Some people are suspicious of the 'UserAssist' entries in the registry, mostly because they are encrypted. Here's a small script that will decrypt those entries:
Code:
;;Author: Kostic Dejan
;;Date: 07.04.2006
Gui, Add, ListView, vLst w700 h500 altsubmit, Path|Name|Data
Loop,HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\count
{
RegRead, rval
LV_Add("","{5E6AB780-7743-11CF-A12B-00AA004AE837}",a_loopregname,rval)
}
Loop,HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\count
{
RegRead, rsv
LV_Add("","{75048700-EF1F-11D0-9888-006097DEACF9}",a_loopregname,rsv)
}
Gui,add,button,gdec,&Decrypt
Gui, Show
LV_ModifyCol(1,"100")
LV_ModifyCol(2,"485")
LV_ModifyCol(3,"100")
return
dec:
SetBatchLines,-1
LV_Delete()
SplashImage,,b1 c1,,Decrypting`nPlease wait...
Loop,HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\count
{
RegRead, rval
d2:=StringMod(a_loopregname,26-13)
LV_Add("","{5E6AB780-7743-11CF-A12B-00AA004AE837}",d2,rval)
}
Loop,HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\count
{
RegRead, rsv
d3:=StringMod(a_loopregname,26-13)
LV_Add("","{75048700-EF1F-11D0-9888-006097DEACF9}",d3,rsv)
}
SplashImage,off
return
StringMod(_string, _chars="") ;made by PhiLho, adapted by me
{
Loop Parse, _string
{
char := Asc(A_LoopField)
o := Asc("A") * (Asc("A") <= char && char <= Asc("Z")) + Asc("a") * (Asc("a") <= char && char <= Asc("z"))
If (o > 0)
{
char := Mod(char - o + _chars, 26)
char := Chr(char + o)
}
Else
{
char := A_LoopField
}
rStr := rStr char
}
Return rStr
}
GuiClose:
ExitApp
Improvements are always welcome.
Login
Register
FAQ
Search
