tman555 0 Posted September 13, 2023 Share Posted September 13, 2023 I can't perform sfc /scannow because some corrupted files won't be fixed and dism ecc restorehealth blocks at 62,3%, what the hell can be? Malicious code remotely executed? 2023-09-13 21:56:32, Info CSI 000001c4 Hashes for file member [l:11]'fdeploy.dll' do not match. Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}. Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}. 2023-09-13 21:56:32, Info CSI 000001c5 [SR] Cannot repair member file [l:11]'fdeploy.dll' of Microsoft-Windows-fdeploy, version 10.0.19041.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2023-09-13 21:56:32, Info CSI 000001c6 Hashes for file member [l:7]'fde.dll' do not match. Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}. Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}. 2023-09-13 21:56:32, Info CSI 000001c7 [SR] Cannot repair member file [l:7]'fde.dll' of Microsoft-Windows-fde, version 10.0.19041.746, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2023-09-13 21:56:32, Info CSI 000001c8 Hashes for file member [l:7]'fde.dll' do not match. Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}. Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}. 2023-09-13 21:56:32, Info CSI 000001c9 [SR] Cannot repair member file [l:7]'fde.dll' of Microsoft-Windows-fde, version 10.0.19041.746, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2023-09-13 21:56:32, Info CSI 000001ca [SR] This component was referenced by [l:162]'Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.3448.25A99FAAE4F81CD688B840BFF544384FB372473DF921FE3D5FC9B6AABAF36357' 2023-09-13 21:56:32, Info CSI 000001cb Hashes for file member [l:7]'fde.dll' do not match. Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}. Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}. 2023-09-13 21:56:32, Info CSI 000001cc Hashes for file member [l:7]'fde.dll' do not match. Expected: {l:32 ml:33 b:fc84d33af89d3571ba569d04e39dc410e2730fa9d6c074340c8e0eb6b17dbb76}. Actual: {l:32 b:a1f26b60132f7db711140b4f170bd3a9c92053bf178bef6d5809e12c483bf7fc}. 2023-09-13 21:56:32, Info CSI 000001cd [SR] Could not reproject corrupted file \??\C:\WINDOWS\SysWOW64\\fde.dll; source file in store is also corrupted 2023-09-13 21:56:32, Info CSI 000001ce Warning: Overlap: Directory \??\C:\WINDOWS\SysWOW64\drivers\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2023-09-13 21:56:32, Info CSI 000001cf Warning: Overlap: Directory \??\C:\WINDOWS\SysWOW64\wbem\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2023-09-13 21:56:32, Info CSI 000001d0 Warning: Overlap: Directory \??\C:\WINDOWS\help\mui\0409\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2023-09-13 21:56:32, Info CSI 000001d1 Hashes for file member [l:11]'fdeploy.dll' do not match. Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}. Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}. 2023-09-13 21:56:32, Info CSI 000001d2 [SR] Cannot repair member file [l:11]'fdeploy.dll' of Microsoft-Windows-fdeploy, version 10.0.19041.1, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2023-09-13 21:56:32, Info CSI 000001d3 [SR] This component was referenced by [l:162]'Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.3448.25A99FAAE4F81CD688B840BFF544384FB372473DF921FE3D5FC9B6AABAF36357' 2023-09-13 21:56:32, Info CSI 000001d4 Hashes for file member [l:11]'fdeploy.dll' do not match. Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}. Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}. 2023-09-13 21:56:32, Info CSI 000001d5 Hashes for file member [l:11]'fdeploy.dll' do not match. Expected: {l:32 ml:33 b:413f9913c899d41169f1d6a88b854a86fd1f9daa8a5fd62827be7fdef480c443}. Actual: {l:32 b:5f6331af5e4159a48a5f2da6c9b52c970564f58fc5a889cbcb90f9edca011d90}. 2023-09-13 21:56:32, Info CSI 000001d6 [SR] Could not reproject corrupted file \??\C:\WINDOWS\SysWOW64\\fdeploy.dll; source file in store is also corrupted esetreport.zip Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 13, 2023 Share Posted September 13, 2023 Refer to this forum for assistance: https://www.sysnative.com/forums/threads/persistent-fde-dll-and-fdeploy-dll-corrupt-files-after-running-sfcfix.28124/ Link to comment Share on other sites More sharing options...
tman555 0 Posted September 13, 2023 Author Share Posted September 13, 2023 Ok, thank you! Link to comment Share on other sites More sharing options...
tman555 0 Posted September 15, 2023 Author Share Posted September 15, 2023 Is this an attack? Link to comment Share on other sites More sharing options...
tman555 0 Posted September 15, 2023 Author Share Posted September 15, 2023 E questo? Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 16, 2023 Share Posted September 16, 2023 (edited) On 9/15/2023 at 12:19 AM, tman555 said: Is this an attack? No. By default, the Eset firewall will block inbound UPnP; i.e. protcol UDP port 1900, on the network connection default Public profile. I assume IP address 192.168.1.1 is your router. Some routers enable UPnP traffic for connectivity checking purposes. It is also a potential security risk. You have two choices; 1. Disable UPnP via its Router GUI setting. 2. Unblock the UPnP traffic via Eset Network Wizard which will create a firewall rule to allow the network traffic. -EDIT- Prior to allowing this UPnP traffic through the Eset firewall, it is imperative you verify the router performs UPnP. If it doesn't, assume the router has been hacked and do not allow this traffic through the Eset firewall. Edited September 16, 2023 by itman Link to comment Share on other sites More sharing options...
Recommended Posts