Autoruns

From EJP Documentation
Jump to navigation Jump to search

Autoruns is a part of the Sysinternals Suite.

Download link http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig.

Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You'll probably be surprised at how many executables are launched automatically!

Starting Autoruns

Autoruns example (1).png
  • Autoruns may have a shortcut already so you can search for it int he start menu
  • If it isn't already, then you can find it in the Sysinternals directory.


Autoruns main screen

Autoruns example (2).png
  • There is a lot going on here but the main ides is that this is showing you all the processes that are starting up.
  • You can disable an item by unselecting a checkbox.
  • It is preferable to disable rather than delete, so that you can keep track of what you removed, and so that you can reenable it if you later discover you made a mistake