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\jsc.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\ilasm.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\edmgen.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\datasvcutil.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\jsc.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\jsc.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\vbc.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\vbc.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\regsvcs.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\regasm.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ngen.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\ngen.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\migpolwin.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\migpol.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\jsc.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\jsc.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\installutil.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ilasm.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\ilasm.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\IEExec.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\ieexec.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\cvtres.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\cvtres.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\csc.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\csc.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\configwizards.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CasPol.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\caspol.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_state.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_regiis.exe
  • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\al.exe with %WINDIR%\microsoft.net\framework\v1.1.4322\al.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\comsvcconfig.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smconfiginstaller.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\ilasm.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\edmgen.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\dfsvc.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\datasvcutil.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\comsvcconfig.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\CasPol.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_wp.exe
  • %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe with %WINDIR%\microsoft.net\framework64\v4.0.30319\ngen.exe
  • %WINDIR%\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_261.exe with %WINDIR%\syswow64\macromed\flash\flashplayerplugin_18_0_0_261.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\applaunch.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\addinutil.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe with %WINDIR%\microsoft.net\framework\v3.0\wpf\xamlviewer\xamlviewer_v0300.exe
  • %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe with %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\wsatconfig.exe
  • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe with %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe
  • %WINDIR%\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe with %WINDIR%\syswow64\macromed\flash\flashplayerupdateservice.exe
Infects the following executable files
  • C:\far2\far.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\applaunch.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinutil.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess32.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\wsatconfig.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\servicemodelreg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regtlibv12.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\ngen.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\mscorsvw.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\jsc.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\vbc.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\caspol.exe
  • %WINDIR%\syswow64\flashplayerapp.exe
  • %WINDIR%\microsoft.net\netfxrepair.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\wsatconfig.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\vbc.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\servicemodelreg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regtlibv12.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regsvcs.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\ngen.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\msbuild.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\jsc.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\ilasm.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\edmgen.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\datasvcutil.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\smsvchost.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\ilasm.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\edmgen.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\dfsvc.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\caspol.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\migpolwin.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\migpol.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\jsc.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\installutil.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ilasm.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ieexec.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\cvtres.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\csc.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\configwizards.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\regasm.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_state.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_regiis.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\al.exe
  • %WINDIR%\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe
  • C:\totalcmd\tcusbrun.exe
  • C:\totalcmd\tcunin64.exe
  • C:\totalcmd\tcmdx32.exe
  • C:\totalcmd\tcmadm64.exe
  • C:\totalcmd\noclose64.exe
  • %WINDIR%\syswow64\macromed\flash\flashplayerplugin_18_0_0_261.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\regsvcs.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ngen.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\datasvcutil.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\comsvcconfig.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_wp.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\applaunch.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinutil.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess.exe
  • %WINDIR%\microsoft.net\framework\v3.0\wpf\xamlviewer\xamlviewer_v0300.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\wsatconfig.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smconfiginstaller.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\comsvcconfig.exe
  • %WINDIR%\syswow64\macromed\flash\flashplayerupdateservice.exe
Modifies file system
Deletes the following files
  • %WINDIR%\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\caspol.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_state.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\applaunch.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinutil.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\wsatconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\smsvchost.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\servicemodelreg.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regtlibv12.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\ngen.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess32.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe.tmp
  • %WINDIR%\syswow64\flashplayerapp.exe.tmp
  • %WINDIR%\panther\mainqueueonline1.que.tmp
  • %WINDIR%\panther\mainqueueonline0.que.tmp
  • %WINDIR%\microsoft.net\netfxrepair.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\wsatconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\vbc.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\servicemodelreg.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regtlibv12.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\mscorsvw.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\ngen.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\mscorsvw.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\msbuild.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\jsc.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\ilasm.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\edmgen.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\datasvcutil.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\jsc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ilasm.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\comsvcconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\vbc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\regsvcs.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\regasm.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ngen.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\migpolwin.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\migpol.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\jsc.exe.tmp
