Buffer Overflow at QueryAllInformationFile

Hello,

I am using Nod32 3.0.621.0 Antivirus.

Running the program 'Process Monitor' from Sysinternals (http://www.microsoft.com/germany/technet/sysinternals/utilities/processmonitor.mspx) it shows very frequently this error with different files on my hard disk.

Event:

Sequence: 26398
Date & Time: 05.02.2008 13:03:46
Event Class: File System
Operation: QueryAllInformationFile
Result: BUFFER OVERFLOW
Path: C:\WINDOWS\Prefetch\PROCMON.EXE-0C5DBC94.pf
TID: 248
Duration: 0.0000028
CreationTime: 03.02.2008 12:57:29
LastAccessTime: 05.02.2008 13:03:46
LastWriteTime: 05.02.2008 13:03:46
ChangeTime: 05.02.2008 13:03:46
FileAttributes: A
AllocationSize: 49.152
EndOfFile: 47.608
NumberOfLinks: 1
DeletePending: False
Directory: False
IndexNumber: 0xc00000001bab8
EaSize: 0
Access: Generic Read
Position: 0
Mode: Synchronous IO Non-Alert
AlignmentRequirement: Word

Process:

Description: Eset Service
Company: ESET
Name: ekrn.exe
Version: 3.00.0621.0000
Path: C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
Command Line: "C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe"
PID: 2004
Parent PID: 1092
Session ID: 0
User: NT-AUTORITÄT\SYSTEM
Auth ID: 00000000:000003e7
Architecture: 32-bit
Virtualized: n/a
Integrity: n/a
Started: 05.02.2008 13:02:22
Ended: (Running)
Modules:
ekrn.exe 0x400000 0x71000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
xpsp2res.dll 0x20000000 0x2D9000 C:\WINDOWS\system32\xpsp2res.dll
ekrnEpfw.dll 0x20300000 0x3E000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
updater.dll 0x21000000 0x2A000 C:\Programme\ESET\ESET NOD32 Antivirus\updater.dll
ekrnUpdate.dll 0x21100000 0x20000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
ekrnAmon.dll 0x21300000 0x3D000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
ekrnEmon.dll 0x21500000 0x17000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
ekrnScan.dll 0x21E00000 0x30000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnScan.dll
ekrnMailPlugins.dll 0x22900000 0x17000 C:\Programme\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
NETAPI32.dll 0x597D0000 0x54000 C:\WINDOWS\system32\NETAPI32.dll
uxtheme.dll 0x5B0F0000 0x38000 C:\WINDOWS\system32\uxtheme.dll
comctl32.dll 0x5D450000 0x9A000 C:\WINDOWS\system32\comctl32.dll
hnetcfg.dll 0x66710000 0x59000 C:\WINDOWS\system32\hnetcfg.dll
wshtcpip.dll 0x719F0000 0x8000 C:\WINDOWS\System32\wshtcpip.dll
WS2HELP.dll 0x71A00000 0x8000 C:\WINDOWS\system32\WS2HELP.dll
WS2_32.dll 0x71A10000 0x17000 C:\WINDOWS\system32\WS2_32.dll
MPR.dll 0x71A80000 0x12000 C:\WINDOWS\system32\MPR.dll
SAMLIB.dll 0x71B70000 0x13000 C:\WINDOWS\system32\SAMLIB.dll
wbemsvc.dll 0x74E50000 0xE000 C:\WINDOWS\system32\wbem\wbemsvc.dll
wbemprox.dll 0x74E70000 0x8000 C:\WINDOWS\system32\wbem\wbemprox.dll
wbemcomn.dll 0x75210000 0x37000 C:\WINDOWS\system32\wbem\wbemcomn.dll
msctfime.ime 0x75250000 0x2E000 C:\WINDOWS\system32\msctfime.ime
fastprox.dll 0x75620000 0x76000 C:\WINDOWS\system32\wbem\fastprox.dll
MSVCP60.dll 0x76020000 0x65000 C:\WINDOWS\system32\MSVCP60.dll
IMM32.DLL 0x76330000 0x1D000 C:\WINDOWS\system32\IMM32.DLL
USERENV.dll 0x76620000 0xB5000 C:\WINDOWS\system32\USERENV.dll
NTDSAPI.dll 0x76750000 0x13000 C:\WINDOWS\system32\NTDSAPI.dll
WINMM.dll 0x76AF0000 0x2E000 C:\WINDOWS\system32\WINMM.dll
Psapi.dll 0x76BB0000 0xB000 C:\WINDOWS\system32\Psapi.dll
iphlpapi.dll 0x76D20000 0x19000 C:\WINDOWS\system32\iphlpapi.dll
rtutils.dll 0x76E40000 0xE000 C:\WINDOWS\system32\rtutils.dll
rasman.dll 0x76E50000 0x12000 C:\WINDOWS\system32\rasman.dll
TAPI32.dll 0x76E70000 0x2F000 C:\WINDOWS\system32\TAPI32.dll
Rasapi32.dll 0x76EA0000 0x3C000 C:\WINDOWS\system32\Rasapi32.dll
DNSAPI.dll 0x76EE0000 0x27000 C:\WINDOWS\system32\DNSAPI.dll
WLDAP32.dll 0x76F20000 0x2D000 C:\WINDOWS\system32\WLDAP32.dll
CLBCATQ.DLL 0x76F90000 0x7F000 C:\WINDOWS\system32\CLBCATQ.DLL
COMRes.dll 0x77010000 0xD3000 C:\WINDOWS\system32\COMRes.dll
OLEAUT32.dll 0x770F0000 0x8B000 C:\WINDOWS\system32\OLEAUT32.dll
comctl32.dll 0x773A0000 0x103000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
ole32.dll 0x774B0000 0x13D000 C:\WINDOWS\system32\ole32.dll
NTMARTA.DLL 0x77660000 0x21000 C:\WINDOWS\system32\NTMARTA.DLL
VERSION.dll 0x77BD0000 0x8000 C:\WINDOWS\system32\VERSION.dll
msvcrt.dll 0x77BE0000 0x58000 C:\WINDOWS\system32\msvcrt.dll
msv1_0.dll 0x77C40000 0x23000 C:\WINDOWS\system32\msv1_0.dll
ADVAPI32.dll 0x77DA0000 0xAA000 C:\WINDOWS\system32\ADVAPI32.dll
RPCRT4.dll 0x77E50000 0x92000 C:\WINDOWS\system32\RPCRT4.dll
GDI32.dll 0x77EF0000 0x47000 C:\WINDOWS\system32\GDI32.dll
SHLWAPI.dll 0x77F40000 0x76000 C:\WINDOWS\system32\SHLWAPI.dll
Secur32.dll 0x77FC0000 0x11000 C:\WINDOWS\system32\Secur32.dll
MSVCR80.dll 0x78130000 0x9B000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
MSVCP80.dll 0x7C420000 0x87000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
kernel32.dll 0x7C800000 0x107000 C:\WINDOWS\system32\kernel32.dll
ntdll.dll 0x7C910000 0xB7000 C:\WINDOWS\system32\ntdll.dll
USER32.dll 0x7E360000 0x90000 C:\WINDOWS\system32\USER32.dll
SHELL32.dll 0x7E670000 0x821000 C:\WINDOWS\system32\SHELL32.dll


Stack:

0 fltMgr.sys fltMgr.sys + 0x1888 0xb9eeb888 C:\WINDOWS\System32\Drivers\fltMgr.sys
1 fltMgr.sys fltMgr.sys + 0x32a0 0xb9eed2a0 C:\WINDOWS\System32\Drivers\fltMgr.sys
2 fltMgr.sys fltMgr.sys + 0x3c48 0xb9eedc48 C:\WINDOWS\System32\Drivers\fltMgr.sys
3 fltMgr.sys fltMgr.sys + 0x4059 0xb9eee059 C:\WINDOWS\System32\Drivers\fltMgr.sys
4 ntkrnlpa.exe ntkrnlpa.exe + 0x18095 0x804ef095 C:\WINDOWS\system32\ntkrnlpa.exe
5 ntkrnlpa.exe ntkrnlpa.exe + 0x6986c 0x8054086c C:\WINDOWS\system32\ntkrnlpa.exe
6 ekrn.exe ekrn.exe + 0x48c4e 0x448c4e C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
7 ekrn.exe ekrn.exe + 0x16891 0x416891 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
8 <unknown> 0xa63a1f 0xa63a1f
9 <unknown> 0xac9400 0xac9400


I have already checked my disks with NOD32, Spybot, AVG-Anti Rootkit Free and booting from Linux CD and checked again with AntiVir and Bitdefender. No malware was found.

The files ekrn.exe wants to access exists on my hard disk and I can edit them, e.g. C:\Programme\Wireshark\services.

Could somebody tell me was this is all about ?

Regards,
Alexander