The format CLSID in the Windows registry.

The Windows operating system and more precisely its register widely used format Class identify more commonly known as CLSID.

The CLSIDS are in the form of «» GUID » (Globally Unique identifying) and are stored in the Windows registry Base. They are used to identify objects of the class "COM." (Component Object Model)

Each object is associated with a CLSID that can in turn point to an object in the application as for example a dynamic resource format (DLL) or an executable process. The CLSID is a string of 32 hexadecimal alphanumeric characters in the format {00000000-1111-2222-3333-444444444444}

ZHPDiag identifies orphan CLSID key under the name "SUP". Empty.CLSID ".

Although it is more used in recent management of objects technologies, the CLSID format is used for management of former COM objects.

Example of context menu item :

O108 – CMH1: 7-Zip [64Bits] – {23170F69-40C1 - 278-A - 1000-000100020000} . (.Igor Pavlov – 7-Zip Shell Extension.) — C:\Program Files (x86)\7-Zip7 - zip.dll =>.Igor Pavlov

The CLSID {23170F69-40C1 - 278-A - 1000-000100020000} at the level of the default value for the key ContextMenuHandler "7-Zip".. The key corresponding classes has this CLSID is pointing to the dynamic resource "7 - zip.dll»

Example of error object with CLSID COM :

This error message can intervene in case of deletion of the CLSID key used by a COM object.

COM with the CLSID object {1C2D16C7-51FA-4D9F-9133-262A526235F8} is not valid or is not.
Description : An unhandled exception occurred during the execution of the current Web request. Check the stack trace for more information about the error and its origin in the code.

Details of the exception: System.Runtime.InteropServices.COMException: COM with the CLSID object {1C2D16C7-51FA-4D9F-9133-262A526235F8} is not valid or is not.

Object with CLSID COM hijacking :

Some malware replace the CLSID key value data to launch their own application or load a harmful dynamic resource. Here is for example a diversion of tasks scheduled by l’Adware.Wizzcaster .

The job files «» zjwPaeaadZaNwF« , « PjDfytumxbayONn' and 'PjDfytumxbayONn2 '., places in the system folder will respectively start resources «» TeHmZqVTbvkzQ.dll "., 'emqTvz.dll' and 'emqTvz.dll '..

Ø38 – TASK: {3AA3BCEC-58EC-4A8D - B 8, 08 - 8090D05652F6}[\zjwPaeaadZaNwF] – (…) — C:\Program FilesJIdcnntTvnKU2TeHmZqVTbvkzQ.dll [437760]
Ø38 – TASK: {46CA7DF4-7C7F-4C04-965F-D7B67C62C0DE}[\PjDfytumxbayONn] – (…) — C:\Program FileskqEuPYMaUemqTvz.dll [284672]
Ø38 – TASK: {DE9DEF9A-0998-4ECC-B80B-545B72E4AE47}[\PjDfytumxbayONn2] – (…) — C:\Program FileskqEuPYMaUemqTvz.dll [284672]


Registry (BDR)

The registry database (BDR) is a database used by the Windows operating system. It contains data for configuration of the operating system and other software installed to use. In 2009, Microsoft uses the term Windows registry to talk about this database. Most often, users edit registry in a transparent way, via a GUI. There are cases where no GUI is planned : It is necessary to use the Regedit tool, but in this case, There is no railing, the software verifies none of the settings changed by the user, who can damage the system.