boo/tdss

Zpráva

ajdus · #31 Příspěvek od **ajdus** » 28 led 2012 22:53

trochu som s tym elaboroval, takze ked som fixol mbr, nastala BSOD aj ked bol na SATA zapnuty ACHI mod ako ma byt pre win7. Po restore stareho MBR a prepnuti z IDE do ACHI system nastartoval... Mam sa pokusit zohnat MBR dump z nejakeho ineho HP 8440p?

ajdus · #32 Příspěvek od **ajdus** » 28 led 2012 23:10

j, skusim, zatial velka vdaka.
bru

ajdus · #33 Příspěvek od **ajdus** » 29 led 2012 18:35

neviem, ci je to cez novy mbrscan, na nete som nasiel vselijake stare verzie (aj nejaku verziu 1.1, nepodarilo sa mi ju ale stiahnut), takze som znova stiahol z linky co bola na prvej strane (dufal som ze to updatuju)...
mbrscan log ->

Kód: Vybrat vše

MBRScan v1.0.8

OS             : Windows 7  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/29 (ISO 8601) at 18:26:10
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST925041 0AS (0006)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> MaxSS.SST.B MBR Code

MBR_MD5   : 3B5AD586E812466008D3AF82A72610BD
MBR_SHA1  : FC2F70470EAD25DADD09C305977D442971A38B91

Device\Harddisk0\Partition1	300.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	215.6 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	15.00 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	2.00 Go  	0x0C FAT32 [LBA] 
________________________________________________________________________________

############################### Additional scan ################################

Device\Harddisk0\DR0 => 7 MBR Code found in sector 2
Device\Harddisk0\DR0 => 7 MBR Code found in sector 3
________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00   1À.Ð¼.|....f`...
0x00000010   7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F   ~Æ..~.´H¾.~Í.°P.
0x00000020   82 73 01 83 2E 13 04 14 A1 13 04 C1 E0 06 A3 02   .s......¡..Áà.£.
0x00000030   7E 83 EC 0E 6A 10 89 E5 BE 99 7D B9 05 00 66 31   ~.ì.j..å¾.}¹..f1
0x00000040   DB E8 F7 00 FF 36 02 7E 07 8C 46 06 8C 5E 04 E8   Ûè÷..6.~..F..^.è
0x00000050   08 00 83 C4 10 66 61 06 1E CB 66 60 57 66 FF 36   ...Ä.fa..Ëf`Wf.6
0x00000060   14 7E 66 8F 46 08 66 FF 36 18 7E 66 8F 46 0C 66   .~f.F.f.6.~f.F.f
0x00000070   8B 45 10 66 40 66 29 46 08 66 19 5E 0C 8B 45 14   .E.f@f)F.f.^..E.
0x00000080   89 46 02 B4 42 8A 16 00 7E 89 EE CD 13 B0 52 0F   .F.´B...~.îÍ.°R.
0x00000090   82 03 01 31 C0 BA 04 04 BE B4 7D 88 9F 42 7E FE   ...1Àº..¾´}..B~þ
0x000000A0   C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 46 FE CE 75   Ãuø..B~..è~.FþÎu
0x000000B0   04 29 D6 88 D6 FE C3 75 EA 31 C0 89 C3 8B 56 02   .)Ö.ÖþÃuê1À.Ã.V.
0x000000C0   C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E E8 5B 00 00   Áâ..v.þÃ..B~è[..
0x000000D0   E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C 46 4A 75 E6   é0í.Ï..B~&0.FJuæ
0x000000E0   5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FF 7F B0 53   _f.M.f.·V..ù..°S
0x000000F0   0F 87 A2 00 66 FF 75 1C 66 31 C0 66 89 45 1C 66   ..¢.f.u.f1Àf.E.f
0x00000100   F7 D0 26 67 32 02 66 42 B3 08 66 D1 E8 73 06 66   ÷Ð&g2.fB³.fÑès.f
0x00000110   35 20 83 B8 ED FE CB 75 F1 E2 E7 66 F7 D0 66 5B   5 .¸íþËuñâçf÷Ðf[
0x00000120   66 39 D8 B0 43 75 6F 66 61 C3 00 C8 89 C7 8A AD   f9Ø°CuofaÃ.È.Ç.
0x00000130   42 7E 88 AF 42 7E 88 8D 42 7E C3 66 60 BF 00 80   B~.¯B~..B~Ãf`¿..
0x00000140   8C 4E 06 89 7E 04 66 89 D8 40 89 45 14 66 0F B7   .N..~.f.Ø@.E.f.·
0x00000150   06 B2 7D 66 89 45 10 B8 20 00 E8 FD FE 8B 7E 04   .²}f.E.¸ .èýþ.~.
0x00000160   8B 55 18 FC 60 F3 A6 83 7D FE 5C 74 0D E3 0D 61   .U.ü`ó¦.}þ\t.ã.a
0x00000170   01 C7 29 C2 77 EE B0 4E EB 1C 41 4E 5F 83 C4 0E   .Ç)Âwî°Në.AN_.Ä.
0x00000180   60 89 FE BF 22 7E 59 57 89 C1 F3 A4 61 E3 02 EB   `.þ¿"~YW.Áó¤aã.ë
0x00000190   C9 59 57 66 61 C3 F4 EB FD 5C 62 6F 6F 74 00 00   ÉYWfaÃôëý\boot..
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 02 00 FB 35 C8 1C 0D 2D FD E0 00 00 80 20   ....û5È..-ýà... 
0x000001C0   21 00 07 5E 38 26 00 08 00 00 00 60 09 00 00 5E   !..^8&.....`...^
0x000001D0   39 26 07 FE FF FF 00 68 09 00 00 D8 F2 1A 00 FE   9&.þ...h...Øò..þ
0x000001E0   FF FF 07 FE FF FF 00 40 FC 1A 00 00 E0 01 00 FE   ...þ...@ü...à..þ
0x000001F0   FF FF 0C FE FF FF 00 40 DC 1C 00 D8 3F 00 55 AA   ...þ...@Ü..Ø?.Uª

