{	 AVZ      .  2.52
		:  ,   virusinfo.info (AndreyKa)
	   ,     
		  : http://df.ru/~kad/ScanVuln.txt
}
var
IOSVer, ICounter : Integer;
A00,A01,A02,A03,A04,A05,A06,A07,A08,A09,A10,A11,A12,A13,A14,A15,A16,A17,A18,A19,A20,A21,A22,A23,A24,A25,
A26,A27,A28,A29,A30,A31,A32,A33,A34,A35,A36,A37,A38,A39,A40,A41,A42,A43,A44,A45,A46,A47,A48,A49,A50,A51,
A52,A53,A54,A55,A56,A57,Dot, notDot : string;
noSP, bRU : boolean;
D01,D02,D03,D04,D05,D06,D07,D08,D09,D10,D11,D12,D13,D14,D15,D16,D17,D18 : string;

function IsFileBuldLow(VulnFileName: string; IMinVer: integer) : boolean;
var
ARes : string;
IPos, IBuild : Integer;
begin
  ARes := GetFileVersion(VulnFileName, 6);
  IPos := Pos('.', ARes);
  while IPos > 0 do
  begin
    Delete(ARes, 1, IPos);
    IPos := Pos('.', ARes);
  end;
  Result := False;
  if ValidInt(ARes) then
  begin
    IBuild := StrToInt(ARes);
    if IBuild < IMinVer then
      Result := True
  end;
end;

function IsFileSubVerLow(VulnFileName:string; IMinSubVer:Extended):boolean;
var
ARes: string;
IPos: Integer;
begin
  ARes := GetFileVersion(VulnFileName, 6);
  IPos := Pos('.', ARes);
  Delete(ARes, 1, IPos);
  IPos := Pos('.', ARes);
  Delete(ARes, 1, IPos);
  Result := False;
  ARes := NormalizeDot(ARes);
  if ValidFloat(ARes) then
    if StrToFloat(ARes) < IMinSubVer then
      Result := True;
end;

function NormalizeDot(aStr : string) : string;
begin
  Result := StringReplace(aStr, notDot, Dot);
end;

Procedure WinVuln;
var
AOSVer, ASP, AResult, ARes, ID, AFName, URL : string;
IMinVer, IEVer : integer;
IMinSubVer: Extended;
FS : TFileSearch;
begin
 if not IsNT then exit;
  //   
  AOSVer := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CurrentVersion');
  if AOSVer < '5.0' then exit;
  ASP := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CSDVersion');
  if AOSVer = '5.0' then
    if ASP <> 'Service Pack 4' then
      AddToLog(A01)
    else
    begin
        IOSVer:=4;
        AddToLog(A02);
        AddToLog('http://support.microsoft.com/lifecycle/?p1=3071'+#13#10);
        noSP:=true;
        ICounter:=ICounter+1;
    end;
  if AOSVer = '5.1' then
    if ASP < 'Service Pack 3' then
    begin
      AddToLog(A03+#13#10);
      noSP:=true;
      ICounter:=ICounter+1;
    end
    else
    begin
      if ASP = 'Service Pack 3' then IOSVer := 13;
      A02 := StringReplace(A02, '2000', 'XP');
      AddToLog(A02);
      AddToLog(A34+#13#10);
      ICounter:=ICounter+1;
    end;
  if AOSVer = '5.2' then
    if ASP < 'Service Pack 2' then
    begin
      AddToLog(A04);
      noSP:=true;
      ICounter:=ICounter+1;
    end
    else
    begin
      if ASP = 'Service Pack 2' then IOSVer := 22;
      A02 := StringReplace(A02, '2000', 'Server 2003');
      AddToLog(A02+#13#10);
      ICounter:=ICounter+1;
    end;
  if AOSVer = '6.0' then
  begin
    ASP := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CurrentBuild');
    if ASP < '6002' then
    begin
      if ASP = '6000' then
       AddToLog(A05);
      if IsWOW64 then
        begin
        if ASP = '6000' then
          AddToLog(A00+'86d267bd-dfcd-47cf-aa76-dc0626dcdf10')
        else
          AddToLog(A32);
        AddToLog(A00+'8ad69826-03d4-488c-8f26-074800c55bc3');
        end
      else
        begin
        if ASP = '6000' then
          AddToLog(A00+'F559842A-9C9B-4579-B64A-09146A0BA746')
        else
          AddToLog(A32);
        AddToLog(A00+'891ab806-2431-4d00-afa3-99ff6f22448d');
        end;
      AddToLog('');
      noSP:=true;
      ICounter:=ICounter+1;
    end;
    if ASP = '6001' then  IOSVer := 31;
    if ASP = '6002' then  IOSVer := 32;
  end;
  if AOSVer = '6.1' then
  begin
    IOSVer := 40;
    if IsWOW64 then
    begin
      SetupAVZ('X64R=NN');
      ASP := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion','CSDVersion');
      SetupAVZ('X64R=YY');
    end;
    if ASP = 'Service Pack 1' then
      IOSVer := 41
    else
    begin
      AddToLog(A48);
      if IsWOW64 then
        AddToLog('http://download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976932-x64_74865ef2562006e51d7f9333b4a8d45b7a749dab.exe'+#13#10)
      else
        AddToLog('http://download.windowsupdate.com/msdownload/update/software/svpk/2011/02/windows6.1-kb976932-x86_c3516bc5c9e69fee6d9ac4f981f5b95977a8a2fa.exe' +#13#10);
      noSP:=true;
      ICounter:=ICounter+1;
    end;
  end;
  if AOSVer = '6.3' then // Windows 8.1/10
    IOSVer := 50;

  if IOSVer = 0 then
     exit; //     SP     
  if IsWOW64 then IOSVer := IOSVer + 100;

  FS := TFileSearch.Create(nil);

  // MS08-067   MS12-054
  URL:='';
  IMinVer := 0;
  case IOSVer of
  4  : begin IMinVer := 7203; ID:='E22EB3AE-1295-4FE2-9775-6F43C5C2AED3'; end; // MS08-067
  13 : begin IMinVer := 5694; URL:='https://www.catalog.update.microsoft.com/Search.aspx?q=KB2705219'; end;
  22 : begin IMinVer := 4392; ID:='2847952f-0234-4cf6-820a-1f0a285b2fb7'; end;
  122: begin IMinVer := 4392; ID:='3833d768-1dab-4a85-822f-87c7fa3db261'; end;
  end;
  if IMinVer <> 0 then
    if IsFileBuldLow('%System32%\Netapi32.dll', IMinVer) then
  begin
        AddToLog(A07);
        if   URL='' then
         AddToLog(A00+ID+#13#10)
        else
         AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
  end;

  // MS11-020,  Windows 7   MS11-048
  IMinVer := 0;
  ID := '';
  URL:='';
  case IOSVer of
   4  : begin IMinVer:=7365; URL:='https://www.catalog.update.microsoft.com/Search.aspx?q=KB971468'; end; // MS10-012
   13 : begin IMinVer:=6082; URL:='https://www.catalog.update.microsoft.com/Search.aspx?q=KB2508429'; end;
   22 : begin IMinVer:=4832; ID:='64C550D4-C927-4382-91E1-473ED6790819'; end;
   122: begin IMinVer:=4832; ID:='EF62DB94-4F72-4245-AC9F-6391035E2516'; end;
   32 : ID:='D6EDDFF4-A242-4DEC-9D84-72891DB2B754';
   132: ID:='2878C587-6544-40B4-9288-FC3B3CE1128D';
  end;
  AResult:='%System32%\drivers\Srv.sys';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if FileExists(AResult) and (ID<>'') then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D01))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A08);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS17-010
  URL := '';
  case IOSVer of
   13 : URL := 'https://www.catalog.update.microsoft.com/search.aspx?q=KB4012598';
   22 : URL := 'https://www.catalog.update.microsoft.com/search.aspx?q=KB4012598';
   122: URL := 'https://www.catalog.update.microsoft.com/search.aspx?q=KB4012598';
   32 : URL := 'https://www.catalog.update.microsoft.com/search.aspx?q=KB4012598';
   132: URL := 'https://www.catalog.update.microsoft.com/search.aspx?q=KB4012598';
   41 : URL := 'http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu';
   141: URL := 'http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu';
  end;
  AResult:='%System32%\drivers\Srv.sys';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if FileExists(AResult) and (URL<>'') then
    if FS.FindFirst(AResult) then
      if FS.FileLastWriteTime<StrToDateTime(D17) then
       begin
        AddToLog(A57);
        AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS10-013
  IMinVer := 0;
  URL:='';
  case IOSVer of
  4:begin
      AResult := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\DirectX','Version');
      AResult := Copy(AResult, 3, 2);
      if ValidInt(AResult) then
        case StrToInt(AResult) of
        7: begin IMinVer := 738; URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB975560'; end;
        9: begin IMinVer := 913; URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB975560'; end;
        end;
    end;
  13 : begin IMinVer := 5908; URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB975560'; end;
  22 : begin IMinVer := 4625; ID := '983c5484-6321-4765-97ec-8d42d42d1f70'; end;
  122: begin IMinVer := 4625; ID := '7dc20252-6091-407b-befc-c25e8f5d3fb0'; end;
  end;
  if IMinVer <> 0 then
    if IsFileBuldLow('%System32%\Quartz.dll', IMinVer) then
    begin
        AddToLog(A09);
        if   URL='' then
         AddToLog(A00+ID+#13#10)
        else
         AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
    end;

  // MS16-104/CVE-2018-8653   KB4014661/4486474
  ARes := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Internet Explorer','Version');
  AResult := Copy(ARes, 1, 1);
  if AResult = '9' then
    case Copy(ARes, 3, 2) of
      '10': AResult := '10';
      '11': AResult := '11';
    end;
  URL := '';
  if ValidInt(AResult) then
  begin
   IEVer:=StrToInt(AResult);
   case IEVer of
   9: case IOSVer of
      32: URL:='http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/04/ie9-windows6.0-kb4014661-x86_41c4885409c1e7712495cda5067389e9d58be7e7.msu';
      132:URL:='http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/04/ie9-windows6.0-kb4014661-x64_b0fd6aaf25578ac22e771e9420fb691845cc3c90.msu';
        end;
   11: case IOSVer of
      41: URL:='http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/10/ie11-windows6.1-kb4525106-x86_167b607da357cf4416a38a5a8af4512b6cd13f65.msu';
      141:URL:='http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/10/ie11-windows6.1-kb4525106-x64_9ce6fdbf27b117e63ead59c9721dfb37c634b764.msu';
        end;
   end;

   if (((IEVer<>9) and ((IOSVer=32) or (IOSVer=132))) or
       ((IEVer<>11) and ((IOSVer=41) or (IOSVer=141)))) then
    begin
       ICounter:=ICounter+1;
       AddToLog(A46+#13#10);
    end;

   if FS.FindFirst('%System32%\Mshtml.dll') then
   begin
    if FS.FileLastWriteTime < StrToDateTime(D02) then
      if URL <> '' then
      begin
        AddToLog(A10);
        AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
      end
      // XP + IE8
      else
        if  (IOSVer=13) and (IEVer=8) and bRU and (FS.FileLastWriteTime < StrToDateTime(D15)) then
        begin
          AddToLog(A10);
          AddToLog('https://yadi.sk/d/Z9wU6uhqoWaqrQ'+#13#10);
          ICounter:=ICounter+1;
        end;
    end;
   end;

  //http://www.microsoft.com/technet/security/advisory/2458511.mspx
  AResult:=NormalFileName('%USERPROFILE%\KB2458511.CSS');
  if FileExists(AResult) then
  begin
   DeleteFile(AResult);
   RegKeyParamDel('HKCU','Software\Microsoft\Internet Explorer\Styles','User Stylesheet');
   RegKeyIntParamWrite('HKCU','Software\Microsoft\Internet Explorer\Styles','Use My Stylesheet',0);
   AResult:=NormalFileName('%USERPROFILE%\CSS-backup.reg');
   if FileExists(AResult) then
   begin
    ExecuteFile('Regedit.exe','/c "'+AResult+'"',0,5000,true);
    DeleteFile(AResult);
   end;
  end;

  // MS13-090
  ID := '';
  if NoKillBit('{19916e01-b44e-4e31-94a4-4696df46157b}') then
  begin
    case IOSVer of
     13:  ID := '60906192-8a5b-459a-b8e5-6b65f1da5799';
     22:  ID := 'a36d3168-c5b4-4cba-874e-32abf387b54a';
     122: ID := 'fddbd288-827e-4d04-ba30-1f044a168ee0';
     32: ID := 'b35f44ce-4af5-4be2-9e45-f400d0d3f21b';
     132: ID := '8c691d27-9cb2-4695-97da-d86b62e10835';
     41: ID := '787d0729-a3c5-4312-a30e-5a211a22de77';
     141: ID := 'dd7cc36b-bb4e-4548-8d9c-43c6dd6cb78e';
    end;
   if ID <> '' then
   begin
      AddToLog(A11);
      AddToLog(A00+ID+#13#10);
      ICounter:=ICounter+1;
   end;
   end;

  // MS10-042
  IMinVer := 0;
  case IOSVer of
  13 : begin IMinVer := 5997; ID := '7C2122BB-0ECF-4467-A3BA-6FB862F603C5'; end;
  22 : begin IMinVer := 4726; ID := 'CD4363B2-D7A7-4FFF-8BCD-6FD02BD1AC07'; end;
  122: begin IMinVer := 4726; ID := 'A6BAFD3B-C921-466D-BEE0-59A3FE126712'; end;
  end;
  if IMinVer <> 0 then
  begin
    if IsFileBuldLow('%SystemRoot%\PCHEALTH\HELPCTR\Binaries\Helpsvc.exe', IMinVer) then
    begin
      AddToLog(A12);
      AddToLog(A00+ID+#13#10);
      ICounter:=ICounter+1;
    end
    else
      if not RegKeyExists('HKCR','HCP\shell') then
        RegKeyParamWrite('HKCR','HCP\shell\open\command','','REG_EXPAND_SZ',
          '%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"');
  end;

  // http://securitytracker.com/alerts/2007/Oct/1018843.html
  SetKillBit('{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}');

  // MS11-006
  ID := '';
  case IOSVer of
  13 : ID := 'BBEA7EAD-6C5C-4DA8-AA03-A40325FD2DE3';
  22 : ID := '2AA94528-5063-427B-97F7-2A0A55CBB6BF';
  122: ID := '6E740922-6CE4-46EC-A35E-E94201A9E398';
  32 : ID := '0C18ECCA-AFB9-4738-BC7B-76A0E815DFB8';
  132: ID := '62DC454F-4B1E-4AC0-8FFE-6C73112F8D4D';
  end;
  if ID <> '' then
   if FS.FindFirst('%System32%\Shell32.dll') then
    if FS.FileLastWriteTime<StrToDateTime(D04) then
     begin
       AddToLog(A31);
       AddToLog(A00+ID+#13#10);
       ICounter:=ICounter+1;
     end;

  // MS10-061
  if IOSVer = 13 then
  begin
    if IsFileBuldLow('%System32%\Spoolsv.exe', 6024) then
    begin
        AddToLog(A30);
        AddToLog(A00+'93FABA6B-0A85-4ACC-B527-A012BBF56B13'+#13#10);
        ICounter:=ICounter+1;
    end;
  end;

  // KB971029
  IMinVer := 0;
  ID := '';
  case IOSVer of
   13 : begin IMinVer:=5853; ID:='96ca61f6-8b16-4157-9635-8cfc0bbf4c35'; end;
   22 : begin IMinVer:=4559; ID:='edf9c049-bf1e-4130-87e6-0e64fa73f684'; end;
   122: begin IMinVer:=4559; ID:='b8df9256-cbb0-418d-a336-d29dc4415a65'; end;
   32 : ID:='dd6a61a3-b3c6-4b0a-a848-7b32be9f31c5';
   132: ID:='12e3fe0f-db79-4a27-aa7d-a456ee1c6ac4';
  end;
  AResult:='%System32%\Shsvcs.dll';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D05))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A33);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS11-087   MS12-034
  IMinVer := 0;
  ID := '';
  case IOSVer of
   13 : begin IMinVer:=6178; ID:='8d341077-8fcd-4666-a27e-2141a04a321e'; end;
   22 : begin IMinVer:=4938; ID:='6287b994-041f-45b7-a230-d689bf1901a8'; end;
   122: begin IMinVer:=4938; ID:='f9f49cd0-24db-4438-afde-aa7113ec2035'; end;
  end;
  AResult:='%System32%\Win32k.sys';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D06))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A35);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS15-051   MS15-135
  IMinVer := 0;
  ID := '';
  case IOSVer of
   32 : ID:='8623fc3a-3d15-4063-a9e9-9f5545aba775';
   132: ID:='350ca486-0a41-4052-8262-954688ce6547';
   41 : ID:='66d9e66c-1698-4915-a1ac-cb5ce247a93a';
   141: ID:='5e494723-75d9-4245-8895-3fd5be147cf4';
  end;
  if ID<>'' then
  begin
   AResult:='%System32%\Win32k.sys';
   if IsWOW64 then SetupAVZ('X64R=NN');
    if FileExists(AResult) then
     if FS.FindFirst(AResult) then
       if FS.FileLastWriteTime<StrToDateTime(D16) then
        begin
         AddToLog(A51);
         AddToLog(A00+ID+#13#10);
         ICounter:=ICounter+1;
        end;
  end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS10-092
  ID := '';
  case IOSVer of
   32 : ID:='48F10251-34D8-4149-B4B2-BF3EC28F5846';
   132: ID:='099CCC5F-B92F-4D06-BCB5-92E35C49F613';
   41 : ID:='CF85CDB6-58C7-4144-82F6-F01A6A4F9C3A';
   141: ID:='0597018D-39F5-4CA9-B437-63D9E68F264D';
  end;
  if ID<>'' then
  begin
   AResult:='%System32%\Taskeng.exe';
   if IsWOW64 then SetupAVZ('X64R=NN');
    if FileExists(AResult) then
     if FS.FindFirst(AResult) then
       if FS.FileLastWriteTime<StrToDateTime(D07) then
        begin
         AddToLog(A36);
         AddToLog(A00+ID+#13#10);
         ICounter:=ICounter+1;
        end;
  end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS11-011
  IMinVer := 0;
  ID := '';
  case IOSVer of
   13 : begin IMinVer:=6055; ID:='A511D33A-9AE0-46EE-A225-9D97390DE7D1'; end;
   22 : begin IMinVer:=4789; ID:='6BF2EEEC-8225-477F-A606-263D3EE434D6'; end;
   122: begin IMinVer:=4789; ID:='EC544894-EE98-4A2B-AC4D-33B0C3754213'; end;
   32 : ID:='66978514-BB7F-42CC-9360-2FD1C686F4E6';
   132: ID:='8FDB8C37-1B22-457B-BDC0-21F6A5061DD3';
  end;
  AResult:='%System32%\Ntdll.dll';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D08))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A37);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // MS12-004
  IMinVer := 0;
  ID := '';
  case IOSVer of
   13 : begin IMinVer:=6160; ID:='a142f7ba-4268-4453-a8eb-470213c028ac'; end;
   22 : begin IMinVer:=4916; ID:='3c266dfb-630d-4f32-b2ca-63955279b6a9'; end;
   122: begin IMinVer:=4916; ID:='8dd1c882-4ed1-4e47-a017-7d162bd94194'; end;
   32 : ID:='99d9b9fc-ed37-4a32-a20d-6604a1b9c4ca';
   132: ID:='44aa8d91-2b30-4191-8965-8aee2b860d50';
  end;
  AResult:='%System32%\Winmm.dll';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D09))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A38);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // KB2718704
  URL := '';
  IMinVer := 0;
  case IOSVer of
   13 : IMinVer := 6237;
   22 : IMinVer := 5012;
   122 : IMinVer := 5012;
  end;
  if bRU then
    case IOSVer of
     13 : URL := 'http://download.windowsupdate.com/c/msdownload/update/software/secu/2013/10/windowsxp-kb2868626-x86-rus_4abd24380c337f4f659a5561baaabe38e3903e85.exe';
     22 : URL := 'http://download.windowsupdate.com/msdownload/update/software/crup/2012/06/windowsserver2003-kb2718704-x86-rus_cd648b5b24681090c1d6a158aa97a4c26b583132.exe';
     122 : URL := 'http://download.windowsupdate.com/msdownload/update/software/crup/2012/06/windowsserver2003.windowsxp-kb2718704-x64-rus_f6f31b37b9ea40ad9a24e80082531c7ca21b5e2e.exe';
    end
  else
    case IOSVer of
     13 : URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2868626';
     22 : URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB3072630';
     122 : URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB3072630';
    end;
  if URL <>'' then
  begin
   AResult:='%System32%\Crypt32.dll';
    if FileExists(AResult) then
       if (IMinVer>0) and IsFileBuldLow(AResult, IMinVer) then
        begin
         AddToLog(A42);
         AddToLog(URL+#13#10);
         ICounter:=ICounter+1;
        end;
  end;
  AFName := '';
  case IOSVer of
   32 : begin AFName :='X86_13f66e81425ab9718ea16821324e3faa_31bf3856ad364e35_6.0.6002.18642_none_4b3c196b981fe80c.manifest';
         URL :='http://download.windowsupdate.com/msdownload/update/software/crup/2012/06/windows6.0-kb2718704-x86_35d517dc6676411e63e5eb82d990ab29c7d4776e.msu';
         end;
   132: begin AFName :='X86_microsoft-windows-capi2-certs_31bf3856ad364e35_6.0.6002.18642_none_c44bff19916a7786.manifest';
         URL :='http://download.windowsupdate.com/msdownload/update/software/crup/2012/06/windows6.0-kb2718704-x64_5cb92cc1bd1604c76984fd803acae314a58d3473.msu';
         end;
  end;
  if AFName<>'' then
  begin
    if IsWow64 then
      SetupAVZ('X64R=NN');
    AResult := NormalFileName('%windir%\winsxs\Manifests\'+AFName);
    if not FileExists(AResult) then
    begin
        AddToLog(A42);
        AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
    end;
    if IsWow64 then
     SetupAVZ('X64R=YY');
  end;

  // MS15-084
  ID := '';
  URL := '';
  case IOSVer of
   13 : URL:='https://www.catalog.update.microsoft.com/Search.aspx?q=KB2719985'; // MS12-043
   22 : ID:='b7321c17-0e8e-4217-8da6-4c270dbfc802';
   122: ID:='29985fdc-8aba-44b2-9420-970ca475052e';
   32 : ID:='d373b5dc-297a-4e85-844d-a81e0c2038c6';
   132: ID:='f3442e5a-cc59-47a1-9194-b0d564bd0516';
   41 : ID:='7784017e-2e9d-4561-a86f-d992960cf130';
   141: ID:='5bc692f6-11a3-423b-90ff-2f599fe6fdd9';
  end;
  AResult:='%System32%\Msxml3.dll';
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if (FS.FileLastWriteTime<StrToDateTime(D10)) then
       begin
        AddToLog(A43);
        if   URL='' then
         AddToLog(A00+ID+#13#10)
        else
         AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
       end;

  ID := '';
  URL := '';
  case IOSVer of
   13 : URL:='https://www.catalog.update.microsoft.com/Search.aspx?q=KB2758694';  // MS13-002
   22 : ID:='1e2738b9-d3c2-4dfe-8a79-335d5feee55b';
   122: ID:='7dabf372-4b31-4c9e-a660-4e0f4a65db04';
   32 : ID:='1e2738b9-d3c2-4dfe-8a79-335d5feee55b';
   132: ID:='7dabf372-4b31-4c9e-a660-4e0f4a65db04';
   41 : ID:='1e2738b9-d3c2-4dfe-8a79-335d5feee55b';
   141: ID:='7dabf372-4b31-4c9e-a660-4e0f4a65db04';
  end;
  AResult:='%System32%\Msxml4.dll';
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if (FS.FileLastWriteTime<StrToDateTime(D10)) then
       begin
        AddToLog(A43);
        AddToLog('https://www.microsoft.com/downloads/details.aspx?FamilyID='+ID);
        if (IOSVer > 30) and (IOSVer <> 122) then  AddToLog(A45);
        AddToLog('');
        ICounter:=ICounter+1;
       end;

  ID := '';
  URL := '';
  case IOSVer of
   22 : ID:='e6fbadbc-43c3-4807-ad7e-a159fd2060fe';
   122: ID:='3507636e-c4c1-4be7-80d2-e589b95da1e4';
  end;
  AResult:='%System32%\Msxml6.dll';
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if (FS.FileLastWriteTime<StrToDateTime(D10)) then
       begin
        AddToLog(A43);
        AddToLog('https://www.microsoft.com/downloads/details.aspx?FamilyID='+ID+#13#10);
        ICounter:=ICounter+1;
       end;

  // MS13-053   XP  MS14-015; Vista/7   MS16-120
  IMinVer := 0;
  ID := '';
  case IOSVer of
   13 : begin IMinVer:=6404; ID:='3ecb45ce-1aa2-4764-8b90-2d52b16af5c9'; end;
   22 : begin IMinVer:=5174; ID:='50c1f5ff-f9af-4a85-9f1d-b39842e73dff'; end;
   122: begin IMinVer:=5174; ID:='76756760-b756-405c-b480-3c6d82398d94'; end;
  end;
  AResult:='%System32%\Win32k.sys';
   if IsWOW64 then
      SetupAVZ('X64R=NN');
  if ID<>'' then
    if FS.FindFirst(AResult) then
      if ((IMinVer=0) and (FS.FileLastWriteTime<StrToDateTime(D11))) or ((IMinVer>0) and IsFileBuldLow(AResult, IMinVer)) then
       begin
        AddToLog(A49);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;
   if IsWOW64 then
      SetupAVZ('X64R=YY');

  // MS13-096
  ID := '';
  case IOSVer of
   32 : ID:='fd0f3c4d-a741-44ef-b566-29ed95ae9228';
   132: ID:='420c49f6-65aa-41b5-9f34-1f0384f6c394';
  end;
  AResult:='%System32%\Gdiplus.dll';
  if (ID<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if (FS.FileLastWriteTime<StrToDateTime(D12)) then
       begin
        AddToLog(A50);
        AddToLog(A00+ID+#13#10);
        ICounter:=ICounter+1;
       end;

  // MS14-002
  URL := '';
  case IOSVer of
   13 : URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2914368';
   22 : URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2914368';
   122: URL := 'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2914368';
  end;
  AResult:='%System32%\drivers\NDProxy.sys';
  if IsWOW64 then SetupAVZ('X64R=NN');
  if (URL<>'') and FileExists(AResult) then
    if FS.FindFirst(AResult) then
      if (FS.FileLastWriteTime<StrToDateTime(D13)) then
       begin
        AddToLog(A51);
        AddToLog(URL+#13#10);
        ICounter:=ICounter+1;
       end;
  if IsWOW64 then SetupAVZ('X64R=YY');

  // CVE-2020-0938, CVE-2020-1020
  if IsAdmin and FileExists('%System32%\Atmfd.dll') then
    if FS.FindFirst('%System32%\Atmfd.dll') then
      if FS.FileLastWriteTime < StrToDateTime(D18) then
	    if not RegKeyParamExists('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows', 'DisableATMFD') then
          RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows', 'DisableATMFD', 1);

  FS.Free;

  if (IOSVer = 32) or (IOSVer = 132) or (IOSVer = 41) or (IOSVer = 141) or (IOSVer = 50) or (IOSVer = 150) then
  begin
    ARes := 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System';
    if RegKeyIntParamRead('hklm', ARes, 'EnableLUA') = 0 then
      begin
        addtolog(A53+A56);
        ICounter:=ICounter+1;
      end
    else
      if RegKeyIntParamRead('hklm', ARes, 'ConsentPromptBehaviorAdmin') = 0 then
        begin
          addtolog(A54+A56);
          ICounter:=ICounter+1;
        end;
  end;
end;

Function NoKillBit(CLSID: string) : boolean;
begin
 Result:=RegKeyExists('HKCR','CLSID\'+CLSID) and
        not RegKeyExists('HKLM','SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\'+CLSID);
end;

Procedure SetKillBit(CLSID: string);
begin
  if NoKillBit(CLSID) then
    RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\'+CLSID,'Compatibility Flags', 1024);
end;

Function GetFileLastWriteTime(AFName: string) : TDateTime;
var
FS : TFileSearch;
begin
  FS := TFileSearch.Create(nil);
  if FS.FindFirst(AFName) then
    Result := FS.FileLastWriteTime;
  FS.Free;
end;

Procedure MSOffice;
var
APath, AFName, AResult : string;
MSCOMCTL_old, Gdiplus_old : boolean;
begin
  //   ActiveX    Microsoft Access     
  // MS08-041
  SetKillBit('{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}');
  SetKillBit('{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}');
  SetKillBit('{F2175210-368C-11D0-AD81-00A0C90DC8D9}');

  //   - Microsoft Office     
  // MS09-043
  SetKillBit('{0002E543-0000-0000-C000-000000000046}');
  SetKillBit('{0002E55B-0000-0000-C000-000000000046}');
  SetKillBit('{0002E541-0000-0000-C000-000000000046}');
  SetKillBit('{0002E559-0000-0000-C000-000000000046}');
  SetKillBit('{0002E512-0000-0000-C000-000000000046}');
  SetKillBit('{0002E510-0000-0000-C000-000000000046}');
  SetKillBit('{0002E511-0000-0000-C000-000000000046}');
  SetKillBit('{0002E533-0000-0000-C000-000000000046}');
  SetKillBit('{0002E530-0000-0000-C000-000000000046}');

  // MS12-060   MS16-024
  AFName := NormalFileName('%System32%\MSCOMCTL.OCX');
  MSCOMCTL_old := isFileBuldLow(AFName,9834);

  // MS13-096 & MS15-131 (  MS16-054)
    // Office 2010
    if RegKeyExists('HKLM','SOFTWARE\Microsoft\Office\14.0\Common\InstalledPackages') then
    begin
      AResult := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\14.0\Common\ProductVersion','LastProduct');
      APath:=RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot','Path');
      if MSCOMCTL_old then
      begin
        AddToLog(A40+#13#10+A00+'a61e3306-35a4-4079-bacc-93bacdf4439c');
        if AResult < '14.0.6029.1000' then
          AddToLog(A44);
        ICounter:=ICounter+1;
        AddToLog('');
      end;
      AFName:=APath+'Ogl.dll';
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D12) then
        begin
          AddToLog(A50+#13#10+A00+'082ac73e-fcc9-46ac-b888-5c248a64a117');
          if AResult < '14.0.6029.1000' then
            AddToLog(A44);
          ICounter:=ICounter+1;
          AddToLog('');
        end;
      AFName:=APath+'winword.exe';
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D14) then
        begin
          AddToLog(A55+'10'+#13#10+A00+'37f75e69-8d92-4c5c-abc2-62374aefe596');
          if AResult < '14.0.6029.1000' then
            AddToLog(A44);
          ICounter:=ICounter+1;
          AddToLog('');
        end;
    end
    else
    // Office 2003
    if RegKeyParamExists('HKLM','SOFTWARE\Microsoft\Office\11.0\Common\InstallRoot','Path') then
    begin
      AResult := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\11.0\Common\InstallRoot','Path');
      if FileExists(AResult + 'winword.exe') or FileExists(AResult + 'Wordview.exe') then
      begin
        AddToLog(A52+#13#10); ICounter:=ICounter+1;
      end;
      AResult := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\11.0\Common\ProductVersion','LastProduct');
      AFName:=RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\11.0\Common\InstallRoot','Path')+'Gdiplus.dll';
      if MSCOMCTL_old then
      begin
        AddToLog(A40+#13#10+'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2726929');
        if AResult < '11.0.8173.0' then
          AddToLog(A41+'3'+#13#10+A00+'e25b7049-3e13-433b-b9d2-5e3c1132f206');
        ICounter:=ICounter+1;
        AddToLog('');
      end;
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D12) then
        begin
          AddToLog(A50+#13#10+'https://www.catalog.update.microsoft.com/Search.aspx?q=KB2850047');
          if AResult < '11.0.8173.0' then
            AddToLog(A41+'3'+#13#10+A00+'e25b7049-3e13-433b-b9d2-5e3c1132f206');
          ICounter:=ICounter+1;
          AddToLog('');
        end;
    end
    else
    // Office 2007
    if RegKeyParamExists('HKLM','SOFTWARE\Microsoft\Office\12.0\Common\InstallRoot','Path') then
    begin
      AResult := RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\12.0\Common\ProductVersion','LastProduct');
      APath :=RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Office\12.0\Common\InstallRoot','Path');
      if MSCOMCTL_old then
      begin
        AddToLog(A40+#13#10+A00+'afdb9c83-07e7-4280-94a7-125e0e7320ae');
        if AResult < '12.0.6425.1000' then
          AddToLog(A41+'7'+#13#10+A00+'0E40BBE7-1422-40EA-912D-2A29D709F93F');
        ICounter:=ICounter+1;
        AddToLog('');
      end;
      AFName:=APath+'OGL.DLL';
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D12) then
        begin
          AddToLog(A50+#13#10+A00+'3d373aba-eec3-4b76-ae95-9270a82e2e7e');
          if AResult < '12.0.6425.1000' then
            AddToLog(A41+'7'+#13#10+A00+'0E40BBE7-1422-40EA-912D-2A29D709F93F');
          ICounter:=ICounter+1;
          AddToLog('');
        end;
      AFName:=APath+'winword.exe';
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D14) then
        begin
          AddToLog(A55+'07'+#13#10+A00+'a58f32c8-e216-4b89-89a8-6ccfdfa399c5');
          if AResult < '12.0.6425.1000' then
            AddToLog(A41+'7'+#13#10+A00+'0E40BBE7-1422-40EA-912D-2A29D709F93F');
          ICounter:=ICounter+1;
          AddToLog('');
        end;
      AFName:=APath+'Wordcnv.dll';
      if FileExists(AFName) then
        if GetFileLastWriteTime(AFName) < StrToDateTime(D14) then
        begin
          AddToLog(A55+'03 Compatibility Pack'+#13#10+A00+'0ea0f80e-1c6b-4e92-9ce0-4b18081bd536');
          ICounter:=ICounter+1;
          AddToLog('');
        end;
    end;
end;

