Author Topic: Help with report please - IRP Hook ATAPI  (Read 5126 times)

0 Members and 1 Guest are viewing this topic.

March 25, 2016, 05:20:57 pm

ManGLee

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Help with report please - IRP Hook ATAPI
« on: March 25, 2016, 05:20:57 pm »
Hi,
Here is my report.

Couldn't figure what those IRP Hooks regarding ATAPI are.

Could it mess with my internet connexion ? (I've had troubles lately)

Thanks in advance.


RogueKiller V12.0.3.0 (x64) [Mar 21 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : ManGLee [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 03/25/2016 17:15:44

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 0 ¤¤¤

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xfffffa8006cd12c0
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xfffffa8006cd12c0

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Corsair Force 3 SSD SCSI Disk Device +++++
--- User ---
[MBR] 8ab2334cb67a2f5e871f7cbb730f7170
[BSP] 8a991802b710c77ed0bf97e0fb2811ed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 171609 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1002FAEX-00Z3A SCSI Disk Device +++++
--- User ---
[MBR] fdf596f813874b3c634bc6f089f7df65
[BSP] c37df62a04e45389369590ca1a74af10 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SanDisk SDSSDP256G SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 244069 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD1003FBYX-01Y7B SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK


Reply #1March 28, 2016, 02:26:28 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2575
  • Reputation:
    97
    • View Profile
Re: Help with report please - IRP Hook ATAPI
« Reply #1 on: March 28, 2016, 02:26:28 pm »
Hi ManGLee,

Welcome to Adlice.com Forum.
Many thanks for supporting our software. :)

Which security softwares are you using ?
Do you use CD/DVD drive emulator, like DAEMON Tools or similar ?

Regards.

Reply #2March 31, 2016, 06:30:56 pm

ManGLee

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: Help with report please - IRP Hook ATAPI
« Reply #2 on: March 31, 2016, 06:30:56 pm »
Hi, thanks :)

Yeah, i was using daemon tools lite, i uninstalled it and i still have the same problem.

I'm not using any other CD/DVD driver emulator.

Reply #3March 31, 2016, 07:13:14 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2575
  • Reputation:
    97
    • View Profile
Re: Help with report please - IRP Hook ATAPI
« Reply #3 on: March 31, 2016, 07:13:14 pm »
Hi ManGLee,

Daemon tools is known for messing with the ATA/ATAPI controller.
Uninstalling the SCSI Pass Through Direct (SPTD) layer, using SPTDinst, may help.
Anyway, these IRP hooks are perfectly harmless.

Regards.