Windows Sysinternals Autoruns for Windows 是查看、监视和控制以及禁用启动程序(disable startup programs)的最佳工具之一。此便携式工具在运行时会提供配置为在 Windows 启动时运行的所有程序的完整列表。Autoruns 是一个启动清理实用程序,类似于MSCONFIG 实用程序(MSCONFIG utility),但功能更强大。MSCONFIG 只显示启动和服务,它不检查数字签名,这意味着任何东西都可以隐藏。
适用于 Windows 10 的自动运行
Autoruns不仅会显示放置在Startup 文件夹(Startup folder)中的启动程序、Run、RunOnce 或其他注册表项(other registry keys),还会详细显示File Explorer和Internet Explorer shell 扩展、工具栏、浏览器帮助对象(Browser Helper Objects)、上下文菜单启动的项目、启动的驱动程序(Drivers)、服务(Services)、Winlogon项目、编解码器(Codecs)、WinSock提供程序等等!因此,它也可用作上下文菜单编辑器,让您在文件资源管理器(in File Explorer )和Internet Explorer中管理上下文菜单项。
自动运行(Autoruns)将显示来自以下位置的条目:
- 登录。(Logon.) 此条目会扫描标准自动启动位置,例如当前用户和所有用户的启动文件夹、(Startup)运行注册表(Run Registry)项和标准应用程序启动位置。
- 探险家。(Explorer.) 此条目显示Explorer shell 扩展、浏览器帮助对象、资源管理器工具栏、活动设置执行和 shell 执行挂钩。
- IE浏览器。(Internet Explorer.) 此条目显示浏览器帮助程序对象(Browser Helper Objects)(BHO)、Internet Explorer工具栏和扩展。
- 服务。(Services.)它显示所有配置为在系统启动时自动启动的Windows服务。(Windows)
- 司机。(Drivers.)这将显示系统上注册的所有内核模式驱动程序,但禁用的驱动程序除外。
- 计划任务。(Scheduled Tasks.) 任务(Task)计划程序任务配置为在引导或登录时启动。
- AppInit DLL。(AppInit DLLs.) 这有 Autoruns 显示 注册为应用程序初始化DLL的(DLLs)DLL(DLLs)。
- 启动 执行(Boot Execute)在启动过程早期运行的本机映像(与Windows映像相反)。(Windows)
- 图像劫持(Image Hijacks) 图像文件执行选项和命令提示符自动启动。
- 已知的 DLL。(Known DLLs.) 这会报告 Windows 加载到引用它们的应用程序中的DLL的位置。(DLLs)
- Winlogon 通知。(Winlogon Notifications.) 显示注册登录事件的Winlogon通知的DLL 。(Shows DLLs)
- Winsock 提供商。(Winsock Providers.) 显示已注册的Winsock 协议,包括Winsock 服务提供程序。恶意软件(Malware)通常将自身安装为Winsock 服务提供商,因为很少有工具可以删除它们。自动运行可以禁用它们,但不能删除它们。
- LSA 提供者。(LSA Providers.) 显示(Shows)注册本地安全机构(Local Security Authority)( LSA ) 身份验证、通知和安全包。
- 打印机监视器驱动程序。(Printer Monitor Drivers.) 显示 加载到后台打印服务中的DLL 。(DLLs)恶意软件(Malware)已使用此支持自动启动自身。
- 侧边栏。(Sidebar.)显示 Windows 边栏小工具。
通过单击Autoruns.exe打开此实用程序。从Options > Filter选项中,您可能希望首先选择验证代码签名(Verify Code Signatures)和隐藏签名的 Microsoft 条目(Hide Signed Microsoft Entries)。检查这两个并点击重新扫描(Rescan) 按钮或 F5 以刷新扫描。
如果您不想在下次启动或登录时激活某个条目,您可以禁用或删除它。要禁用条目,请取消选中它。要删除它,请右键单击该条目并选择Delete。
如果您分别选择Jump to Entry或Jump to Image ,右键菜单还可以让您直接跳转到Windows Registry中的相关注册表位置,或File Explorer中的文件。
下载包还包括一个可以以CSV格式输出的等效命令行Autorunsc.exe。
Autoruns 不仅会通过加密签名验证加载到Windows中的所有内容的真实性,而且还会识别已被篡改的文件。使用隐藏所有 Microsoft 条目(Hide all the Microsoft entries),您还可以发现可能不需要或危险的条目、Crapware和已添加到您的系统的第三方自动启动图像,并使用这个出色的工具轻松禁用它。
我们已经看到了几个管理启动程序(manage start up programs)的免费软件。在第三方免费软件中,WinPatrol 绰绰有余,因为它还可以监视对您的系统所做的更改,但是正在寻找一个强大的工具来理解和控制所有Windows 启动的高级用户 – Autoruns(Windows – Autoruns)将是一个工具去。在TechNet(TechNet)上获取它。
How to use Microsoft Autoruns for Windows 10
Windows Sysinternals Autoruns for Windows is one of the best tools to view, monitor and control and disable startup programs. This portable tool, when run, provides a comprehensive list of all programs that are configured to run when your Windows starts. Autoruns is a start-up cleaner utility that is similar to the MSCONFIG utility, but more powerful. MSCONFIG only shows you start-up and services and it doesn’t check digital signatures, which means anything can hide from it.
Autoruns for Windows 10
