• What do the different colors mean in the autoruns program. We manage automatic loading using Autoruns. What should not be disabled

    Instructions

    Insert the disc into the drive and wait for the information to load on it. When the program autorun window appears, select the desired action. If this window does not appear when you start the disk, it means it was blocked for various reasons. In this case, launch it manually.

    Open “My Computer” and select the drive with the disk you need and double-click on it with the left mouse button. If no changes have occurred this time, right-click on it and select “Open” from the context menu. A disk browsing window will appear - find autorun.exe among the files and folders and double-click on it with the left mouse button.

    If you need to install any program that is located on your hard drive or removable drive, open the directory and find autorun.exe in it and run it, after which you will see the main installation menu. Please note that in some cases, autorun may not start due to the use of a limited account on the computer.

    If you are logged into the operating system under an account with limited rights, right-click on the authorization and select the “Open as administrator” context menu item. You will see a window where you will need to enter a password, if one was set when you initially configured the operating system settings.

    Log into the operating system under an administrator account, open the directory containing AutoRun, and launch it. Sometimes problems when opening an autorun may be due to the fact that the media or drive does not cope well with reading discs. Try copying it from the disk to your computer along with the rest of the content, or downloading another distribution of the program or game.

    Useful advice

    Disable autostart on your computer, this will help avoid viruses from removable media.

    If you need to create a startup file for a disk or for any other purposes, it is not necessary to resort to the help of specialized programs. The simplest autorun file can be created in a text editor without the use of additional knowledge. Autorun file (Autorun.inf) – used by Windows to automatically launch any application.

    You will need

    • Any text editor.

    Instructions

    Once you have downloaded the desired version of Windows, format your flash drive. After that, download the UNetbootin program. It will help you burn Windows. After downloading, install the program on your computer. Launch it. Find the "Disk Image" line and select the ISO value. Opposite the “File image” line there is a file browsing button. Click this button and specify the path to the Windows image.

    Find the “Type” line in the program window and specify the value “USB Device”. Opposite the “Media” line, select the flash drive on which Windows will be installed, and then click OK. The process of writing the operating system to the flash drive you specified will begin. Upon completion of the process, Windows will be installed on the USB flash drive.

    Now enter the BIOS and enable the ability to boot from USB drive. Also select a flash drive as the first source for starting the system. Save the settings in the BIOS and exit the system. The computer will reboot and the process of starting the operating system from the flash drive will begin.

    I don’t know about you, but I have a strong impression that the smaller the program, the better and more useful it is. This is why I adore small programs.

    Here is today’s description of the Autoruns program, another proof that the functional benefits of the program do not depend on its size.

    Autoruns is designed to display absolutely all startup items of the operating system. Naturally, in it you can (and should) disable or even delete unnecessary entries for automatic loading of programs, services, services...

    The program is initially portable, there is no need to install it - download it (235 kb.) and launch it right away...

    For more or less experienced users, there is nothing further to explain here - the program found and showed us absolutely everything that is automatically loaded with the system.

    All that remains is to analyze the displayed information a little and speed up Windows startup by disabling everything unnecessary. It's not as difficult and scary as it seems.



    Useful additional information on the website:

    For inexperienced and novice hackers, I will try to show and explain the logic that I followed when disabling or deleting unnecessary startup items.

    ATTENTION! NECESSARILY! To avoid problems with startup, various errors, and so on...

    Firstly: instead of deleting suspicious items, disable them first and only after a couple of days, if everything works well, you can delete them.

    Secondly: if you absolutely don’t know what line or program it is, don’t bother, don’t touch this startup item!!!

    So, we have a bunch of different tabs in the main program window...

    Let's choose, for example, “Sidebar Gadgets”. I DON'T HAVE A SIDE PANEL! IT'S DISCONNECTED! What kind of autoloading can there be? What's autoloading?

    More useful additional information on the website:

    It turns out that my antivirus gadget is lying there peacefully and slowing down the startup of the system - I delete it by right-clicking on the line and selecting “Delete” in the context menu!

