1

So i just checked both the result of wmic startup list brief and the startup tab in task manager, and some of the things that start do not show up in the task manager (some are only for my user and some are Public)

basically i have two questions :

  1. Why some of them don't show up in task manager? from a developer perspective, how can someone add his program in startup without causing it to show in task manager and how is it different from adding a registry key for startup?

  2. How can i safely remove these from startup? tried using wmic startup delete "name of file" but didn't work!

Improve this question

1 Answer 1

Reset to default
1

WMIC STARTUP only shows commands that run automatically when user logons, which does not include those that run after boot, device drivers, Explorer extensions and much more.

The Task Manager shows more, but still not all.

To see really everything, nicely divided according to section, see the free Autoruns utility.

Autoruns is the safest way to disable startups, and this is as simple as clicking the check-box next to that startup. It also includes a search option. Disabled startups are kept and may be re-enabled by clicking again the check-box.

Improve this answer
3
  • But some of the things that in task manager says its disabled, are said to be running in startup in both WMIC and the tool you mentioned! why is that?
    – John P
    Commented Aug 8, 2019 at 4:59
  • Also thank you very much for introducing me to this wonderful tool! holy hell it even has a virus total scan option this thing is a gold for forensic!! is there any way for malwares to do something to not showup in this list? (other than rootkits with system access that manipulate kernel objects)
    – John P
    Commented Aug 8, 2019 at 5:10
  • I don't know about disabled items in Task Manager, since mine doesn't have any. Also, I suppose malware writers have much better knowledge of vulnerabilities than I do.
    – harrymc
    Commented Aug 8, 2019 at 5:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .