Autoruns adalah program portable freeware yang sangat berguna untuk mengetahui apa saja yang diload windows waktu booting. Dari mulai start-up group, explorer, internet explorer plug-ins dan add-on na, scheduled taks, services, drivers, winsock provider, etc.
Yang mau ditekankan disini adalah tempat-tempat dimana virus atau worm biasa bercokol menunggu untuk diload oleh Windows. yaitu pada tab Logon, Scheduled Taks, Boot Execute, Image Hijack, Winlogon, Appinit [attachment=4]
Jika kamu menemukan entry-entry yang mencurigakan pada tab tersebut (seperti nama entry yang aneh, tidak ada deskripsinya, tidak ada publishernya dan image pathnya rada aneh), cukup dengan menghilangkan tanda cek di sebelah kiri entry tersebut sebagai langkah preventif dan pencegahan terhadap aktivitas virus atau worm tinggal (resident) di memori (RAM) saat booting windows
Berikut kutipan artikel / penjelasan tentang aplikasi Autoruns dari situs resminya www.sysinternals.com :
Introduction
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.
You'll probably be surprised at how many executables are launched automatically!
Autoruns works on Windows 2000 SP4 Rollup 1 or above.
Usage
Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers. Switch tabs to view autostarts from different categories.
To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.
Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the Jump menu item or toolbar button.
To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.
Select entries in the User menu to view auto-starting images for different user accounts.
More information on display options and additional information is available in the on-line help.
Autorunsc Usage
Autorunsc is the command-line version of Autoruns. Its usage syntax is:
Usage: autorunsc [-a] | [-c] [-b] [-d] [-e] [-g] [-h] [-i] [-l] [-m] [-n] [-p] [-r] [-s] [-v] [-w] [-x] [user]
-a
Show all entries.
-b
Boot execute.
-c
Print output as CSV.
-d
Appinit DLLs.
-e
Explorer addons.
-g
Sidebar gadgets (Vista and higher).
-h
Image hijacks.
-i
Internet Explorer addons.
-l
Logon startups (this is the default).
-m
Hide signed Microsoft entries.
-n
Winsock protocol and network providers.
-p
Printer monitor drivers.
-r
LSA providers.
-s
Autostart services and non-disabled drivers.
-t
Scheduled tasks.
-v
Verify digital signatures.
-w
Winlogon entries.
-x
Print output as XML.
user
Specifies the name of the user account for which autorun items will be shown.
DOWNLOAD AUTORUNS for WINDOWS V.9.35
Download freeware Autoruns and Autorunsc (562 KB)
(From Net)
0 komentar:
:@ :~ :| :)) :( :s :(( :o
Posting Komentar