1.AutoRuns可查看、删除注册表及Win.ini文件等处的自启动项目.如果怀疑有木马或病毒或者系统启动太慢,用本工具看看自启动项吧.可查看各个用户的启动项,而且删除Userinit项目时会发出安全警告.
2.Microsoft Process Monitor是一个高级的Windows监视工具,不但可以监视进程/线程,还可以关注到文件系统,注册表的变化.它包含2个Sysinternals遗留组件: Filemon 和 Regmon,并添加了大量功能,有兴趣的可以去再关注一下. Process Monitor 只可运行在 Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003, 和 Windows Vista,Windows XP的x86/x64版本.AutoRuns v8.71
更多信息:http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
下载:AutoRuns v8.71Microsoft Process Monitor 1.20
下载:Microsoft Process Monitor v1.2Changelog
This release of Process Monitor, an advanced system and application monitoring utility, adds a number of major enhancements that include improved scalability and performance, a destructive filtering option, a revamped process tree dialog that adds process lifetime graphs, position-sensitive context-menu filter entries, integration of the stack trace dialog with source code stores, faster stack tracing, the ability to load 32-bit log files on 64-bit Windows, and more.