Windows: Difference between revisions
From DWIKI
m (→Links) |
mNo edit summary |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
*[[Cloning Windows/XP]] | *[[Cloning Windows/XP]] | ||
*[http://www.mvps.org/winhelp2002/ A Troubleshooting Guide to Windows XP] | *[http://www.mvps.org/winhelp2002/ A Troubleshooting Guide to Windows XP] | ||
=HOWTO= | |||
==Enter rescue mode== | |||
hold shift | |||
==Gain admin access== | |||
Repair mode: | |||
Once the machine is rebooted, we can press Shift five times on the Windows login screen to invoke Sticky Keys. Since the executable has been overwritten, what we get instead is another Command Prompt - this time with NT AUTHORITY\SYSTEM permissions | |||
==Tools and commands== | ==Tools and commands== | ||
| Line 19: | Line 29: | ||
==Viruses and spyware== | ==Viruses and spyware== | ||
*[http://www.livecdlist.com/purpose/windows-antivirus The liveCD list] | |||
*[http://www.surfright.nl/en/hitmanpro Hitman Pro] | *[http://www.surfright.nl/en/hitmanpro Hitman Pro] | ||
| Line 25: | Line 37: | ||
*crapcleaner | *crapcleaner | ||
First let the scanners fetch their updates, disconnect system from network and then run malwarebytes before combofix | |||
===virus scanners=== | ===virus scanners=== | ||
*AVG | *AVG | ||
*avira | *avira | ||
*avast | |||
avoid Norton :) | avoid Norton :) | ||
| Line 38: | Line 50: | ||
Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss' | Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss' | ||
===collect passwords=== | |||
http://www.maxfreeware.com/cain-and-abel-4920-microsoft-password-recovery.html | |||
===Recovery console=== | ===Recovery console=== | ||
| Line 53: | Line 68: | ||
seems related to "prf*tmp" files on stored profile | seems related to "prf*tmp" files on stored profile | ||
===Get hardware info=== | |||
[http://www.cpuid.com/softwares/cpu-z.html cpu-z] | |||
Latest revision as of 15:57, 25 November 2024
Links
HOWTO
Enter rescue mode
hold shift
Gain admin access
Repair mode:
Once the machine is rebooted, we can press Shift five times on the Windows login screen to invoke Sticky Keys. Since the executable has been overwritten, what we get instead is another Command Prompt - this time with NT AUTHORITY\SYSTEM permissions
Tools and commands
mmc
wmi
Windows Management Instrumentation
mmi
setacl
netsh
Third party tools
Viruses and spyware
- http://www.malwarebytes.org/
- http://www.combofix.org/
- crapcleaner
First let the scanners fetch their updates, disconnect system from network and then run malwarebytes before combofix
virus scanners
- AVG
- avira
- avast
avoid Norton :)
FAQs
change NT password
Boot a linux rescue CD containing chntpw and use that, or boot sysrescuecd and select 'ntpasss'
collect passwords
http://www.maxfreeware.com/cain-and-abel-4920-microsoft-password-recovery.html
Recovery console
Boot from CD, press R for recovery console
recovery console commands
Error logs
Problem access rights profile
(exact message???)
seems related to "prf*tmp" files on stored profile
