版本 10.04 / 2010.10.06
官網 live.Sysinternals.com ( 於2006年7月18日被微軟收購 )
說明 Download Autoruns.zip 直接下載 autoruns.exe
性質 freeware/en/Windows (WinXP to Win7)
autoruns.exe 大小 713 KB
autorunsc.exe 大小 581 KB
autoruns.exe MD5 738963EB93A402DD8EEA0B077F1A2965
autorunsc.exe MD5 431B6CC0D2F7383C38023C4B409522DA
一般來說,想要修改開機自動啟用的應用程式或是服務
都會使用 msconfig 系統設定公用程式 (System Configuration Utility) 來做修改
但是很多東西沒有那麼容易辨識,也不夠詳細
這時候就需要 Sysinternals 出版的 Autoruns 來做調整
有圖示、有 Description 描述說明、有 Publishers 出版商,是不是一目了然啊 ^^
有圖示、有 Description 描述說明、有 Publishers 出版商,是不是一目了然啊 ^^
話不多說,馬上就來Download Autoruns.zip
下載解壓縮後會看到四個文件 autoruns.chm autoruns.exe autorunsc.exe Eula.txt
autoruns.chm內容滿詳細的,如下所示
Logon This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.
Explorer Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
IE 瀏覽器
Internet Explorer This entry shows Browser Helper Objects (BHO's), Internet Explorer toolbars and extensions.
系統服務
Services All Windows services configured to start automatically when the system boots.
驅動程式
Drivers This displays all kernel-mode drivers registered on the system except those that are disabled.
工作排程
Scheduled Tasks Task scheduler tasks configured to start at boot or logon.
初始化應用程式
AppInit DLLs This has Autoruns shows DLLs registered as application initialization DLLs.
開機執行
Boot Execute Native images (as opposed to Windows images) that run early during the boot process.
影像攔截
Image Hijacks Image file execution options and command prompt autostarts.
已知DLLs
Known DLLs This reports the location of DLLs that Windows loads into applications that reference them.
系統登入
Winlogon Notifications Shows DLLs that register for Winlogon notification of logon events.
Winsock 提供者
Winsock Providers Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can uninstall them, but cannot disable them.
LSA 提供者
LSA Providers Shows registers Local Security Authority (LSA) authentication, notification and security packages.
列印監視器啟動
Printer Monitor Drivers Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.
補充工具欄
Sidebar Displays Windows Vista sidebar gadgets
autoruns.exe 就是重點啦( ̄▽ ̄)/
第一次執行請按 Agree
執行後會發現有很多可以調整的,剛剛的說明檔都有寫了
這時候就要看功力了,自行判斷哪些不需要的,把勾勾去掉或是 Delete 掉
尤其是 IE 已經夠肥,還有一堆外掛在上面,不過修改後請自行對系統的影響負責 ( ̄﹏ ̄)
真的不知道可以選擇 verify 驗證,verifed 表示驗證無誤,not verifed 表示沒有數位簽章
Jump to ... 則是可以跳到相關的登錄值,
或是 Search Online 馬上 Google 搜尋看看是不是可疑的東東
user 是我最喜歡的功能之一了,可以馬上切換不同身分,修改就方便多了( ̄▽ ̄)y
autorunsc.exe 適用於 command line,參數如下
Copyright (C) 2002-2010 Mark Russinovich and Bryce Cogswell
Sysinternals - www.sysinternals.com
Autorunsc shows programs configured to autostart during boot.
Usage: autorunsc [-x] [[-a] | [-b] [-c] [-d] [-e] [-g] [-h] [-i] [-k] [-l] [-m]
[-o] [-p] [-r] [-s] [-v] [-w] [[-z <systemroot> <userprofile>] | [user]]]
-a 顯示所有項目 Show all entries.
-b 開機執行 Boot execute.
-c 列印輸出成 CSV 檔 Print output as CSV.
-d 檔案總管增益集 Appinit DLLs.
-e 系統附加元件 Explorer addons.
-g 資訊看板小工具 Sidebar gadgets (Vista and higher)
-h 影像攔截 Image hijacks.
-i IE 附加元件 Internet Explorer addons.
-k 已知DLL函式庫 Known DLLs.
-l 登入啟動 Logon startups (this is the default).
-m 隱藏已簽署的 Microsoft 項目 Hide Microsoft entries (signed entries if used with -v).
-n Winsock 通訊協定與網路提供者 Winsock protocol and network providers.
-o 解碼器 Codecs.
-p 印表機監視器驅動程式 Printer monitor DLLs.
-r LSA 提供者 LSA security providers.
-s 自動啟動服務和非停用的驅動程式 Autostart services and non-disabled drivers.
-t 排定的工作 Scheduled tasks.
-v 確認數位簽章 Verify digital signatures.
-w Winlogon 項目 Winlogon entries.
-x 列印輸出成 XML檔 Print output as XML.
-z 指定 Windows 離線掃描 Specifies the offline Windows system to scan.
user 指定顯示使用者帳戶名稱的自動執行項目。 Specifies the name of the user account for which autorun items will be shown.
Eula.txt 顧名思義,就是終端使用者許可協定文件
呼...打完收工 v( ̄w ̄)v
沒有留言:
張貼留言