Jump to content

ESET SysInspector report finds strange things


Recommended Posts

I can't perform sfc /scannow because some corrupted files won't be fixed and dism ecc restorehealth blocks at 62,3%, what the hell can be? Malicious code remotely executed?

2023-09-13 21:56:32, Info                  CSI    000001c4 Hashes for file member [l:11]'fdeploy.dll' do not match.
 Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}.
 Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}.
2023-09-13 21:56:32, Info                  CSI    000001c5 [SR] Cannot repair member file [l:11]'fdeploy.dll' of Microsoft-Windows-fdeploy, version 10.0.19041.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-09-13 21:56:32, Info                  CSI    000001c6 Hashes for file member [l:7]'fde.dll' do not match.
 Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}.
 Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}.
2023-09-13 21:56:32, Info                  CSI    000001c7 [SR] Cannot repair member file [l:7]'fde.dll' of Microsoft-Windows-fde, version 10.0.19041.746, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-09-13 21:56:32, Info                  CSI    000001c8 Hashes for file member [l:7]'fde.dll' do not match.
 Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}.
 Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}.
2023-09-13 21:56:32, Info                  CSI    000001c9 [SR] Cannot repair member file [l:7]'fde.dll' of Microsoft-Windows-fde, version 10.0.19041.746, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-09-13 21:56:32, Info                  CSI    000001ca [SR] This component was referenced by [l:162]'Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.3448.25A99FAAE4F81CD688B840BFF544384FB372473DF921FE3D5FC9B6AABAF36357'
2023-09-13 21:56:32, Info                  CSI    000001cb Hashes for file member [l:7]'fde.dll' do not match.
 Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}.
 Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}.
2023-09-13 21:56:32, Info                  CSI    000001cc Hashes for file member [l:7]'fde.dll' do not match.
 Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}.
 Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}.
2023-09-13 21:56:32, Info                  CSI    000001cd [SR] Could not reproject corrupted file \??\C:\WINDOWS\SysWOW64\\fde.dll; source file in store is also corrupted
2023-09-13 21:56:32, Info                  CSI    000001ce Warning: Overlap: Directory \??\C:\WINDOWS\SysWOW64\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2023-09-13 21:56:32, Info                  CSI    000001cf Warning: Overlap: Directory \??\C:\WINDOWS\SysWOW64\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2023-09-13 21:56:32, Info                  CSI    000001d0 Warning: Overlap: Directory \??\C:\WINDOWS\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2023-09-13 21:56:32, Info                  CSI    000001d1 Hashes for file member [l:11]'fdeploy.dll' do not match.
 Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}.
 Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}.
2023-09-13 21:56:32, Info                  CSI    000001d2 [SR] Cannot repair member file [l:11]'fdeploy.dll' of Microsoft-Windows-fdeploy, version 10.0.19041.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-09-13 21:56:32, Info                  CSI    000001d3 [SR] This component was referenced by [l:162]'Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.3448.25A99FAAE4F81CD688B840BFF544384FB372473DF921FE3D5FC9B6AABAF36357'
2023-09-13 21:56:32, Info                  CSI    000001d4 Hashes for file member [l:11]'fdeploy.dll' do not match.
 Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}.
 Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}.
2023-09-13 21:56:32, Info                  CSI    000001d5 Hashes for file member [l:11]'fdeploy.dll' do not match.
 Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}.
 Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}.
2023-09-13 21:56:32, Info                  CSI    000001d6 [SR] Could not reproject corrupted file \??\C:\WINDOWS\SysWOW64\\fdeploy.dll; source file in store is also corrupted

esetreport.zip

Link to comment
Share on other sites

On 9/15/2023 at 12:19 AM, tman555 said:

Is this an attack?

No.

By default, the Eset firewall will block inbound UPnP; i.e. protcol UDP port 1900, on the network connection default Public profile.

I assume IP address 192.168.1.1 is your router. Some routers enable UPnP traffic for connectivity checking purposes. It is also a potential security risk.

You have two choices;

1. Disable UPnP via its Router GUI setting.

2. Unblock the UPnP traffic via Eset Network Wizard which will create a firewall rule to allow the network traffic.

-EDIT- Prior to allowing this UPnP traffic through the Eset firewall, it is imperative you verify the router performs UPnP. If it doesn't, assume the router has been hacked and do not allow this traffic through the Eset firewall.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...