__________________________16_BIT_ASM_CODE
   
0x0000    31c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    0e              PUSH CS   
0x0008    1f              POP DS   
0x0009    0e              PUSH CS   
0x000A    07              POP ES   
0x000B    66 60           PUSHAD   
0x000D    8816 007e       MOV [0x7e00], DL   
0x0011    c606 047e 1e    MOV BYTE [0x7e04], 0x1e   
0x0016    b4 48           MOV AH, 0x48   
0x0018    be 047e         MOV SI, 0x7e04   
0x001B    cd 13           INT 0x13   
0x001D    b0 50           MOV AL, 0x50   
0x001F    0f82 7301       JB 0x196   
0x0023    832e 1304 14    SUB WORD [0x413], 0x14   
0x0028    a1 1304         MOV AX, [0x413]   
0x002B    c1e0 06         SHL AX, 0x6   
0x002E    a3 027e         MOV [0x7e02], AX   
0x0031    83ec 0e         SUB SP, 0xe   
0x0034    6a 10           PUSH 0x10   
0x0036    89e5            MOV BP, SP   
0x0038    be 997d         MOV SI, 0x7d99   
0x003B    b9 0500         MOV CX, 0x5   
0x003E    66 31db         XOR EBX, EBX   
0x0041    e8 f700         CALL 0x13b   
0x0044    ff36 027e       PUSH WORD [0x7e02]   
0x0048    07              POP ES   
0x0049    8c46 06         MOV WORD [BP+0x6], ES   
0x004C    8c5e 04         MOV WORD [BP+0x4], DS   
0x004F    e8 0800         CALL 0x5a   
0x0052    83c4 10         ADD SP, 0x10   
0x0055    66 61           POPAD   
0x0057    06              PUSH ES   
0x0058    1e              PUSH DS   
0x0059    cb              RETF   
0x005A    66 60           PUSHAD   
0x005C    57              PUSH DI   
0x005D    66 ff36 147e    PUSH DWORD [0x7e14]   
0x0062    66 8f46 08      POP DWORD [BP+0x8]   
0x0066    66 ff36 187e    PUSH DWORD [0x7e18]   
0x006B    66 8f46 0c      POP DWORD [BP+0xc]   
0x006F    66 8b45 10      MOV EAX, [DI+0x10]   
0x0073    66 40           INC EAX   
0x0075    66 2946 08      SUB [BP+0x8], EAX   
0x0079    66 195e 0c      SBB [BP+0xc], EBX   
0x007D    8b45 14         MOV AX, [DI+0x14]   
0x0080    8946 02         MOV [BP+0x2], AX   
0x0083    b4 42           MOV AH, 0x42   
0x0085    8a16 007e       MOV DL, [0x7e00]   
0x0089    89ee            MOV SI, BP   
0x008B    cd 13           INT 0x13   
0x008D    b0 52           MOV AL, 0x52   
0x008F    0f82 0301       JB 0x196   
0x0093    31c0            XOR AX, AX   
0x0095    ba 0404         MOV DX, 0x404   
0x0098    be b47d         MOV SI, 0x7db4   
0x009B    889f 427e       MOV [BX+0x7e42], BL   
0x009F    fec3            INC BL   
0x00A1    75 f8           JNZ 0x9b   
0x00A3    8a8f 427e       MOV CL, [BX+0x7e42]   
0x00A7    0204            ADD AL, [SI]   
0x00A9    e8 7e00         CALL 0x12a   
0x00AC    46              INC SI   
0x00AD    fece            DEC DH   
0x00AF    75 04           JNZ 0xb5   
0x00B1    29d6            SUB SI, DX   
0x00B3    88d6            MOV DH, DL   
0x00B5    fec3            INC BL   
0x00B7    75 ea           JNZ 0xa3   
0x00B9    31c0            XOR AX, AX   
0x00BB    89c3            MOV BX, AX   
0x00BD    8b56 02         MOV DX, [BP+0x2]   
0x00C0    c1e2 09         SHL DX, 0x9   
0x00C3    8b76 04         MOV SI, [BP+0x4]   
0x00C6    fec3            INC BL   
0x00C8    8a8f 427e       MOV CL, [BX+0x7e42]   
0x00CC    e8 5b00         CALL 0x12a   
0x00CF    00e9            ADD CL, CH   
0x00D1    30ed            XOR CH, CH   
0x00D3    89cf            MOV DI, CX   
0x00D5    8a8d 427e       MOV CL, [DI+0x7e42]   
0x00D9    26 300c         XOR ES:[SI], CL   
0x00DC    46              INC SI   
0x00DD    4a              DEC DX   
0x00DE    75 e6           JNZ 0xc6   
0x00E0    5f              POP DI   
0x00E1    66 8b4d 18      MOV ECX, [DI+0x18]   
0x00E5    66 0fb756 04    MOVZX EDX, [BP+0x4]   
0x00EA    81f9 ff7f       CMP CX, 0x7fff   
0x00EE    b0 53           MOV AL, 0x53   
0x00F0    0f87 a200       JA 0x196   
0x00F4    66 ff75 1c      PUSH DWORD [DI+0x1c]   
0x00F8    66 31c0         XOR EAX, EAX   
0x00FB    66 8945 1c      MOV [DI+0x1c], EAX   
0x00FF    66 f7d0         NOT EAX   
0x0102    26 67 3202      XOR AL, ES:[EDX]   
0x0106    66 42           INC EDX   
0x0108    b3 08           MOV BL, 0x8   
0x010A    66 d1e8         SHR EAX, 0x1   
0x010D    73 06           JAE 0x115   
0x010F    66 35 2083b8ed  XOR EAX, 0xedb88320   
0x0115    fecb            DEC BL   
0x0117    75 f1           JNZ 0x10a   
0x0119    e2 e7           LOOP 0x102   
0x011B    66 f7d0         NOT EAX   
0x011E    66 5b           POP EBX   
0x0120    66 39d8         CMP EAX, EBX   
0x0123    b0 43           MOV AL, 0x43   
0x0125    75 6f           JNZ 0x196   
0x0127    66 61           POPAD   
0x0129    c3              RET   
0x012A    00c8            ADD AL, CL   
0x012C    89c7            MOV DI, AX   
0x012E    8aad 427e       MOV CH, [DI+0x7e42]   
0x0132    88af 427e       MOV [BX+0x7e42], CH   
0x0136    888d 427e       MOV [DI+0x7e42], CL   
0x013A    c3              RET   
0x013B    66 60           PUSHAD   
0x013D    bf 0080         MOV DI, 0x8000   
0x0140    8c4e 06         MOV WORD [BP+0x6], CS   
0x0143    897e 04         MOV [BP+0x4], DI   
0x0146    66 89d8         MOV EAX, EBX   
0x0149    40              INC AX   
0x014A    8945 14         MOV [DI+0x14], AX   
0x014D    66 0fb706 b27d  MOVZX EAX, [0x7db2]   
0x0153    66 8945 10      MOV [DI+0x10], EAX   
0x0157    b8 2000         MOV AX, 0x20   
0x015A    e8 fdfe         CALL 0x5a   
0x015D    8b7e 04         MOV DI, [BP+0x4]   
0x0160    8b55 18         MOV DX, [DI+0x18]   
0x0163    fc              CLD   
0x0164    60              PUSHA   
0x0165    f3 a6           REP CMPSB   
0x0167    837d fe 5c      CMP WORD [DI-0x2], 0x5c   
0x016B    74 0d           JZ 0x17a   
0x016D    e3 0d           JCXZ 0x17c   
0x016F    61              POPA   
0x0170    01c7            ADD DI, AX   
0x0172    29c2            SUB DX, AX   
0x0174    77 ee           JA 0x164   
0x0176    b0 4e           MOV AL, 0x4e   
0x0178    eb 1c           JMP 0x196   
0x017A    41              INC CX   
0x017B    4e              DEC SI   
0x017C    5f              POP DI   
0x017D    83c4 0e         ADD SP, 0xe   
0x0180    60              PUSHA   
0x0181    89fe            MOV SI, DI   
0x0183    bf 227e         MOV DI, 0x7e22   
0x0186    59              POP CX   
0x0187    57              PUSH DI   
0x0188    89c1            MOV CX, AX   
0x018A    f3 a4           REP MOVSB   
0x018C    61              POPA   
0x018D    e3 02           JCXZ 0x191   
0x018F    eb c9           JMP 0x15a   
0x0191    59              POP CX   
0x0192    57              PUSH DI   
0x0193    66 61           POPAD   
0x0195    c3              RET   
0x0196    f4              HLT   
0x0197    eb fd           JMP 0x196   
0x0199    5c              POP SP   
0x019A    626f 6f         BOUND BP, [BX+0x6f]   
0x019D    74 00           JZ 0x19f   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0000            ADD [BX+SI], AL   
0x01A3    0000            ADD [BX+SI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    0002            ADD [BP+SI], AL   
0x01B3    00fb            ADD BL, BH   
0x01B5    35 c81c         XOR AX, 0x1cc8   
0x01B8    0d 2dfd         OR AX, 0xfd2d   
0x01BB    e0 00           LOOPNZ 0x1bd   
0x01BD    0080 2021       ADD [BX+SI+0x2120], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    5e              POP SI   
0x01C4    3826 0008       CMP [0x800], AH   
0x01C8    0000            ADD [BX+SI], AL   
0x01CA    0060 09         ADD [BX+SI+0x9], AH   
0x01CD    0000            ADD [BX+SI], AL   
0x01CF    5e              POP SI   
0x01D0    3926 07fe       CMP [0xfe07], SP   
0x01D4    ff              DB 0xff   
0x01D5    ff00            INC WORD [BX+SI]   
0x01D7    68 0900         PUSH 0x9   
0x01DA    00d8            ADD AL, BL   
0x01DC    f2              DB 0xf2   
0x01DC    f2 1a00         SBB AL, [BX+SI]   
0x01DF    fe              DB 0xfe   
0x01E0    ff              DB 0xff   
0x01E1    ff07            INC WORD [BX]   
0x01E3    fe              DB 0xfe   
0x01E4    ff              DB 0xff   
0x01E5    ff00            INC WORD [BX+SI]   
0x01E7    40              INC AX   
0x01E8    fc              CLD   
0x01E9    1a00            SBB AL, [BX+SI]   
0x01EB    00e0            ADD AL, AH   
0x01ED    0100            ADD [BX+SI], AX   
0x01EF    fe              DB 0xfe   
0x01F0    ff              DB 0xff   
0x01F1    ff0c            DEC WORD [SI]   
0x01F3    fe              DB 0xfe   
0x01F4    ff              DB 0xff   
0x01F5    ff00            INC WORD [BX+SI]   
0x01F7    40              INC AX   
0x01F8    dc1c            FCOMP QWORD [SI]   
0x01FA    00d8            ADD AL, BL   
0x01FC    3f              AAS   
0x01FD    0055 aa         ADD [DI-0x56], DL

ajdus · #34 Příspěvek od **ajdus** » 31 led 2012 13:10

log spravim vecer, zajtra pozrem v praci, kolegovia maju elitebooky s win7, len asi starsie modely...

ajdus · #35 Příspěvek od **ajdus** » 01 úno 2012 17:37

zohnal som mbr z HP eb 8450p (vs moj 8440p), http://leteckaposta.cz/860957702 -> k logu z bcedit som sa este nedostal...

ajdus · #36 Příspěvek od **ajdus** » 01 úno 2012 20:38

RC mi nejde spustit, na notasy je len nejake HP recovery a v nom je len moznost restornut default stav hdd. Mozem skusit zo Safe mode, alebo ma napada, ze mam niekde este dvd win7 s MSDNAA, ak bude treba pohladam...

ajdus · #37 Příspěvek od **ajdus** » 02 úno 2012 17:02

to by mi odpalkovalo vsetky data, je to v podstate reinstall winu s formatom disku...

ajdus · #38 Příspěvek od **ajdus** » 02 úno 2012 23:19

s editnutym MBR som win nerozchodil, este pred bootom vyhodilo chybu ze nevie najst disk a ze mam pouzit instalacne cd...

ajdus · #39 Příspěvek od **ajdus** » 04 úno 2012 21:23

pisal som zatial na support do hp, ale podpora pracuje len cez tyzden, tak uvidim v pondelok aka bude odozva. Zatial diky.
tady ->

Kód: Vybrat vše

MBRScan v1.0.9

OS             : Windows 7  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/02/04 (ISO 8601) at 21:22:39
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST925041 0AS (0006)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> MaxSS.SST.B MBR Code

MBR_MD5   : 3B5AD586E812466008D3AF82A72610BD
MBR_SHA1  : FC2F70470EAD25DADD09C305977D442971A38B91

Device\Harddisk0\Partition1	300.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	215.6 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	15.00 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	2.00 Go  	0x0C FAT32 [LBA] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x035DE000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BAE000
SIZE    : 8.9 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CE1000
SIZE    : 272.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D39000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EB2000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F56000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F65000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FBC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FC5000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E33000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E40000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E55000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E5E000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E6A000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D97000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pcmcia.sys => Invisible on the disk
ADDRESS : 0x01019000
SIZE    : 228.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x01052000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0106C000
SIZE    : 1.11 Mo

