Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\TeamViewer] 'ImagePath' = '"%ProgramFiles%\TeamViewer\TeamViewer_Service.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\TeamViewer] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ProgramFiles%\TeamViewer\TeamViewer_Service.exe' = '%ProgramFiles%\Te...
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ProgramFiles%\TeamViewer\TeamViewer.exe' = '%ProgramFiles%\TeamViewer...
- '<SYSTEM32>\schtasks.exe' /Create /TN TVInstallRestore /TR "%TEMP%\TeamViewer\TeamViewer_.exe \RESTORE" /RU SYSTEM /SC ONLOGON /F
- '%TEMP%\nsr7.tmp\ns9.tmp' "%ProgramFiles%\TeamViewer\TeamViewer_Service.exe" -install
- '%ProgramFiles%\TeamViewer\TeamViewer_Service.exe' -install
- '%TEMP%\~aoflpsg.tmp' /S
- '%TEMP%\TeamViewer\TeamViewer_.exe' /S
- '%TEMP%\nsr7.tmp\ns8.tmp' <SYSTEM32>\schtasks /Create /TN TVInstallRestore /TR "%TEMP%\TeamViewer\TeamViewer_.exe \RESTORE" /RU SYSTEM /SC ONLOGON /F
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVPrint.inf
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVPSPrint.inf
- %ProgramFiles%\TeamViewer\TVExtractTemp\w2k\TeamViewerVPN.inf
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVMonitor.inf
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewer.ppd
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVMonitor.sy_
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\Teamviewer_PrintProcessor.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewervpn.sy_
- %ProgramFiles%\TeamViewer\TVExtractTemp\w2k\teamviewervpn.sy_
- %ProgramFiles%\TeamViewer\TVExtractTemp\tvfilesx86.7z
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewervpn.cat
- %ProgramFiles%\TeamViewer\TVExtractTemp\tv_w32.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\tv_x64.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvmonitor.cat
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewer.gpd
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TeamViewerVPN.inf
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvprint.cat
- %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvpsprint.cat
- %TEMP%\nsr7.tmp\FindProcDLL.dll
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %TEMP%\nsr7.tmp\ns9.tmp
- %APPDATA%\TeamViewer\TeamViewer11_Logfile.log
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %TEMP%\CabC.tmp
- %TEMP%\CabE.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- %TEMP%\CabA.tmp
- <SYSTEM32>\config\systemprofile\SendTo\TeamViewer.lnk
- %ProgramFiles%\TeamViewer\i386\TeamViewer.gpd
- C:\Documents and Settings\Default User\SendTo\TeamViewer.lnk
- %HOMEPATH%\SendTo\TeamViewer.lnk
- %ProgramFiles%\TeamViewer\i386\TeamViewer.ppd
- %ALLUSERSPROFILE%\Start Menu\Programs\TeamViewer 11\TeamViewer 11.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\TeamViewer 11\License.lnk
- %ALLUSERSPROFILE%\Desktop\TeamViewer 11.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\TeamViewer 11\Uninstall TeamViewer 11.lnk
- %TEMP%\TeamViewer\TV11Install.log
- %TEMP%\nsr7.tmp\UAC.dll
- %TEMP%\nsr7.tmp\TvGetVersion.dll
- %TEMP%\nsr7.tmp\System.dll
- %TEMP%\nsr7.tmp\nsExec.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\tvfiles.7z
- %TEMP%\nsr7.tmp\nsis7z.dll
- %TEMP%\nsr7.tmp\ns8.tmp
- %TEMP%\nsr7.tmp\nsArray.dll
- %TEMP%\aut2.tmp
- %TEMP%\~aoflpsg.tmp
- %TEMP%\aut1.tmp
- %TEMP%\drugjwh
- %TEMP%\nsb4.tmp\TvGetVersion.dll
- %TEMP%\nsb6.tmp
- %TEMP%\nsr7.tmp\UserInfo.dll
- %TEMP%\TeamViewer\TeamViewer_.exe
- %TEMP%\TeamViewer\tvinfo.ini
- %ProgramFiles%\TeamViewer\TVExtractTemp\CopyRights_DE.txt
- %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\ManagedAggregator.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddIn.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\tv_x64.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\uninstall.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Resource_tr.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_StaticRes.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim64.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dll
- %ProgramFiles%\TeamViewer\TVExtractTemp\Lizenz_TeamViewer_EN_unicode.txt
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer11.otf
- %ProgramFiles%\TeamViewer\TVExtractTemp\CopyRights_EN.txt
- %ProgramFiles%\TeamViewer\TVExtractTemp\Lizenz_TeamViewer_DE_unicode.txt
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Service.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\tv_w32.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exe
- %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Note.exe
- %TEMP%\~aoflpsg.tmp
- %TEMP%\CabA.tmp
- %ProgramFiles%\TeamViewer\TVExtractTemp\tvfilesx86.7z
- %TEMP%\CabE.tmp
- %TEMP%\CabC.tmp
- %ProgramFiles%\TeamViewer\TVExtractTemp\tvfiles.7z
- %TEMP%\drugjwh