    I don't use Windows Mail - I'm deleting it!

    Why do I need a whole service, constantly running, that monitors the release of updates for Skype? If necessary, I will check and update this program myself manually! I'm deleting this item!

    Again 25 - Windows Help is disabled for me already more than two years ago! And again this Skype - I don’t have it in startup, but is there some kind of item here? I don’t even get into it - I delete it!

    I don’t need a program to connect to a server via FTP in startup, I launch it myself when needed! I'm deleting! Sidebar again - I'm deleting it!

    Eh, where is my Chapaev saber? We go to the “Codecs” tab and faint! Everything you see can be disabled from startup! Absolutely everything! Why?

    Because any self-respecting video player has its own built-in codecs!!! And what’s more, these player’s personal codecs also don’t need to be downloaded all at once! When you start a video, the player itself will turn on the codec it needs for playback.

    How did I know that these were codecs from some player? I looked at the path to the file...

    So, for half an hour I waved the saber in the autoloader. After which I rebooted the system and checked all the programs that flashed in Autoruns and the items of which I so cruelly deleted - EVERYTHING WORKS WONDERFUL WITHOUT PROBLEMS!

    Oh yes, I completely forgot. There were also lines colored yellow with the inscription “Not Found”. I deleted them first, even forgetting to take a screenshot. There were about seven of them!

    - a small but very useful utility with which you can fully control startup Windows. Autoruns allows you to significantly reduce the boot time of the operating system, as well as find and neutralize a virus that has entered the system.

    In order to speed up the system boot process, you need to disable unnecessary applications. To do this, in the program you need to find the autorun entry corresponding to the application and uncheck the box next to it.

    You can download the Russian version of Autoruns. The program does not require installation: just unzip the downloaded archive and run the executable file AutoRuns.exe.

    The main program window will open:
    At first, it simply amazes you with the amount of information presented. Autoruns divides all autorun elements into sections corresponding to different autorun categories. To go to a category, just select the desired tab (“Login”, “Explorer”, “Scheduled Tasks”, “Services”, etc.). By default, the “tab” opens at startup. All” with display of all existing autorun points.

    The list of startup items is displayed in the order in which Windows processes them during the boot and user registration process. Information about autorun points is presented in several columns:

    • Autorun entry (program name)
    • Description (brief description of the process being launched)
    • Publisher (author of the program. If the program is not signed by anyone, then this should alert you - often unsigned files turn out to be viruses)
    • File path (path and name of the executable file)

    Some lines in the main program window may be highlighted in color. Records that seem suspicious to the program are highlighted in pink. Those autorun elements that were not detected in the system due to their deletion are highlighted in yellow. To remove an unnecessary application from startup, simply uncheck the box next to it.

    One of the main tasks of using Autoruns is search and neutralize malware. If you find some suspicious entry in the list of startup items, try analyzing it in detail:

    • Select the entry and look at the description and information about the publisher at the bottom of the program window;

    • Right-click on the entry under study and check its autostart point in the registry or system directory (context menu items “Go to entry”, “Go to folder”);

    • If you still doubt whether you have a virus or not, look for information about it on the Internet (right-click on the entry and select “Search Internet”).

    Once you are sure that the application autostart is not needed, uncheck it. If you need to completely delete an entry about it, right-click on it and select “Delete”.

    If you are running as Administrator, then the “User” item is available at the top of the menu bar, with which you can view the startup settings of other Windows users.

    As you probably already understood: Autoruns is a very useful utility. Its main purpose is to increase the loading speed of the operating system and remove viruses that are registered in startup. I believe that it should definitely be present in the arsenal of tools of every system administrator.


    In this lesson we will learn how to work with the Autoruns program.

    Autoruns is a utility with which you can manage the automatic loading of drivers, service programs and other system components. That is, using this utility you can add or remove certain programs that start automatically when the Windows operating system boots.

