Windows 怎么查看软件由什么唤起的 & Windows 如何排查软件被莫名开机启动的根源

真的是,最近win10一开机就唤起edge,并且每次打开不一样的标签页,大多是不认识的网站,猜测大多还是外国的;

edge的开启启动项也关掉了,他还是被唤起,我想知道是哪个恶毒的软件在我pc里作恶。

或者是如何揪出病毒?

补充图片:

这个在windows平台上叫“启动项”。通常可以使用msconfig命令进行管理,或者使用任务管理器中的启动项管理,或者使用其他专业软件进行管理。

启动项已经关了,没理解错的话,是“启动”这里吧,而且有俩。

图传不上去,等下补图。

补充刚获得的细节;

有懂 process explorer 的老哥吗?

Command line:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://exinariuminix.info/

我严重怀疑是 http://exinariuminix.info/ 的问题,每次访问的跳转的网址都不一样。

Autostart location 下的注册表项的值:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service --user-data-dir="c:\Users\xxx\AppData\Roaming\Code\User\workspaceStorage\d3154bccc786bb56a79e2e0dd2ca4ab5\ms-vscode.js-debug\.profile" /prefetch:8

Raw Whois Data

Domain Name: EXINARIUMINIX.INFO
Registry Domain ID: D503300000060888208-LRMS
Registrar WHOIS Server: whois.danesconames.com
Registrar URL: https://danesconames.com
Updated Date: 2021-01-05T04:43:27Z
Creation Date: 2018-02-01T17:52:28Z
Registry Expiry Date: 2022-02-01T17:52:28Z
Registrar Registration Expiration Date:
Registrar: Danesco Trading Ltd.
Registrar IANA ID: 1418
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +357.97658932
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: DANESCO TRADING LTD.
Registrant State/Province:
Registrant Country: CY
Name Server: FRANK.NS.CLOUDFLARE.COM
Name Server: MEG.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2021-01-22T17:49:16Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Access to AFILIAS WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Afilias registry database. The data in this record is provided by Afilias Limited for informational purposes only, and Afilias does not guarantee its accuracy.  This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Afilias reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

开机自动打开浏览器不一定是病毒 是Win10老bug了
开机时一定概率打开上次开机打开过的软件
你看看edage在桌面和开始菜单的快捷方式,指向的路径和参数有没有什么问题

开始菜单的参数没问题,
但是,开机启动来的 edge 的command line 有问题,在上面也提到了。

我再试试把egde关掉,从新从开始菜单启动,看看他的command line有没有异常。

而且每次打开的网页都不一样,而且都是我没浏览过的网页,甚至有颜色网,这不就很奇怪吗?

对比上面,我自己重新启动的 edge 的command line 就没问题。

  • --user-data-dir
    这里的 --user-data-dir="" 是我 vscode 里的在使用的工作空间。
    说实话,我不觉得我的小 js 代码能凑巧做到这么大的动静,它没调用任何第三方库什么的。

  • /prefetch:8
    这个不懂啥意思。

    关于这个,另一个注册表启动项(MicrosoftEdgeAutoLaunch_xxxx)是 /prefetch:5
    这个跟我自己启动的 edge 的 command line 一样,就一个 --no-startup-window,这个可能才是原配。

你用火绒的火绒剑查一下.

1 个赞

edge 是不是默认浏览器?

已经重装了

是默认的