Autoruns will not just show the startup programs which are placed in your Startup folder, the Run, RunOnce or other registry keys, but it will also show you in details the File Explorer & Internet Explorer shell extensions, toolbars, Browser Helper Objects, context menu items that start, the Drivers which start up, the Services, Winlogon items, Codecs, WinSock providers and more! It thus also works as a context menu editor and lets you manage context menu items in File Explorer and in Internet Explorer.
Autoruns will display entries from the following location:
- Logon. This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations.
- Explorer. This entry shows Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks.
- Internet Explorer. This entry shows Browser Helper Objects (BHO’s), Internet Explorer toolbars and extensions.
- Services. It shows all Windows services configured to start automatically when the system boots.
- Drivers. This displays all kernel-mode drivers registered on the system except those that are disabled.
- Scheduled Tasks. Task scheduler tasks configured to start at boot or logon.
- AppInit DLLs. This has Autoruns shows DLLs registered as application initialization DLLs.
- Boot Execute Native images (as opposed to Windows images) that run early during the boot process.
- Image Hijacks Image file execution options and command prompt autostarts.
- Known DLLs. This reports the location of DLLs that Windows loads into applications that reference them.
- Winlogon Notifications. Shows DLLs that register for Winlogon notification of logon events.
- Winsock Providers. Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them.
- LSA Providers. Shows registers Local Security Authority (LSA) authentication, notification and security packages.
- Printer Monitor Drivers. Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself.
- Sidebar. Displays Windows Sidebar gadgets.
Open this utility by clicking on Autoruns.exe. From Options > Filter options, you may want to first select the Verify Code Signatures and Hide Signed Microsoft Entries. Check these two and hit the Rescan button or F5 to refresh the scan.
If you don’t want an entry to activate the next time you boot or log in you can either disable or delete it. To disable an entry uncheck it. To delete it, right-click on the entry and select Delete.
The right-click menu also lets you directly jump to the concerned registry location in Windows Registry, or the file in File Explorer, if you select Jump to Entry or Jump to Image, respectively.
The download package also includes a command-line equivalent that can output in CSV format, Autorunsc.exe.
Not only will Autoruns verify the authenticity of everything being loaded into Windows through cryptographic signatures, but it also recognizes files that have been tampered with. Using the Hide all the Microsoft entries, and you can also spot potentially unwanted or dangerous entries, Crapware, and third-party auto-starting images that have been added to your system and easily disable it with this wonderful tool.
We have already seen several freeware to manage start up programs. Among third-party freeware, WinPatrol would more than suffice, as it also keeps a watch on the changes made to your system, But power users who are looking for a powerful tool to understand and control all that starts up with Windows – Autoruns would be a tool to go in for. Go get it at TechNet.