    1. First, let's run the exe file of the Autoruns utility. As you can see in the image below, I call it “Autoruns_Rus_Setup”. Your name may be different, but the label next to the file name will be the same for everyone.

    2. A window will open in front of you “ AutoRuns License Agreement" Click the button Accept».


    3. Next, the main window will open in front of you, in which you can see all the programs, modules, system services, and drivers running on your PC.


    4. As you can see from the photo below, you can use tabs that sort running services into sections.


    5. In order to find out the properties of any object, just click on it with the left mouse button and in the lower left corner of the utility you will see: object size, time and date of creation, version, file (object) location path.


    Specific advice about which of the programs, modules, drivers, etc. remove from startup, but I won’t leave which one for you, since this is an individual approach and should be based on your preferences and PC technical characteristics. It's best to prioritize and keep only those items on the list that you use from the very beginning of Windows boot.

    6. In order to remove a program from autorun, you need to right-click on it and select “ Delete».


    7.Next, a new window will appear in which you will be asked to confirm whether you agree to delete the startup entry. Just click " Yes».

    With the help of such simple manipulations, you can significantly speed up the loading of your Windows operating system (reduce boot time) by getting rid of unnecessary programs, services, etc. Just be careful about this matter.

    Thank you for your attention. The basics of using the AutoRuns utility are covered.

    Many users, after working with the operating system for a long time and after installing/uninstalling various applications, often have questions about startup applications. Along with the operating system, applications that you do not need may be loaded, or vice versa, an application that should launch automatically is not visible in the notification area after the system boots, and system performance and startup time may deteriorate significantly. In order to avoid these problems, I suggest understanding the processes that are executed when the operating system boots and the autoloading of installed applications.

    Loading the operating system

    It is important to note that in fact, loading Windows does not begin from the moment you go to your personal computer and turn it on or restart it; the process of loading the operating system actually begins directly with its installation. During the installation process, the hard drive is prepared to participate in the system boot process. At this time, components are created that are involved in loading the basic input/output system (BIOS). These components include:

    • Winload.exe - loads the Ntoskrnl.exe process and its dependent libraries, and also loads drivers for installed hardware;
    • Winresume.exe - allows you to restore the system after long-term inactivity (hibernation) and is responsible for the hibernation file (Hiberfil.exe);
    • Ntoskrnl.exe - initializes the boot executive subsystems and launches system drivers for devices, and also prepares the system to work with standard applications and loads the smss.exe process;
    • Hal.dll is an integral part of the code executed in kernel mode, which is launched by the Winload.exe boot module, loaded together with the kernel;
    • Smss.exe (Session Manager Subsystem Service) is a session management subsystem in Windows. This component is not part of the Windows kernel, but its operation is extremely important to the system;
    • Wininit.exe - loads Service control manager (SCM), Local Security Authority process (LSASS), and local session manager (LSM). This component also initializes the system registry and performs certain tasks in initialization mode;
    • Winlogon.exe - manages secure user login and launches LogonUI.exe;
    • Logonui.exe - displays the user login dialog;
    • Services.exe - loads and initializes system services and drivers installed by default.

    It is important to understand that device drivers are a critical part of the boot process. When you specify an operating system partition, the installation program writes the boot sector. The Windows boot sector provides information about the structure and format of the partition to the Bootngr file. Bootmgr does its work as the operating system begins its life cycle in real time. Bootmgr then reads the BCD file from the \Boot folder located on the system partition. If the BCD file contains settings for resuming from hibernation, Bootmgr starts the Winresume.exe process, which will read the contents of the file to resume the system from hibernation.

    If two or more systems exist in the BCD entry, Bootmgr displays a boot menu for the user to select an operating system. After selecting the system, or if you only have one operating system installed, the Winload.exe process loads. This process loads the files located on the boot partition and starts initializing the kernel. Winload.exe does the following:

    Then the initialization of the kernel and executive subsystems begins. After Windows calls Ntoskrnl, it passes the bootloader block parameter data, which contains the system paths of the boot partition generated by Winload to describe the physical memory on the system. Upon completion of two stages (Session 0 and Session 1) of kernel initialization, the processes Smss.exe, Csrss.exe and Wininit start. Smss calls the subsystem configuration executive manager to complete initialization of the system registry.

    After this, the process of launching the Winlogon system shell is launched, the parameters of which are specified in the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit. Winlogon notifies the system of registered network service providers that have passed the Microsoft Network Provider Identification (Mpr.dll).

    The last step in booting the system is the process of automatically launching applications when you boot and enter the operating system.

    Autorun control

    You can see most of the applications that automatically launch with the operating system in the notification area. I talked about methods for customizing the notification area in the article, so within the scope of this article, customizing the notification area will not be considered. To manage startup applications, users of Windows operating systems usually use the utility "System Configuration".

    System Configuration Utility

    Program "System Configuration" is a Windows operating system utility designed to manage startup programs and system startup, as well as identify problems that may prevent the operating system from starting normally. Using this utility, you can change boot settings, disable services and automatically started programs. This utility first appeared in the Windows 98 operating system, providing a convenient interface for performing its tasks. The utility is called by the MSConfig.exe file, which is located in the System32 folder of the partition with the installed operating system. A huge disadvantage of this utility is the inability to add a new element to autorun. To open this utility, do any of the following:

    The following screenshot shows the utility "System Configuration":

    There are five tabs in the current utility:

    • General. On this tab you can select the download option: "Normal startup"- the operating system starts in the usual way, "Diagnostic run"- the system boots only using basic services and drivers, and "Selective launch"- in addition to the main services and drivers, selected services and automatically loaded programs are also loaded with the operating system.
      • . On this tab you can find operating system boot options as well as additional debugging options such as "No GUI"- the welcome screen is not displayed when loading, "OS Information"- During the loading process of the operating system, loaded drivers and so on are displayed.
    • Services. This tab contains a list of only those services that start automatically with the operating system, as well as the current status of each service. Because installed software can install its own services, you may have trouble finding services that are not installed with the operating system by default without basic knowledge of system services. By checking the box "Do not display Microsoft services", only third-party applications will appear in the list of services. To disable a service, simply uncheck its box.
      • . The tab is responsible for downloading applications, as well as certain utility utilities that are not downloaded through services. As you can see in the previous screenshot, this tab is divided into five columns. These columns were created so that you can know the name of the startup application, the publisher of the program, the path indicating where the program was downloaded from, the location of the registry key or program shortcut, and the date the program was disabled from startup. To prevent a specific startup item from starting the next time you boot, uncheck the corresponding box.
    • Service. On this tab you can find a list of diagnostic tools that allow you to monitor the health of your system. To launch any tool displayed in this tab, select it and click the button "Launch".

    More experienced users may want to not only disable unnecessary startup programs, but also add their own programs to start automatically along with the operating system. To do this, you will need to use the system registry tools.

    Managing autorun using the system registry

    In the system registry, you can find application startup settings for the computer account and the current user account. Applications that run under a computer account are independent of which account the user is signed in to. You can find these settings under HKLM\Software\Microsoft\Windows\CurrentVersion\Run. The applications that run under a user account may differ for each account. You can find these settings under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

    In order to add a new application (program "Registry Editor") to autostart the Windows operating system for all existing users, follow these steps:


    But for more experienced users of Windows operating systems, the utility works "System Configuration" and two registry keys may not be enough, since it is unknown what was loaded with the system besides startup programs and system services. To find out about all the processes that were running along with your system, the Autoruns utility from Sysinternals will help you.

    Working with the Autoruns utility

    Autoruns by Mark Russinovich and Bryce Cogswell helps check the maximum number of autorun hostings for programs configured to run during the boot or login process, unlike any other autorun monitoring program. Version 8.61 is now available and can be downloaded from the following link. This program is absolutely free and one of its advantages is that all programs are displayed in the order in which the operating system processes them. In fact, such programs can be located not only in the Run sections, but also in RunOnce, ShellExecuteHooks, ContextMenuHandlers and other sections of the system registry. This program can be used on both 32-bit and 64-bit Windows operating systems.