Procedure AdobeFlashVuln;
var
AResult : string;
i : integer;
Plugin64Old, AX64old : boolean;
begin
  // x64
  Plugin64Old := false;
  AX64old := false;
  if IsWow64 then
  begin
   SetupAVZ('X64R=NN');
   AResult := RegKeyStrParamRead('HKCR','CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32','');
   if AResult <> '' then
   begin
     AResult := GetFileVersion(AResult, 6);
     if IsFlashOld(AResult) then
       AX64old := true;
   end;
   AResult := RegKeyStrParamRead('HKLM','SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer','Version');
   if AResult <> '' then
    if IsFlashOld(AResult) then
      Plugin64Old := true;
    SetupAVZ('X64R=YY');
  end;

  // x86
  AResult := RegKeyStrParamRead('HKLM',
        'SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32','');
  AResult := GetFileVersion(AResult, 6);
  if (IOSVer>4) and (IOSVer<>50) and (IOSVer<>150) and (AX64Old or IsFlashOld(AResult)) then
  begin
    AddToLog(A14);
    AddToLog('https://fpdownload.adobe.com/get/flashplayer/latest/help/install_flash_player_ax.exe'+#13#10);
    ICounter:=ICounter+1;
  end;

  AResult := RegKeyStrParamRead('HKLM',
        'SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer','Version');
  if Plugin64Old or IsFlashOld(AResult) then
  begin
    AddToLog(A15);
    AddToLog('https://fpdownload.adobe.com/get/flashplayer/latest/help/install_flash_player.exe'+#13#10);
    ICounter:=ICounter+1;
  end;
end;

function IsFlashOld(AFlVer: string) : boolean;
var
AVer, ABuild : string;
DotPos : integer;
begin
  Result := true;
  AFlVer := StringReplace(AFlVer, ',', '.');
  AVer := Copy(AFlVer, 1, 2);
  DotPos := Pos('.', AFlVer);
  AFlVer := Copy(AFlVer, DotPos+1, Length(AFlVer)-DotPos);
  DotPos := Pos('.', AFlVer);
  AFlVer := Copy(AFlVer, DotPos+1, Length(AFlVer)-DotPos);
  DotPos := Pos('.', AFlVer);
  ABuild := Copy(AFlVer, DotPos+1, Length(AFlVer)-DotPos);
  AFlVer := NormalizeDot(AFlVer);
  if ValidFloat(AFlVer) then
   case AVer of
   '32' : if StrToFloat(AFlVer) > 0 then // 32.0.0.101 CVE-2018-15982
            if ValidInt(ABuild) then
              if (StrToFloat(AFlVer) > 1) or (StrToInt(ABuild) >= 101) then Result:=false;
   end
  else
   Result:=false;
  if ValidInt(AVer) then
    if StrToInt(AVer) > 32 then Result:=false;
end;

Procedure AdobeReaderVuln;
var
ARes, AVer, AMinVer, CVer, AKey, AExe, ASubVer : string;
ISubVer, IMinSubVer  : integer;
begin
  ARes:='';
  if RegKeyExists('HKCR','CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}')
  then ARes:='06849E9F-C8D7-4D59-B87D-784B7D6BE0B3'
  else if RegKeyExists('HKCR','CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}')
        then ARes:='18DF081C-E8AD-4283-A596-FA578C2EBDC3';
  if ARes = '' then exit;
  ARes := RegKeyStrParamRead('HKCR','CLSID\{'+ARes+'}\InprocServer32','');
  if not FileExists(ARes) then exit;
  AVer := GetFileVersion(ARes, 6);

  AExe := RegKeyStrParamRead('HKCR','Software\Adobe\Acrobat\Exe','');
  if Pos('acrobat.exe',LowerCase(AExe)) > 0 then
  begin
      AddToLog(A17 + AVer);
      AddToLog(A16+#13#10);
      ICounter:=ICounter+1;
  end else
  begin
      AddToLog(A20 + AVer);
      AddToLog(A19);
      AddToLog('http://get.adobe.com/reader/otherversions'+#13#10);
      ICounter:=ICounter+1;
  end;
end;

Procedure FireFoxVuln;
var
AResult,AVer,AFile:string;
Ver:integer;
FFIsOut:boolean;
begin
  if RegKeyExists('HKCU','SOFTWARE\Mozilla\Mozilla Firefox') then
  begin
   AResult:=RegKeyStrParamRead('HKCU','SOFTWARE\Mozilla\Mozilla Firefox','');
   AFile:=RegKeyStrParamRead('HKCU','SOFTWARE\Mozilla\Mozilla Firefox '+AResult+'\bin','PathToExe');
  end
  else if RegKeyExists('HKLM','SOFTWARE\Mozilla\Mozilla Firefox') then
  begin
   AResult:=RegKeyStrParamRead('HKLM','SOFTWARE\Mozilla\Mozilla Firefox','');
   if not RegKeyExists('HKLM','SOFTWARE\Mozilla\Mozilla Firefox'+AResult) then
     AResult:=RegKeyStrParamRead('HKLM','SOFTWARE\Mozilla\Mozilla Firefox','CurrentVersion');
   AFile:=RegKeyStrParamRead('HKLM','SOFTWARE\Mozilla\Mozilla Firefox '+AResult+'\bin','PathToExe');
   if AFile = '' then
     AFile:=RegKeyStrParamRead('HKLM','SOFTWARE\Mozilla\Mozilla Firefox\'+AResult+'\Main','PathToExe');
  end
   else exit;
  AResult := GetFileVersion(AFile, 6);
  AVer := Copy(AResult, 1, Pos('.', AResult)-1);
  if ValidInt(AVer) then Ver:=StrToInt(AVer) else exit;
  FFIsOut:=true;
  if (Ver = 17)and((AResult >= '17.0.7')or(AResult = '17.0.10')or(AResult = '17.0.11')) then FFIsOut:=false
    else if Ver >= 22 then FFIsOut:=false;
  if FFIsOut then
  begin
    AddToLog('Firefox '+AResult+A22);
    AddToLog('https://www.mozilla.com/'+#13#10);
    ICounter:=ICounter+1;
  end;
end;

Procedure JavaVuln;
var
ARes, ABuld : string;
JavaIsOut:boolean;
IPos: Integer;
begin
  ARes := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Runtime Environment','CurrentVersion');
  JavaIsOut:=false;
  ABuld := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Runtime Environment','BrowserJavaVersion');
  if ABuld='' then
        ABuld := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Web Start','CurrentVersion')
  else if ARes='' then ARes := copy(ABuld, 1, 3);

  IPos := Pos('.', ABuld);
  Delete(ABuld, 1, IPos);
  ABuld := NormalizeDot(ABuld);
  case ARes of
   '1.8': begin
            if ValidFloat(ABuld) then
             if StrToFloat(ABuld) < 61 then
              JavaIsOut:=true;
          end;
   '1.7': begin
            if ValidFloat(ABuld) then
             if StrToFloat(ABuld) < 86 then
              JavaIsOut:=true;
          end;
   '1.6': JavaIsOut:=true;
   '1.5': JavaIsOut:=true;
   '1.4': JavaIsOut:=true;
  end;
  if JavaIsOut then
  begin
    AddToLog(A23);
    AddToLog(A24+#13#10);
    ICounter:=ICounter+1;
  end;

  if IsWow64 then
  begin
    SetupAVZ('X64R=NN');
    ARes := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Runtime Environment','CurrentVersion');
    JavaIsOut:=false;
    ABuld := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Runtime Environment','BrowserJavaVersion');
    if ABuld='' then
        ABuld := RegKeyStrParamRead('HKLM','SOFTWARE\JavaSoft\Java Web Start','CurrentVersion');
    IPos := Pos('.', ABuld);
    Delete(ABuld, 1, IPos);
    ABuld := NormalizeDot(ABuld);
    case ARes of
     '1.8': begin
              if ValidFloat(ABuld) then
               if StrToFloat(ABuld) < 5 then
                JavaIsOut:=true;
            end;
     '1.7': begin
            if ValidFloat(ABuld) then
             if StrToFloat(ABuld) < 55 then
              JavaIsOut:=true;
          end;
     '1.6': JavaIsOut:=true;
    end;
    if JavaIsOut then
    begin
      A23 := StringReplace(A23,'32','64');
      AddToLog(A23);
      AddToLog(A24+#13#10);
      ICounter:=ICounter+1;
    end;
    SetupAVZ('X64R=YY');
  end;
end;

Procedure OperaVuln;
var
AResult,AVer:string;
cVer:char;
iPos:integer;
begin
  AResult:=RegKeyStrParamRead('HKLM','SOFTWARE\Opera Software','Last CommandLine v2');
  if AResult = '' then
    AResult:=RegKeyStrParamRead('HKCU','SOFTWARE\Opera Software','Last CommandLine v2');
  if AResult = '' then exit;
  iPos := Pos('opera.exe', AResult);
  AResult := Copy(AResult, 1, iPos+9);
  AVer := GetFileVersion(AResult, 6);
  AVer := NormalizeDot(AVer);
  if ValidFloat(AVer) then
    if StrToFloat(AVer) < 12.10 then
    begin
        AddToLog('Opera '+AVer+A25);
        AddToLog('https://www.opera.com/browser/download'+#13#10);
        ICounter:=ICounter+1;
    end;
end;

Procedure QuickTimeVuln;
var
AResult, AVer :string;
begin
  AResult:=RegKeyStrParamRead('HKCR','CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\InprocServer32','');
  if not FileExists(AResult) then exit;
  AVer:=GetFileVersion(AResult,3);
  Delete(AVer,7,7);
  if AVer<'7.6.8' then
  begin
   AddToLog('QuickTime '+AVer+A22);
   AddToLog('https://www.apple.com/quicktime/download'+#13#10);
   ICounter:=ICounter+1;
  end;
end;

Procedure SilverlightVuln;
var
AVer :string;
begin
  AVer:=RegKeyStrParamRead('HKLM','SOFTWARE\Microsoft\Silverlight','Version');
  if (AVer <> '') and (AVer<'5.1.41212.0') then
  begin
   AddToLog('Microsoft Silverlight '+AVer+A22);
   AddToLog('https://www.microsoft.com/getsilverlight/handlers/getsilverlight.ashx'+#13#10);
   ICounter:=ICounter+1;
  end;
end;