DRIVER  : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the disk
ADDRESS : 0x01188000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the disk
ADDRESS : 0x01191000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\msahci.sys => Invisible on the disk
ADDRESS : 0x011BB000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x011C6000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011D6000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01224000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01270000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0141A000
SIZE    : 1.63 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01284000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x015BC000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x012E2000
SIZE    : 460.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015D6000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015E7000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016E7000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01801000
SIZE    : 1.99 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0168B000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x016D5000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the disk
ADDRESS : 0x01355000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x017D9000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x013A1000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x017E1000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x017F3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hpdskflt.sys => Invisible on the disk
ADDRESS : 0x015F1000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01AD6000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01B10000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B26000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x02F5C000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x02F86000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x02F8F000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x02F96000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x02FA4000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x02FC9000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x02FD9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x02FE2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x02FEB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x02FF4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01B64000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x02E11000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01A89000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02E1E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x01B82000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01BA8000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x01BBE000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x01BCD000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x013DB000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\Drivers\vmm.sys => Invisible on the disk
ADDRESS : 0x040E8000
SIZE    : 308.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x04135000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\SCDEmu.SYS => Invisible on the disk
ADDRESS : 0x04149000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04163000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x041B4000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x041C0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x041CB000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x04083000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x040A1000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avkmgr.sys => Invisible on the disk
ADDRESS : 0x040B2000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\avipbb.sys => Invisible on the disk
ADDRESS : 0x040BC000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\drivers\ArcSec.sys => Invisible on the disk
ADDRESS : 0x042F4000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04343000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x04369000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04ABA000
SIZE    : 10.14 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x054DD000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x04A46000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\s________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00   1À.Ð¼.|....f`...
0x00000010   7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F   ~Æ..~.´H¾.~Í.°P.
0x00000020   82 73 01 83 2E 13 04 14 A1 13 04 C1 E0 06 A3 02   .s......¡..Áà.£.
0x00000030   7E 83 EC 0E 6A 10 89 E5 BE 99 7D B9 05 00 66 31   ~.ì.j..å¾.}¹..f1
0x00000040   DB E8 F7 00 FF 36 02 7E 07 8C 46 06 8C 5E 04 E8   Ûè÷..6.~..F..^.è
0x00000050   08 00 83 C4 10 66 61 06 1E CB 66 60 57 66 FF 36   ...Ä.fa..Ëf`Wf.6
0x00000060   14 7E 66 8F 46 08 66 FF 36 18 7E 66 8F 46 0C 66   .~f.F.f.6.~f.F.f
0x00000070   8B 45 10 66 40 66 29 46 08 66 19 5E 0C 8B 45 14   .E.f@f)F.f.^..E.
0x00000080   89 46 02 B4 42 8A 16 00 7E 89 EE CD 13 B0 52 0F   .F.´B...~.îÍ.°R.
0x00000090   82 03 01 31 C0 BA 04 04 BE B4 7D 88 9F 42 7E FE   ...1Àº..¾´}..B~þ
0x000000A0   C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 46 FE CE 75   Ãuø..B~..è~.FþÎu
0x000000B0   04 29 D6 88 D6 FE C3 75 EA 31 C0 89 C3 8B 56 02   .)Ö.ÖþÃuê1À.Ã.V.
0x000000C0   C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E E8 5B 00 00   Áâ..v.þÃ..B~è[..
0x000000D0   E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C 46 4A 75 E6   é0í.Ï..B~&0.FJuæ
0x000000E0   5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FF 7F B0 53   _f.M.f.·V..ù..°S
0x000000F0   0F 87 A2 00 66 FF 75 1C 66 31 C0 66 89 45 1C 66   ..¢.f.u.f1Àf.E.f
0x00000100   F7 D0 26 67 32 02 66 42 B3 08 66 D1 E8 73 06 66   ÷Ð&g2.fB³.fÑès.f
0x00000110   35 20 83 B8 ED FE CB 75 F1 E2 E7 66 F7 D0 66 5B   5 .¸íþËuñâçf÷Ðf[
0x00000120   66 39 D8 B0 43 75 6F 66 61 C3 00 C8 89 C7 8A AD   f9Ø°CuofaÃ.È.Ç.
0x00000130   42 7E 88 AF 42 7E 88 8D 42 7E C3 66 60 BF 00 80   B~.¯B~..B~Ãf`¿..
0x00000140   8C 4E 06 89 7E 04 66 89 D8 40 89 45 14 66 0F B7   .N..~.f.Ø@.E.f.·
0x00000150   06 B2 7D 66 89 45 10 B8 20 00 E8 FD FE 8B 7E 04   .²}f.E.¸ .èýþ.~.
0x00000160   8B 55 18 FC 60 F3 A6 83 7D FE 5C 74 0D E3 0D 61   .U.ü`ó¦.}þ\t.ã.a
0x00000170   01 C7 29 C2 77 EE B0 4E EB 1C 41 4E 5F 83 C4 0E   .Ç)Âwî°Në.AN_.Ä.
0x00000180   60 89 FE BF 22 7E 59 57 89 C1 F3 A4 61 E3 02 EB   `.þ¿"~YW.Áó¤aã.ë
0x00000190   C9 59 57 66 61 C3 F4 EB FD 5C 62 6F 6F 74 00 00   ÉYWfaÃôëý\boot..
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 02 00 FB 35 C8 1C 0D 2D FD E0 00 00 80 20   ....û5È..-ýà... 
0x000001C0   21 00 07 5E 38 26 00 08 00 00 00 60 09 00 00 5E   !..^8&.....`...^
0x000001D0   39 26 07 FE FF FF 00 68 09 00 00 D8 F2 1A 00 FE   9&.þ...h...Øò..þ
0x000001E0   FF FF 07 FE FF FF 00 40 FC 1A 00 00 E0 01 00 FE   ...þ...@ü...à..þ
0x000001F0   FF FF 0C FE FF FF 00 40 DC 1C 00 D8 3F 00 55 AA   ...þ...@Ü..Ø?.Uª

ajdus · #40 Příspěvek od **ajdus** » 07 úno 2012 12:48

tak som stravil pekne chvilky s Indianmi na HP supporte, myslim ze cisto strielali od boku, najprv chceli aby som spustil win v poslednej OK konfiguracii, potom boli prekvapeny ze nepomohlo, dalsi vystrel bol repair windowsu, ale tak som to pustil, toto mi zamrzlo. Teraz prisli s tazsim kalibrom a to je reinstall windowsu, tu uz nemam silu a cas to s nimi dalej riesit. Idem skusit nejake forum, ci ma niekto tento isty typ a ci mi nezozalohuju MBR, alebo urobim full format a mozem sa tesit na dlhe noci s rozbehavanim vsetkeho co som tam mal

ajdus · #41 Příspěvek od **ajdus** » 07 úno 2012 20:15

Ja sa tomu zrovna nijak necudujem, mam pracovne skusenosti s Indianmi a oni idu cisto podla manualu (dokonca v tom live chate odpovedali dvaja - pisal som na dva krat - tymi istymi vetami) a verim ze vacsine userov ma jednoduche problemy a proste toto staci. No nic, nejak s tym este pobojujem, ked tak skusim kontaktovat aj zastupenie na slovensku, ci nebudu vediet pomoct, aj ked tu nie je priamo tech. support.

ajdus · #42 Příspěvek od **ajdus** » 08 úno 2012 13:06

aj tak vdaka za pomoc. Ten novy tdsskiller sa mi aspon podarilo spustit, nasiel Rootkit.Boot.SST.a, ale nevie vyliecit MBR ku a prepisat standardnou nema zmysel, takze este co to vyskusam poriesit s HP.
Este raz diky za rady a obetovany cas

#43 Příspěvek od **stell** » 08 úno 2012 15:54

Ahoj.
Len tak na skusku,,
Skus spustit tento batak.ako disk.bat vloz sem log.+ screenshot z disk manager.

Kód: Vybrat vše

@ECHO OFF
%windir%\SYSTEM32\WBEM\wmic.exe diskdrive get name,size,model>>log.txt
%windir%\SYSTEM32\WBEM\wmic.exe partition get name, bootable,size,type >>log.txt
del %0

ajdus · #44 Příspěvek od **ajdus** » 08 úno 2012 16:37

log ->

Model Name Size
ST9250410AS \\.\PHYSICALDRIVE0 250056737280
Bootable Name Size Type
TRUE Disk #0, Partition #0 314572800 Installable File System
FALSE Disk #0, Partition #1 231486783488 Installable File System
FALSE Disk #0, Partition #2 16106127360 Installable File System
FALSE Disk #0, Partition #3 2142240768 Unknown

a teraz som zistil ze mi nejde spustit Computer management priamo z WinExplorera, vir/cistenie my zrusilo vsetky links z Administrative tools.

#45 Příspěvek od **stell** » 08 úno 2012 17:16

Vies co je tato 300MB particia??
Pretoze tato particia je nastavena ako bootovaci,
Ps,
Uz to mam.
Ok tento oddiel je vytvorený pri inštalácii systému Windows 7,,,
a je to spúšťací oddiel, da sa to odstranit, a opravit zavadzac,
TRUE Disk #0, Partition #0 314572800 Installable File System

Mas tam este systemovy disk C:
Recovery D:
A Diagnosticke nastroje HP_TOOLS.

Takze Oddiel vytvoreny Rootkitom tam nemas,
Preto spust TDSSKILLER este raz, a tam kde ti vypise Rootkit.Boot.SST.a
Nastav na CURE a spust.,, log vloz sem.

VIRY.CZ

boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss

Re: boo/tdss