def find_06(): if utils.reg_exists( 'L', 'Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run\\ipmontr' ): return True if utils.reg_exists( 'L', 'Software\\Microsoft\\WinKernel\\Explorer\\Run\\ipmontr'): return True return False
def find_12(): if utils.file_exists( ('%s\\All Users\\Application Data' % datastore.PROFILE_PATH), 'Network'): return True if utils.reg_exists('L', 'Software\\Microsoft\\MSFix'): return True for key in datastore.HKEY_USERS_DATA: if utils.reg_exists('U', ('%s\\Software\\Microsoft\\MSFix' % key)): return True return False
def find_32(): if utils.reg_exists( 'L', 'Software\\Microsoft\\Active Setup\\Installed Components\\{FB083534-2709-3378-0000-F0FCD03BA387}' ): return True if utils.reg_exists( 'L', 'Software\\Microsoft\\Active Setup\\Installed Components\\{FB083534-2709-3378-0001-F0FCD03BA387}' ): return True return False
def find_01(): result = utils.reg_exists( 'L', 'software\\microsoft\\windows\\currentversion\\StrtdCfg', None, True) if result: return True for key in datastore.HKEY_USERS_DATA: result = utils.reg_exists( 'U', ('%s\\software\\microsoft\\windows\\currentversion\\StrtdCfg' % key), None, True) if result: return True return False
def find_43(): filesinsys32 = ['cryptapi32.dll'] otherfiles = ['%appdata%\\Help\\system32\\cryptapi32.dll'] regentries = [('L', 'SYSTEM\\CurrentControlSet\\Control', 'DType0')] results = [] for f in filesinsys32: results.append((f in datastore.SYSPATH_FILE_SET)) for f in otherfiles: results.append(file_exists(*os.path.split(f))) for reg in regentries: results.append(reg_exists(*reg)) return any(results)
def find_17(): search_set = set( ('ADWM.DLL', 'ASFIPC.DLL', 'BROWUI.DLL', 'CAPESPN.DLL', 'CFGKRNL3.DLL', 'CRYPTKRN.DLL', 'DESKKRNE.DLL', 'DSKMGR.DLL', 'EXPLORED.DLL', 'FMEM.DLL', 'HDDBACK4.DLL', 'HWMAP.DLL', 'ipnetd.dll', 'IPNETD.DLL', 'KNRLADD.DLL', 'MAILAPIC.DLL', 'MSGRTHLP.DLL', 'MSIAXCPL.DLL', 'MSID32.DLL', 'MSRECV40.DLL', 'NCFG.DLL', 'PARALEUI.DLL', 'secur16.dll', 'SECUR16.DLL', 'SOUNDLOC.DLL', 'WINF.DLL', 'WMCRT.DLL')) if (not datastore.SYSTEMROOT_FILE_SET.isdisjoint(search_set)): return True if utils.reg_exists('R', 'Lnkfile\\shellex\\IconHandler', 'OptionFlags'): return True return False
def find_26(): if utils.reg_exists('L', 'Software\\Adobe\\Fix'): return True search_set = set(('result.dat', 'data.dat', 'Acrobat.dll', 'first.tmp')) for ud in datastore.USER_DIRS_LIST: (cmdStatus, cmdId) = dsz.cmd.RunEx( ('dir -mask * -path "%s\\%s\\Local Settings\\Temp"' % (datastore.PROFILE_PATH, ud)), dsz.RUN_FLAG_RECORD) if cmdStatus: try: names = set( dsz.cmd.data.Get('DirItem::FileItem::name', dsz.TYPE_STRING, cmdId)) except RuntimeError: names = None if ((names is not None) and (not names.isdisjoint(search_set))): return True return False
def find_07(): return utils.reg_exists( 'L', 'Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run\\Internet32' )
def find_40(): return utils.reg_exists( 'L', 'Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad', 'NetIDS')
def find_39(): if utils.reg_exists('L', 'Software\\Microsoft\\MS QAG\\U11'): return True if utils.reg_exists('L', 'Software\\Microsoft\\MS QAG\\U12'): return True return False
def find_34(): return utils.reg_exists( 'L', 'System\\CurrentControlSet\\Services\\Windows Installer Management')
def find_23(): for key in datastore.HKEY_USERS_DATA: if utils.reg_exists('U', ('%s\\software\\microsoft\\NetWin' % key)): return True return False
def find_02(): result = utils.reg_exists( 'L', 'System\\CurrentControlSet\\Control\\CrashImage', None, True) if result: return True return False