Sysinternals/autoruns-autorunsc

From aldeid
Jump to: navigation, search

Description

Autorunsc shows programs configured to autostart during boot.

Installation

Download link: http://download.sysinternals.com/files/Autoruns.zip

Usage

Autoruns

Autoruns.png

Autorunsc

Usage

Usage: autorunsc [-x] [[-a] | [-b] [-c] [-d] [-e] [-g] [-h] [-i] [-k] [-l] [-m]
[-o] [-p] [-r] [-s] [-v] [-w] [[-z <systemroot> <userprofile>] | [user]]]

Options

-a
Show all entries.
-b
Boot execute.
-c
Print output as CSV.
-d
Appinit DLLs.
-e
Explorer addons.
-f
Show file hashes.
-g
Sidebar gadgets (Vista and higher)
-h
Image hijacks.
-i
Internet Explorer addons.
-k
Known DLLs.
-l
Logon startups (this is the default).
-m
Hide Microsoft entries (signed entries if used with -v).
-n
Winsock protocol and network providers.
-o
Codecs.
-p
Printer monitor DLLs.
-r
LSA security providers.
-s
Autostart services and non-disabled drivers.
-t
Scheduled tasks.
-v
Verify digital signatures.
-w
Winlogon entries.
-x
Print output as XML.
-z
Specifies the offline Windows system to scan.
user
Specifies the name of the user account for which autorun items will be shown. Specify '*' to scan all user profiles.

Example

C:\tools>autorunsc.exe

Sysinternals Autoruns v11.60 - Autostart program viewer
Copyright (C) 2002-2013 Mark Russinovich and Bryce Cogswell
Sysinternals - www.sysinternals.com


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
   Entry last modified: 21/01/2012 18:02
   rdpclip
     rdpclip
     RDP Clip Monitor
     Microsoft Corporation
     5.1.2600.5512
     c:\windows\system32\rdpclip.exe
     13/04/2008 20:38

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
   Entry last modified: 30/07/2013 13:26
   C:\WINDOWS\system32\userinit.exe
     C:\WINDOWS\system32\userinit.exe
     Application d'ouverture de session Userinit
     Microsoft Corporation
     5.1.2600.5512
     c:\windows\system32\userinit.exe
     13/04/2008 20:32

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
   Entry last modified: 30/07/2013 13:26
   rundll32
     rundll32
     Exécuter une DLL en tant qu'application
     Microsoft Corporation
     5.1.2600.5512
     c:\windows\system32\rundll32.exe
     13/04/2008 20:37

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
   Entry last modified: 28/03/2013 22:53
   explorer.exe
     explorer.exe
     Explorateur Windows
     Microsoft Corporation
     6.0.2900.5512
     c:\windows\explorer.exe
     13/04/2008 21:17

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
   Entry last modified: 30/07/2013 13:26
   Explorer.exe
     Explorer.exe
     Explorateur Windows
     Microsoft Corporation
     6.0.2900.5512
     c:\windows\explorer.exe
     13/04/2008 21:17

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell
   Entry last modified: 30/07/2013 13:26
   cmd.exe
     cmd.exe
     Interpréteur de commandes Windows
     Microsoft Corporation
     5.1.2600.5512
     c:\windows\system32\cmd.exe
     13/04/2008 21:14

Comments

blog comments powered by Disqus