Code:
// info: RegCleanPro
// author: Tom.K
// date: 2014-02-20 (2.0)
// copyright: (c) 2014 Safer-Networking Ltd. All rights reserved.
// count: 124
// reverse engineering prohibited!
:: RegCleanPro
// {Cat:PUPS}{Cnt:1}
// {Det:Tom.K,2014-02-20}
// {Cat:Test}{Cnt:1}
// {Det:Tom.K,2014-02-20}
RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\","systweak"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak","MachineID"
RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\","RegClean Pro"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro","ErrorCount"
RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\","Version *"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","TrialType"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLatestRestorePoint"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLatestRegDefrag"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastStartupOpt"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastScanResults"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastScan"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StrLastOptimizeTime"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartWhenWinBoots"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartScan"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartMinimized"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoTutorial"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoScanPMUI"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","StartAutoScanOnLaunch"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetEnableSound"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkSkipEmptyKeys"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkREmovableMedia"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","SetChkDontShowRedTrayPopup"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","ScheduledTime"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrsFixedTillDate"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrsFixedLast"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","RegErrFoundTillDate"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","NumTimesRCPRunned"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","ImprovementProgram"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","GoToSystemTrayOnClose"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","FirstRun"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","CurrentScanTime"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *","AutoRepair"
RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\","LANG"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\LANG","LangID"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\RegClean Pro\Version *\LANG","LangCode"
RegyKey:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\","ssd"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASOBUILDFOR"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASO3CAM"
RegyValue:"<$REG_SETTINGS>",HKEY_CURRENT_USER,"\Software\systweak\ssd","ASO3AFFILIATE"
RegyKey:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\","RegClean Pro_is[0-9]"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","URLInfoAbout"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","UninstallString"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","QuietUninstallString"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Publisher"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","NoRepair"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","NoModify"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","MinorVersion"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","MajorVersion"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","InstallLocation"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","InstallDate"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: User"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Setup Version"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Language"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: Icon Group"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","Inno Setup: App Path"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","HelpLink"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayVersion"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayName"
RegyValue:"<$REG_UNINSTALL>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is[0-9]","DisplayIcon"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\","Systweak"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak","MachineID"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","Params"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_source"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_medium"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","utm_campaign"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\Params","affiliateid"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","RegClean Pro"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\","Version *"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_source"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_medium"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","utm_campaign"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","TELNOSPAIN"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","TELNO"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","RENEWALURL"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","RCPURL"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","MaxFixLimit"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","LaunchASP"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","InstallASP"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","InstallAmazon"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","FirstTimeASPFired"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","FireAmazonOffered"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *","Expired"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *\","LANG"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\RegClean Pro\Version *\LANG","LangID"
RegyKey:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\","ssd"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASOBUILDFOR"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASO3CAM"
RegyValue:"<$REG_SETTINGS>",HKEY_LOCAL_MACHINE,"\SOFTWARE\Systweak\ssd","ASO3AFFILIATE"
Directory:"<$DIR_PROGGROUP>","<$COMMONPROGRAMS>\RegClean Pro"
File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\Uninstall RegClean Pro.lnk","filesize=722"
File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\Register RegClean Pro.lnk","filesize=763"
File:"<$FILE_GROUPENTRY>","<$COMMONPROGRAMS>\RegClean Pro\RegClean Pro.lnk","filesize=737"
File:"<$FILE_GROUPENTRY>","<$COMMONDESKTOP>\RegClean Pro.lnk","filesize=725"
Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak"
Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\RegClean Pro"
Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\TempHLList.rcp"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\results.rcp"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\log_*.log"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\ExcludeList.rcp"
File:"<$FILE_DATA>","<$COMMONAPPDATA>\systweak\RegClean Pro\Version *\eng_rcp.dat"
Directory:"<$DIR_APPDATA>","<$COMMONAPPDATA>\systweak\ssd"
File:"<$FILE_EXE>","<$COMMONAPPDATA>\systweak\ssd\SSDPTstub.exe","filesize=580816"
Directory:"<$DIR_PROG>","<$PROGRAMFILES>\RegClean Pro"
File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\xmllite.dll","filesize=126976"
File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.msg","filesize=22701"
File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.exe","filesize=1199960"
File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\unins000.dat","filesize=81711"
File:"<$FILE_DATA>","<$PROGRAMFILES>\RegClean Pro\*_uninst*.ini"
File:"<$FILE_DATA>","<$PROGRAMFILES>\RegClean Pro\*_rcp*.ini"
File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\systweakasp.exe","filesize=591896"
File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\SSDPTstub.exe","filesize=580816"
File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\RegCleanPro.exe","filesize=7911256"
File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\RegCleanPro.dll","filesize=1650688"
File:"<$FILE_UNINSTALLER>","<$PROGRAMFILES>\RegClean Pro\RCPUninstall.exe","filesize=537432"
File:"<$FILE_LIBRARY>","<$PROGRAMFILES>\RegClean Pro\isxdl.dll","filesize=157016"
File:"<$FILE_PICTURE>","<$PROGRAMFILES>\RegClean Pro\install_left_image.bmp","filesize=156296"
File:"<$FILE_INSTALLER>","<$PROGRAMFILES>\RegClean Pro\Cloud_Backup_Setup_Intl.exe","filesize=73840"
File:"<$FILE_INSTALLER>","<$PROGRAMFILES>\RegClean Pro\Cloud_Backup_Setup.exe","filesize=73824"
File:"<$FILE_EXE>","<$PROGRAMFILES>\RegClean Pro\CleanSchedule.exe","filesize=101208"
File:"<$FILE_EXE>","<$WINDIR>\system32\roboot.exe","filesize=18776"
File:"<$FILE_DATA>","<$WINDIR>\Tasks\RegClean Pro_UPDATES.job","filesize=272"
File:"<$FILE_DATA>","<$WINDIR>\Tasks\RegClean Pro_DEFAULT.job","filesize=264"
I want to improve detection to make more dynamic scan, but filesize as condition is weak as if it gets updated, it won't be flagged as detection. One way would be to set condition to higher or equal to. Another way would be to search string in executables so that they could be easily detected, but I have to find specific string which won't be changed. Even though RegCleanPro isn't updated a lot, I want to do it just for prevention purposes.