---

zip/pv.zip
pv.zip

---

lade pv.zip und anschließend entpacke es in einen eigenen Ordner. Anschließend starte runme.bat und dann die Auswahl 1 (ExplorerDLLs). Die erstellte Log-Datei....





Beispiel:

Menue-Beginn --> 1

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer
ntdll.dll 77f50000 679936 C:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll


Menue-Beginn --> 2

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer
ntdll.dll 77f50000 679936 C:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL


Menue-Beginn --> 3



Menue-Beginn --> 4

Module information for 'svchost.exe'
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 (xpclient.010817-1148) Generic Host Process for Win32 Services
ntdll.dll 77f50000 679936 C:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll


Menue-Beginn --> 5

Module information for 'winlogon.exe'
MODULE BASE SIZE PATH
winlogon.exe 1000000 450560 C:\WINDOWS\system32\winlogon.exe 5.1.2600.149 (xpclnt_qfe.021108-2107) Windows NT Logon Application
ntdll.dll 77f50000 679936 C:\WINDOWS\System32\ntdll.dll 5.1.2600.114 (xpclnt_qfe.021108-2107) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll


Menue-Beginn --> 6

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Menue-Beginn --> 8



1

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] "NoExplorer"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ReadMe-BHODemon] @="This BHO has been enabled by BHODemon." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]

2

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

Windows Registry Editor Version 5.00




[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"


"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

3

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER]

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\FILTER\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

6

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] "MenuText"="Sun Java Console" "CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" "ClsidExtension"="{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}] "MenuText"="@shdoclc.dll,-864" "MenuStatusBar"="@shdoclc.dll,-865" "Script"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,77,00,65,00,62,00,5c,00,72,00,65,00,6c,00,61,00,74,00,65,00,\ 64,00,2e,00,68,00,74,00,6d,00,00,00 "clsid"="{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" "Icon"=",4" "HotIcon"=",4" "ButtonText"="@shdoclc.dll,-866"

7 --> Suche in der Registry

---

Menue-Beginn --> 9



1 --> der zu killende Prozess ist hier einzugeben:



2 [C:\Window] + 3 [C:\Windows\System32] --> Suche



Menue-Beginn -->10

PrcView command line utility allows automating common task like figuring out if particular process is running or killing a running process on scheduler.

Checking if a particular process is running is easy. For example the following command will show all instances of explorer that are running:

pv explorer.exe

Setting a process priority is another common task. To set explorer priority to normal just type:

pv –pn explorer.exe
or if you like a "verbose" style

pv -p"Normal" explorer.exe

pv supports the common * and ? wildcards so that the following command will perfectly work by printing out all the processes starting with e

pv e*

Dont like a particular process and would like to kill it? The following command will do the job:

pv –k thisprocess.exe

And if you dont like additional questions and would like to force killing:

pv –kf thisprocess.exe

Dont like this particular instance of the process and know the window title? The following command will do the job (please note that \ need to be represented as a \\ combination if you enter it from the command line):

pv -k thisprocess.exe -w"c:\\"

pv.exe can be easealy executed from a batch file to check if process is running. When writing a command file please note that the ERRORLEVEL number specifies a true condition if the last program run returned an exit code equal to or _greater_ than the number specified.

The following script illustrates how this could be done:

@echo off
pv.exe %1 >nul
if ERRORLEVEL 1 goto Process_NotFound
:Process_Found
echo Process %1 is running
goto END
:Process_NotFound
echo Process %1 is not running
goto END
:END

Please note that redirecting standard errors by using 2>file_name does not work under 9x Windows. Please use "2>file_name" instead. This notation will be processed by pv.exe.

And finally a copy of the -? command:

PrcView v 3.7.2.4 command line utility by Igor Nys

Modes:

  -h,-?    --help      display this help information
  -k       --kill      kill PROCESS
  -a       --activate  activate PROCESS
  -c       --close     close (send WM_CLOSE) to the PROCESS
  -m       --module    show modules used by specified PROCESS
  -g       --getenv    get startup environment for the  PROCESS
  -p[nihr] --priority  set priority to "Normal", "Idle", "High", "Real Time"
    [ba]               "Below Normal" and "Above Normal" only on W2K or higher
  -t       --tree      display process tree, -te for computer-readable format
  -u       --usage     show processes that uses specified MODULE
  -s       --summary   show MODULE usage summary
  
Options:

  -f,      --force     never prompt
  -e,      --extend    show additional information if available
  -i,      --id        use process ID instead of the PROCESS name
  -q,      --quiet     supress headers and produce a tab-separated list
  -d[time] --delay     delay time in milliseconds before executing command
  -l[mask] --long      include process command line
  -w[mask] --window    show only processes with visible windows, -e show hidden
  -r	   --repeat    repeat command in a cycle

Arguments can contain '*' and '?' wildcards.
Process return code (%ERRORLEVEL%) can be used in batch files
0 - process found, 1 - empty result set, 2 - programm error

Examples:

pv myprocess.exe get process ID for myprocess.exe.
pv -e get extended list of running processes.
pv -k sleep* kill all processes starting with "sleep"
pv -m -e explorer.exe get extended information about explorer's modules
pv -u oleaut*.dll list of all processes that use matching dll
pv -ph w*.exe set priority to hight for all matching processes
pv explorer.exe -l"*/S" looks for explorer process with /S switch

Would like to add an example? Found any errors? Please write at support@prcview.com or contact me directly at igornys@writeme.com

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""