    Before you run this utility for the first time, a license agreement dialog box will appear. Read it and click on the button "Agree".

    After loading the current program, you will see applications configured to launch automatically, where you can find the names of the applications and registry keys that store information about their launch, a brief description of the application, publisher, and the path to the file or library to launch.

    The items that Autoruns displays belong to several categories, which can be viewed on the program's 18 tabs. In this article we will not consider each tab, but it is worth noting that the program categories include: objects that automatically start at logon, additional Explorer components, additional Internet Explorer components, scheduler tasks, application initialization DLLs, executable objects in the early stages of boot, Windows services and much more.

    On each tab you can:

    • launch any selected application by double-clicking on the program name;
    • open the registry key that contains application startup settings by double-clicking on the line with the registry key or selecting the command "Jump to" from the context menu;
    • open the properties dialog of the selected object (to do this, select the command from the context menu "Properties");
    • open Process Explorer with tab "Image" for the selected object, as well as find information about the object you are interested in;
    • disable an object that starts automatically by unchecking the corresponding box;
    • delete an object using a context menu command or button "Delete";
    • view auto-launch items for other user accounts by selecting the desired menu item "User".

    By default, Autoruns displays all applications and libraries that start automatically with the operating system. To display only those applications that are registered in the registry keys \Software\Microsoft\Windows\CurrentVersion\Run, go to the tab "Login".

    In addition to the applications that start automatically with the operating system, you can view all the tasks assigned by the scheduler when you boot or log in. To do this, go to the tab "Scheduled tasks". On this tab, when selecting the context menu command "Jump to" or double-clicking on a specific object will open the snap-in "Task Scheduler" with the specified task.

    You can save startup objects by clicking a button "Save" on the toolbar or by selecting this command from the menu "File". The report will be saved with the extension *.arn or *.txt. To load previously saved Autoruns data, use the command "Open" menu "File".

    Using the Autoruns utility to manage autorun objects using the command line

    If you prefer to work with the console, you can also use the commands in the Autoruns utility. With it, you can perform the same actions as with the Autoruns utility, only using the command line, outputting information to a console window, or redirecting the command output to a text file. Due to the fact that this utility can only be opened using the command line, to work with Autoruns, follow these steps:

    1. Open a command prompt as administrator;
    2. Go to the folder where you downloaded the Autoruns utility, for example “C:\Program Files\Sysinternals Suite\”;
    3. Run the utility with the required parameter.

    The following options are available:

    A - display of all autorun elements;

    B - displays information about objects that are loaded in the early stages of system boot;

    C - export the displayed data to a CSV file;

    D - display of application initialization DLLs;

    E - displays Windows Explorer extensions;

    G - displays Windows sidebar and desktop gadgets;

    H - display of Hijacks elements;

    I - display additional elements of the Internet Explorer browser;

    K - display of known DLLs;

    L - display of elements that are launched automatically when you log in;

    M - do not display objects with a Microsoft digital signature;

    N - displays Winsock protocol providers;

    O - display of codec elements;

    P - display of print monitor drivers;

    R - display of LSA security providers;

    S - displays services in automatic startup mode and not disabled drivers;

    T - display of task scheduler elements;

    V - verification of digital signatures;

    W - display of Winlogon elements;

    X - export the displayed data to an XML file;

    User - displays automatically launched objects for the specified user account.

    For example, if you only need to view items that automatically start at logon, use the utility with the -l option, as shown below:

    Conclusion

    This article explains how to configure the items that automatically start applications when you boot and sign in to the Windows operating system. The process of loading the Windows 7 operating system is briefly described, and methods of working and monitoring autorun using the system utility are also discussed. "System Configuration", changing autorun elements using the system registry, principles of working with Autoruns applications and the console version of Autoruns from Sysinternals. With the help of the information contained in the article, you can correctly configure startup applications of your operating system.

    Read more: