Window Server 檢查開機自動執行- Autoruns for Windows ...

在一般Window 7 或Window Server 2012 如果要查看當系統開機時會自動執行哪些程式，我們會使用內建命令「msconfig」，但是這只能看到很粗淺的啟動項目 ... 黃昏的甘蔗上善若水。

水善利萬物而不爭，處眾人之所惡，故幾於道。

日誌相簿影音好友名片 201611291440WindowServer檢查開機自動執行-AutorunsforWindows?系統與資安 在一般Window7或WindowServer2012如果要查看當系統開機時會自動執行哪些程式，我們會使用內建命令「msconfig」，但是這只能看到很粗淺的啟動項目，所以建議改用「AutorunsforWindows」來進一步查看。

底下這個畫面，是msconfig的執行畫面，可以簡單的把不要自動執行的程式打勾拿掉（可能需要重新開機）。

  這篇主要介紹的是「AutorunsforWindows」目前版本是v13.62，這是由微軟的Technet網頁所提供 https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx 安全性上應該可以信任。

官方說明：Thisutility,whichhasthemostcomprehensiveknowledgeofauto-startinglocationsofanystartupmonitor,showsyouwhatprogramsareconfiguredtorunduringsystembootuporlogin,andwhenyoustartvariousbuilt-inWindowsapplicationslikeInternetExplorer,Explorerandmediaplayers. 下載點：https://download.sysinternals.com/files/Autoruns.zip  首先連結到 https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx  下載後為一個zip壓縮檔，解壓縮後會得到下圖的6個檔案，32或64位元請依自己系統判斷執行，而檔名autorunsc  則是命令列模式的指令，所以一般選「Autoruns.exe」或「Autoruns64.exe」來執行就可以。

執行 Autoruns64.exe 會出現底下的同意畫面 Autoruns.exe的執行畫面，點選「Everything」頁籤觀看所有autorun的程式功能在要處理的項目按滑鼠右鍵跳出底下選單，可以選擇delete或其他屬性 在這隻程式也可以看其他類型的autorun程式 當你要把某項拿掉或打勾拿掉，系統會跳出底下畫面來要你確認，確定就按下「RunasAdministrator」就可以改變了 ~End 最後大家不妨來逛逛 https://technet.microsoft.com/en-us/sysinternals/bb545027 看看這個完整的SysinternalsSuite可以幫你怎麼管理、監督你的window機器。

SysinternalsUtilitiesIndex   SysinternalsSuiteTheentiresetofSysinternalsUtilitiesrolledupintoasingledownload. SysinternalsSuiteforNanoServerSysinternalsUtilitiesforNanoServerinasingledownload. AccessChkv6.02(July4,2016)AccessChkisacommand-linetoolforviewingtheeffectivepermissionsonfiles,registrykeys,services,processes,kernelobjects,andmore. AccessEnumv1.32(November1,2006)Thissimpleyetpowerfulsecuritytoolshowsyouwhohaswhataccesstodirectories,filesandRegistrykeysonyoursystems.Useittofindholesinyourpermissions. AdExplorerv1.44(November15,2012)ActiveDirectoryExplorerisanadvancedActiveDirectory(AD)viewerandeditor.AdInsightv1.2(October26,2015)AnLDAP(Light-weightDirectoryAccessProtocol)real-timemonitoringtoolaimedattroubleshootingActiveDirectoryclientapplications. AdRestorev1.1(November1,2006)UndeleteServer2003ActiveDirectoryobjects. Autologonv3.10(August29,2016)Bypasspasswordscreenduringlogon. Autorunsv13.62(July29,2016)Seewhatprogramsareconfiguredtostartupautomaticallywhenyoursystembootsandyoulogin.AutorunsalsoshowsyouthefulllistofRegistryandfilelocationswhereapplicationscanconfigureauto-startsettings. BgInfov4.21(October26,2015)Thisfully-configurableprogramautomaticallygeneratesdesktopbackgroundsthatincludeimportantinformationaboutthesystemincludingIPaddresses,computername,networkadapters,andmore. BlueScreenv3.2(November1,2006)ThisscreensavernotonlyaccuratelysimulatesBlueScreens,butsimulatedrebootsaswell(completewithCHKDSK),andworksonWindowsNT4,Windows2000,WindowsXP,Server2003andWindows95and98. CacheSetv1.0(November1,2006)CacheSetisaprogramthatallowsyoutocontroltheCacheManager'sworkingsetsizeusingfunctionsprovidedbyNT.It'scompatiblewithallversionsofNT. ClockResv2.1(July4,2016)Viewtheresolutionofthesystemclock,whichisalsothemaximumtimerresolution. Contigv1.8(July4,2016)Wishyoucouldquicklydefragmentyourfrequentlyusedfiles?UseContigtooptimizeindividualfiles,ortocreatenewfilesthatarecontiguous. Coreinfov3.31(August18,2014)Coreinfoisanewcommand-lineutilitythatshowsyouthemappingbetweenlogicalprocessorsandthephysicalprocessor,NUMAnode,andsocketonwhichtheyreside,aswellasthecache’sassignedtoeachlogicalprocessor. Ctrl2capv2.0(November1,2006)Thisisakernel-modedriverthatdemonstrateskeyboardinputfilteringjustabovethekeyboardclassdriverinordertoturncaps-locksintocontrolkeys.FilteringatthislevelallowsconversionandhidingofkeysbeforeNTeven"sees"them.Ctrl2capalsoshowshowtouseNtDisplayString()toprintmessagestotheinitializationblue-screen. DebugViewv4.81(December4,2012)AnotherfirstfromSysinternals:ThisprograminterceptscallsmadetoDbgPrintbydevicedriversandOutputDebugStringmadebyWin32programs.ItallowsforviewingandrecordingofdebugsessionoutputonyourlocalmachineoracrosstheInternetwithoutanactivedebugger. Desktopsv2.0(October17,2012)Thisnewutilityenablesyoutocreateuptofourvirtualdesktopsandtouseatrayinterfaceorhotkeystopreviewwhat’soneachdesktopandeasilyswitchbetweenthem. Disk2vhdv2.01(January21,2014)Disk2vhdsimplifiesthemigrationofphysicalsystemsintovirtualmachines(p2v). DiskExtv1.2(July4,2016)Displayvolumedisk-mappings. Diskmonv2.01(November1,2006)Thisutilitycapturesallharddiskactivityoractslikeasoftwarediskactivitylightinyoursystemtray. DiskViewv2.4(March25,2010)Graphicaldisksectorutility. DiskUsage(DU)v1.6(July4,2016)Viewdiskusagebydirectory. EFSDumpv1.02(November1,2006)Viewinformationforencryptedfiles. FindLinksv1.1(July4,2016)FindLinksreportsthefileindexandanyhardlinks(alternatefilepathsonthesamevolume)thatexistforthespecifiedfile. Afile'sdataremainsallocatedsolongasatithasatleastonefilenamereferencingit. Handlev4.1(July4,2016)Thishandycommand-lineutilitywillshowyouwhatfilesareopenbywhichprocesses,andmuchmore. Hex2decv1.1(July4,2016)Converthexnumberstodecimalandviceversa. Junctionv1.07(July4,2016)CreateWin2KNTFSsymboliclinks. LDMDumpv1.02(November1,2006)DumpthecontentsoftheLogicalDiskManager'son-diskdatabase,whichdescribesthepartitioningofWindows2000Dynamicdisks. ListDLLsv3.2(July4,2016)ListalltheDLLsthatarecurrentlyloaded,includingwheretheyareloadedandtheirversionnumbers. LiveKdv5.6(November18,2016)UseMicrosoftkerneldebuggerstoexaminealivesystem. LoadOrderv1.01(July4,2016)SeetheorderinwhichdevicesareloadedonyourWinNT/2Ksystem. LogonSessionsv1.4(July4,2016)Listtheactivelogonsessionsonasystem. MoveFilev1.01(January24,2013)Allowsyoutoschedulemoveanddeletecommandsforthenextreboot. NotMyFaultv4.01(November18,2016)Notmyfaultisatoolthatyoucanusetocrash,hang,andcausekernelmemoryleaksonyourWindowssystem. NTFSInfov1.2(July4,2016)UseNTFSInfotoseedetailedinformationaboutNTFSvolumes,includingthesizeandlocationoftheMasterFileTable(MFT)andMFT-zone,aswellasthesizesoftheNTFSmeta-datafiles. PendMovesv1.2(February5,2013)Enumeratethelistoffilerenameanddeletecommandsthatwillbeexecutedthenextboot. PipeListv1.02(July4,2016)Displaysthenamedpipesonyoursystem,includingthenumberofmaximuminstancesandactiveinstancesforeachpipe. PortMonv3.03(January12,2012)Monitorserialandparallelportactivitywiththisadvancedmonitoringtool.ItknowsaboutallstandardserialandparallelIOCTLsandevenshowsyouaportionofthedatabeingsentandreceived.Version3.xhaspowerfulnewUIenhancementsandadvancedfilteringcapabilities. ProcDumpv8.2(November18,2016)Thiscommand-lineutilityisaimedatcapturingprocessdumpsofotherwisedifficulttoisolateandreproduceCPUspikes.Italsoservesasageneralprocessdumpcreationutilityandcanalsomonitorandgenerateprocessdumpswhenaprocesshasahungwindoworunhandledexception. ProcessExplorerv16.20(November18,2016)Findoutwhatfiles,registrykeysandotherobjectsprocesseshaveopen,whichDLLstheyhaveloaded,andmore.Thisuniquelypowerfulutilitywillevenshowyouwhoownseachprocess. ProcessMonitorv3.31(August29,2016)Monitorfilesystem,Registry,process,threadandDLLactivityinreal-time. PsExecv2.11(May2,2014)Executeprocessesonremotesystems. PsFilev1.02(December4,2006)Seewhatfilesareopenedremotely. PsGetSidv1.44(April28,2010)DisplaystheSIDofacomputerorauser. PsInfov1.77(April28,2010)Obtaininformationaboutasystem. PsKillv1.15(June28,2012)Terminatelocalorremoteprocesses. PsPingv2.01(January29,2014)Measurenetworkperformance. PsListv1.3(March23,2012)Showinformationaboutprocessesandthreads. PsLoggedOnv1.34(April28,2010)Showusersloggedontoasystem. PsLogListv2.71(April28,2010)Dumpeventlogrecords. PsPasswdv1.23(October17,2012)Changesaccountpasswords. PsServicev2.24(April28,2010)Viewandcontrolservices. PsShutdownv2.52(December4,2006)Shutsdownandoptionallyrebootsacomputer. PsSuspendv1.06(December4,2006)Suspendandresumeprocesses. PsToolsv2.45(July4,2016)ThePsToolssuiteincludescommand-lineutilitiesforlistingtheprocessesrunningonlocalorremotecomputers,runningprocessesremotely,rebootingcomputers,dumpingeventlogs,andmore. RAMMapv1.5(February2,2016)Anadvancedphysicalmemoryusageanalysisutilitythatpresentsusageinformationindifferentwaysonitsseveraldifferenttabs. RegDelNullv1.11(July4,2016)ScanforanddeleteRegistrykeysthatcontainembeddednull-charactersthatareotherwiseundeleteablebystandardRegistry-editingtools. RegistryUsage(RU)v1.2(July4,2016)Viewtheregistryspaceusageforthespecifiedregistrykey. RegJumpv1.1(April20,2015)JumptotheregistrypathyouspecifyinRegedit. SDeletev2.0(July4,2016)SecurelyoverwriteyoursensitivefilesandcleanseyourfreespaceofpreviouslydeletedfilesusingthisDoD-compliantsecuredeleteprogram. ShareEnumv1.6(November1,2006)Scanfilesharesonyournetworkandviewtheirsecuritysettingstoclosesecurityholes. ShellRunasv1.01(February28,2008)Launchprogramsasadifferentuserviaaconvenientshellcontext-menuentry. Sigcheckv2.54(August29,2016)Dumpfileversioninformationandverifythatimagesonyoursystemaredigitallysigned. Streamsv1.6(July4,2016)RevealNTFSalternatestreams. Stringsv2.52(June20,2013)SearchforANSIandUNICODEstringsinbinaryimages. Syncv2.2(July4,2016)Flushcacheddatatodisk. Sysmonv5.0(November18,2016)MonitorsandreportskeysystemactivityviatheWindowseventlog. TCPViewv3.05(July25,2011)Activesocketcommand-lineviewer. VMMapv3.21(July20,2015)VMMapisaprocessvirtualandphysicalmemoryanalysisutility. VolumeIdv2.1(July4,2016)SetVolumeIDofFATorNTFSdrives. Whoisv1.14(July4,2016)SeewhoownsanInternetaddress. WinObjv2.22(February14,2011)TheultimateObjectManagernamespaceviewerishere. ZoomItv4.5(June20,2013)Presentationutilityforzoominganddrawingonthescreen. 黃昏的甘蔗/Xuite日誌/回應(0)/引用(0)抓取GoogleApps...|日誌首頁|[MSSQL]刪除資料庫被插...上一篇抓取GoogleAppsforEducation的使用者資訊-adminSDK-.netC#...下一篇[MSSQL]刪除資料庫被插入的惡意內容-SQL字串函數處理...回應 GoogleSearch Google 全部展開|全部收合 累積|今日loading...... 平均分數：0顆星投票人數：0人我要評分： Google