  • %WINDIR%\syswow64\macromed\flash\flashplayerplugin_18_0_0_261.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\ieexec.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\cvtres.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\csc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\configwizards.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\caspol.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_wp.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_state.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_regiis.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\al.exe.tmp
  • %WINDIR%\microsoft.net\framework\v1.1.4322\installutil.exe.tmp
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\regsvcs.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smconfiginstaller.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\wpf\xamlviewer\xamlviewer_v0300.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\ilasm.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\edmgen.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\dfsvc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\datasvcutil.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\comsvcconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\wsatconfig.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe.tmp
  • %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\applaunch.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinutil.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess.exe.tmp
  • %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_wp.exe.tmp
  • %WINDIR%\syswow64\macromed\flash\flashplayerupdateservice.exe.tmp
Moves the following system files
  • from %WINDIR%\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe to %WINDIR%\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\caspol.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\caspol.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_state.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_state.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\applaunch.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\applaunch.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\addinutil.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\addinutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\wsatconfig.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\wsatconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\smsvchost.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\smsvchost.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\servicemodelreg.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\servicemodelreg.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\regtlibv12.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\regtlibv12.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\ngen.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\ngen.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess32.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\addinprocess32.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe.tmp
  • from %WINDIR%\syswow64\flashplayerapp.exe to %WINDIR%\syswow64\flashplayerapp.exe.tmp
  • from %WINDIR%\panther\mainqueueonline1.que to %WINDIR%\panther\mainqueueonline1.que.tmp
  • from %WINDIR%\panther\mainqueueonline0.que to %WINDIR%\panther\mainqueueonline0.que.tmp
  • from %WINDIR%\microsoft.net\netfxrepair.exe to %WINDIR%\microsoft.net\netfxrepair.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\wsatconfig.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\wsatconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\vbc.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\vbc.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\servicemodelreg.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\servicemodelreg.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\regtlibv12.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\regtlibv12.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\mscorsvw.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\mscorsvw.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\ngen.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\ngen.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\mscorsvw.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\mscorsvw.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\msbuild.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\msbuild.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\jsc.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\jsc.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\ilasm.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\ilasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\edmgen.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\edmgen.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\dfsvc.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\regasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\datasvcutil.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\datasvcutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\jsc.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\jsc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\ilasm.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\ilasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\comsvcconfig.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\comsvcconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\vbc.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\vbc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\regsvcs.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\regsvcs.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\regasm.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\regasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\ngen.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\ngen.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\migpolwin.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\migpolwin.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\migpol.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\migpol.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\jsc.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\jsc.exe.tmp
  • from %WINDIR%\syswow64\macromed\flash\flashplayerplugin_18_0_0_261.exe to %WINDIR%\syswow64\macromed\flash\flashplayerplugin_18_0_0_261.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\ieexec.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\ieexec.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\cvtres.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\cvtres.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\csc.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\csc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\configwizards.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\configwizards.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\caspol.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\caspol.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_wp.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_wp.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_state.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_state.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_regiis.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\aspnet_regiis.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\al.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\al.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v1.1.4322\installutil.exe to %WINDIR%\microsoft.net\framework\v1.1.4322\installutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework64\v4.0.30319\regsvcs.exe to %WINDIR%\microsoft.net\framework64\v4.0.30319\regsvcs.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smconfiginstaller.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smconfiginstaller.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\wpf\xamlviewer\xamlviewer_v0300.exe to %WINDIR%\microsoft.net\framework\v3.0\wpf\xamlviewer\xamlviewer_v0300.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\ilasm.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\ilasm.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\edmgen.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\edmgen.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\dfsvc.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\dfsvc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\datasvcutil.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\datasvcutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\comsvcconfig.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\comsvcconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\wsatconfig.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\wsatconfig.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe to %WINDIR%\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\applaunch.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\applaunch.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\addinutil.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\addinutil.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess32.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\addinprocess.exe.tmp
  • from %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_wp.exe to %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_wp.exe.tmp
  • from %WINDIR%\syswow64\macromed\flash\flashplayerupdateservice.exe to %WINDIR%\syswow64\macromed\flash\flashplayerupdateservice.exe.tmp
Substitutes the following executable files
  • C:\Far2\Far.exe
  • C:\totalcmd\NOCLOSE64.EXE
  • C:\totalcmd\TCMADM64.EXE
  • C:\totalcmd\TCMDX32.EXE
  • C:\totalcmd\TCUNIN64.EXE
  • C:\totalcmd\TcUsbRun.exe