begin
  ClearLog;
  if GetAVZVersion<4.39 then begin
    ShowMessage('    AVZ  4.39  .'); Exit; end;
  if TranslateStr('$AVZ0075')='DLLs' then
  begin
   bRU := false;
   A00:='https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=';
   A01:='Install Service Pack 4 for Windows 2000';
   A02:='Windows 2000 lifecycle ended';
   A03:='Install Service Pack 3 for Windows XP';
   A04:='Install Service Pack 2 for Windows 2003';
   A05:='Install Windows Vista Service Pack 1 and 2';
   A06:='Search for critical vulnerabilities';
   A07:='Vulnerability in Server Service Could Allow Remote Code Execution';
   A08:='Vulnerabilities in SMB Server Could Allow Remote Code Execution';
   A09:='Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution';
   A10:='Cumulative Security Update for Internet Explorer';
   A11:='Cumulative Security Update of ActiveX Kill Bits';
   A12:='Vulnerability in Help and Support Center Could Allow Remote Code Execution';
   A13:='Vulnerability in Windows Shell Could Allow Remote Code Execution';
   A14:='Vulnerabilities in Adobe Flash Player for Internet Explorer';
   A15:='Vulnerabilities in Adobe Flash Player for Firefox/Safari/Opera';
   A16:='Install the newer Adobe Acrobat or uninstall vulnerable';
   A17:='On this computer installed Adobe Acrobat ';
   A18:='';
   A19:='Install the newer Adobe Reader or uninstall vulnerable.';
   A20:='On this computer installed Adobe Reader ';
   A21:='';
   A22:=' vulnerable. Uninstall it or install actual one';
   A23:='Vulnerabilities in Java JDK and JRE (32-bit). Uninstall it and install actual one:';
   A24:='https://www.java.com/en/download/manual.jsp';
   A25:=A22;
   A26:='Frequently used critical vulnerabilities not found.';
   A27:='Vulnerabilities found: ';
   A28:='Log saved in subfolder Log';
   A29:='Log saved in c:\avz_log.txt file';
   A30:='Vulnerability in Print Spooler Service Could Allow Remote Code Execution';
   A31:='Vulnerability in Windows Shell Graphics Processing could allow remote code execution';
   A32:='Install Windows Vista Service Pack 2';
   A33:='Update to the AutoPlay functionality in Windows';
   A34:='Don`t use Internet Explorer on Windows XP!';
   A35:='Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution';
   A36:='Vulnerability in Task Scheduler Could Allow Elevation of Privilege';
   A37:='Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege';
   A38:='Vulnerabilities in Windows Media Could Allow Remote Code Execution';
   A39:='dozens.';
   A40:='Vulnerability in Windows Common Controls Could Allow Remote Code Execution';
   A41:='This update require the SP3 installed on Microsoft Office 200';
   A42:='Unauthorized Digital Certificates Could Allow Spoofing';
   A43:='Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution';
   A44:='This update require the SP2 installed on Microsoft Office 2010'+#13#10+
        'https://www.microsoft.com/en-US/download/details.aspx?id=39667';
   A45:='Run Update as Administrator';
   A46:='Install new Internet Explorer'+#13#10+
        'https://windows.microsoft.com/en-US/internet-explorer/download-ie';
   A47:='Vulnerability in Microsoft Office Could Allow Remote Code Execution';
   A48:='Install Windows 7 Service Pack 1';
   A49:='Vulnerabilities in Windows kernel-mode drivers could allow remote code execution';
   A50:='Vulnerability in Microsoft Graphics component could allow remote code execution';
   A51:='Vulnerability in Windows kernel could allow elevation of privilege';
   A52:='Microsoft Office 2003 lifecycle ended. Use modern software.';
   A53:='UAC is disabled.';
   A54:='The elevation prompt for administrators in Admin Approval Mode in UAC is disabled.';
   A56:=#13#10+'https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses'+#13#10;
   A55:='Security Update for Microsoft Office Word 20';
   A57:='MS17-010: Security Update for Microsoft Windows SMB Server';
  end else
  begin
   bRU := true;
   A00:='https://www.microsoft.com/downloads/details.aspx?displaylang=ru&FamilyID=';
   A01:=' Service Pack 4  Windows 2000';
   A02:='  Windows 2000 ';
   A03:=' Service Pack 3  Windows XP. ,  .';
   A04:=' Service Pack 2  Windows 2003';
   A05:=' Service Pack 1  2  Windows Vista. ,  .';
   A06:='  ';
   A07:='       ';
   A08:='   SMB     ';
   A09:='  Microsoft DirectShow     ';
   A10:='     Internet Explorer';
   A11:='       ActiveX';
   A12:='      Windows';
   A13:='  Windows     ';
   A14:='  Adobe Flash Player  Internet Explorer';
   A15:='  Adobe Flash Player  Firefox/Safari/Opera';
   A16:='  Adobe Acrobat   ';
   A17:=' Adobe Acrobat  ';
   A18:='';
   A19:='  Adobe Reader   .';
   A20:=' Adobe Reader  ';
   A22:=' .     ';
   A21:='';
   A23:='   Java JDK  JRE (32- ).   .  ,  Java  :';
   A24:='https://www.java.com/ru/download/manual.jsp';
   A25:=' .     ';
   A26:='    .';
   A27:=' : ';
   A28:='   - Log';
   A29:='    c:\avz_log.txt';
   A30:='          ';
   A31:='     Windows     ';
   A32:=' Service Pack 2  Windows Vista. ,  .';
   A33:='    Windows';
   A34:='  Internet Explorer  Windows XP!';
   A35:='    Windows,     ';
   A36:='        ';
   A37:='   Windows      ';
   A38:='  Windows Media     ';
   A39:='.';
   A40:='    Windows     ';
   A41:='      SP3  Microsoft Office 200';
   A42:='      ';
   A43:='  MSXML     ';
   A44:='      SP2  Microsoft Office 2010'+#13#10+
        'https://www.microsoft.com/ru-ru/download/details.aspx?id=39667';
   A45:='    ';
   A46:='  Internet Explorer'+#13#10+
        'https://windows.microsoft.com/ru-ru/internet-explorer/download-ie';
   A47:='    Microsoft Office 2003';
   A48:=' Service Pack 1  Windows 7. ,  .';
   A49:='    Windows     ';
   A50:='  Microsoft Graphics     ';
   A51:='   Windows     ';
   A52:='  Microsoft Office 2003 .   .';
   A53:='UAC (  ) .';
   A54:='  UAC (  )     .';
   A56:=#13#10+'https://support.microsoft.com/ru-ru/help/17228/windows-protect-my-pc-from-viruses'+#13#10;
   A55:='    Microsoft Office Word 20';
   A57:='MS17-010:    Windows SMB Server';
   if '' = '?' then
     Addtolog('Pered kopirovaniem skripta izmenite raskladku klaviatury na russkuyu.'+#13#10);
end;
  D01:='';
  if ValidDate('17.02.2011') then
  begin
   D01:='17.02.2011'; // MS11-020
   D02:='14.10.2019'; // CVE-2019-1429
   D03:='05.05.2013'; // MS13-051
   D04:='21.01.2011'; // MS11-006
   D05:='10.07.2009'; // KB971029
   D06:='23.11.2011'; // MS11-087
   D07:='02.11.2010'; // MS10-092
   D08:='15.10.2010'; // MS11-011
   D09:='14.10.2011'; // MS12-004
   D10:='04.06.2012'; // MS12-043
   D11:='03.06.2013'; // MS13-053
   D12:='19.10.2013'; // MS13-096
   D13:='26.11.2013'; // MS14-002
   D14:='17.11.2015'; // MS15-131
   if (IOSVer = 32) or (IOSVer = 132) then D15:='15.08.2016'
     else D15:='13.12.2018'; // CVE-2018-8653
   D16:='17.04.2015'; // MS15-051
   D17:='10.02.2017'; // MS17-010
   D18:='18.03.2020'; // CVE-2020-0938, CVE-2020-1020
  end;
  if ValidDate('17/02/2011') then
  begin
   D01:='17/02/2011';
   D02:='14/10/2019';
   D03:='05/05/2013';
   D04:='21/01/2011';
   D05:='10/07/2009';
   D06:='23/11/2011';
   D07:='02/11/2010';
   D08:='15/10/2010';
   D09:='14/10/2011';
   D10:='04/06/2012';
   D11:='03/06/2013';
   D12:='19/10/2013';
   D13:='26/11/2013';
   D14:='17/11/2015';
   if (IOSVer = 32) or (IOSVer = 132) then D15:='15/08/2016'
     else D15:='13/12/2018';
   D16:='17/04/2015';
   D17:='10/02/2017';
   D18:='18/03/2020';
  end;
  if ValidDate('02/17/2011') then
  begin
   D01:='02/17/2011';
   D02:='10/14/2019';
   D03:='05/05/2013';
   D04:='01/21/2011';
   D05:='07/10/2009';
   D06:='11/23/2011';
   D07:='11/02/2010';
   D08:='10/15/2010';
   D09:='10/14/2011';
   D10:='06/04/2012';
   D11:='06/03/2013';
   D12:='10/19/2013';
   D13:='11/26/2013';
   D14:='11/17/2015';
   if (IOSVer = 32) or (IOSVer = 132) then D15:='08/15/2016'
     else D15:='12/13/2018';
   D16:='04/17/2015';
   D17:='02/10/2017';
   D18:='03/18/2020';
  end;
  if  D01 = '' then
  begin
    MessageDlg('Unsupported date format', mtInformation, mbOk, 0);
    exit;
  end;

  if ValidFloat('1.0') then
   begin
     Dot := '.';
     notDot := ',';
   end
  else
   begin
     Dot := ',';
     notDot := '.';
   end;
  ICounter:=0; noSP:=false; IOSVer := 0;
  AddToLog(A06);
  WinVuln;
  MSOffice;
  AdobeFlashVuln;
  AdobeReaderVuln;
  FireFoxVuln;
  JavaVuln;
  OperaVuln;
  QuickTimeVuln;
  SilverlightVuln;

  if (ICounter=0) then
  begin
   AddToLog(A26);
   MessageDlg(A26, mtInformation, mbOk, 0);
  end
  else
  begin
   if noSP then
     AddToLog(A27+A39)
   else
      AddToLog(A27+IntToStr(ICounter));
   SaveLog(GetAVZDirectory+'log\avz_log.txt');
   if FileExists(GetAVZDirectory+'log\avz_log.txt') then
     AddToLog(A28)
   else
   begin
    SaveLog('c:\avz_log.txt');
    AddToLog(A29);
   end;
  end;
end.