- %TEMP%\aut1.tmp
- %TEMP%\nsr7.tmp\ns8.tmp
- %TEMP%\aut2.tmp
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvprint.cat to %ProgramFiles%\TeamViewer\x86\tvprint.cat
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\Teamviewer_PrintProcessor.dll to %ProgramFiles%\TeamViewer\x86\Teamviewer_PrintProcessor.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewer.gpd to %ProgramFiles%\TeamViewer\x86\TeamViewer.gpd
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVPrint.inf to %ProgramFiles%\TeamViewer\x86\TVPrint.inf
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVMonitor.sy_ to %ProgramFiles%\TeamViewer\x86\TVMonitor.sy_
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewervpn.sy_ to %ProgramFiles%\TeamViewer\x86\TeamViewerVPN.sy_
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TeamViewerVPN.inf to %ProgramFiles%\TeamViewer\x86\TeamViewerVPN.inf
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVMonitor.inf to %ProgramFiles%\TeamViewer\x86\TVMonitor.inf
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvmonitor.cat to %ProgramFiles%\TeamViewer\x86\TVMonitor.cat
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\tvpsprint.cat to %ProgramFiles%\TeamViewer\x86\tvpsprint.cat
- from %ProgramFiles%\TeamViewer\Lizenz_TeamViewer_DE_unicode.txt to %TEMP%\TeamViewer\TVInstallTemp\TVFile78.bak
- from %ProgramFiles%\TeamViewer\CopyRights_EN.txt to %ProgramFiles%\TeamViewer\CopyRights.txt
- from %ProgramFiles%\TeamViewer\x86\TeamViewerVPN.sy_ to %ProgramFiles%\TeamViewer\x86\teamviewervpn.sys
- from %ProgramFiles%\TeamViewer\CopyRights_DE.txt to %TEMP%\TeamViewer\TVInstallTemp\TVFile79.bak
- from %ProgramFiles%\TeamViewer\Lizenz_TeamViewer_EN_unicode.txt to %ProgramFiles%\TeamViewer\License.txt
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewer.ppd to %ProgramFiles%\TeamViewer\x86\TeamViewer.ppd
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\TVPSPrint.inf to %ProgramFiles%\TeamViewer\x86\TVPSPrint.inf
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Resource_tr.dll to %ProgramFiles%\TeamViewer\TeamViewer_Resource_tr.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dll to %ProgramFiles%\TeamViewer\TeamViewer_Resource_en.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\x86\teamviewervpn.cat to %ProgramFiles%\TeamViewer\x86\TeamViewerVPN.cat
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Service.exe to %ProgramFiles%\TeamViewer\TeamViewer_Service.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exe to %ProgramFiles%\TeamViewer\TeamViewer_Desktop.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_StaticRes.dll to %ProgramFiles%\TeamViewer\TeamViewer_StaticRes.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\uninstall.exe to %ProgramFiles%\TeamViewer\uninstall.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer.exe to %ProgramFiles%\TeamViewer\TeamViewer.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\CopyRights_EN.txt to %ProgramFiles%\TeamViewer\CopyRights_EN.txt
- from %ProgramFiles%\TeamViewer\TVExtractTemp\CopyRights_DE.txt to %ProgramFiles%\TeamViewer\CopyRights_DE.txt
- from %ProgramFiles%\TeamViewer\TVExtractTemp\Lizenz_TeamViewer_EN_unicode.txt to %ProgramFiles%\TeamViewer\Lizenz_TeamViewer_EN_unicode.txt
- from %ProgramFiles%\TeamViewer\TVExtractTemp\Lizenz_TeamViewer_DE_unicode.txt to %ProgramFiles%\TeamViewer\Lizenz_TeamViewer_DE_unicode.txt
- from %ProgramFiles%\TeamViewer\TVExtractTemp\tv_w32.dll to %ProgramFiles%\TeamViewer\tv_w32.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim.dll to %ProgramFiles%\TeamViewer\outlook\TeamViewerMeetingAddinShim.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\ManagedAggregator.dll to %ProgramFiles%\TeamViewer\outlook\ManagedAggregator.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer11.otf to %ProgramFiles%\TeamViewer\teamviewer11.otf
- from %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim64.dll to %ProgramFiles%\TeamViewer\outlook\TeamViewerMeetingAddinShim64.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddIn.dll to %ProgramFiles%\TeamViewer\outlook\TeamViewerMeetingAddIn.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\tv_x64.dll to %ProgramFiles%\TeamViewer\tv_x64.dll
- from %ProgramFiles%\TeamViewer\TVExtractTemp\tv_w32.exe to %ProgramFiles%\TeamViewer\tv_w32.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\TeamViewer_Note.exe to %ProgramFiles%\TeamViewer\TeamViewer_Note.exe
- from %ProgramFiles%\TeamViewer\TVExtractTemp\tv_x64.exe to %ProgramFiles%\TeamViewer\tv_x64.exe
- 'www.download.windowsupdate.com':80
- 'wp#d':80
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK www.download.windowsupdate.com
- DNS ASK wp#d
- ClassName: '#32770' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''