View original (French)

PC slow, system above 90%

Solved
pof67 Posted messages 32 Status Member -  
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   -
Hello, my computer is sluggish. After running CCleaner and anti-malware, it's still the same. I tried to do a system restore, but after a few hours, it didn't work. I would like some help please, thank you.

5 answers

Answer 1 / 5
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 
Hello,
Test your hard drive with CrystalDiskInfo use the following color codes to interpret the results:

If the disk is OK.

Download FRST once downloaded save it to the desktop then right-click on FRST and choose Run as administrator you will see this:
Click on Analyze

Warning, wait for the messages indicating that the analysis is complete to display



At the end of the analysis you will have two text files on the desktop FRST and Addition

Then send the FRST and ADDITION reports to CJOINT see THIS TUTORIAL then provide the two links generated by Cjoint in your reply.

--
bazfile
Moderator/Security Contributor.
a hello, a reply, a thank you are always appreciated.
0
Answer 2 / 5
pof67 Posted messages 32 Status Member
 
Thank you very much for your help, I was desperate for the hard disk (blue),
https://www.cjoint.com/c/LFfj2KOaqSa
and
https://www.cjoint.com/c/LFfj3WI382a
0
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 
Your PC is not infected; your problem lies elsewhere. There are only a few obsolete processes. If you want to remove them, follow the FRST procedure outlined below.

FOR INFORMATION:

Your version of Windows 10 is not up to date. To check, go to this page, click on Update now, which will start downloading the Microsoft tool. You just need to open it, and it will allow you to update Windows 10 to the latest version and tell you if it is compatible with your PC. Be careful; this update takes some time. Since you have a laptop, plug it in because it would be a shame to run out of battery before the update is completed.



FRST procedure to be done in the order indicated:

1- Open FRST as an administrator. To do this, right-click on FRST and choose Run as administrator
2 - Copy the entire script from the box below: 
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3769725519-4069185657-719761231-1001\...\Run: [OneDrive] => "C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (File not found)
S3 MpKslbfc152a8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A97CF63-CE4C-4C77-811D-003130EDB130}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileCoAuthLib64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\Microsoft.Nucleus.exe" => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
CustomCLSID: HKU\S-1-5-21-3769725519-4069185657-719761231-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll => File not found
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> File not found
ContextMenuHandlers1_S-1-5-21-3769725519-4069185657-719761231-1001: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ContextMenuHandlers4_S-1-5-21-3769725519-4069185657-719761231-1001: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
ContextMenuHandlers5_S-1-5-21-3769725519-4069185657-719761231-1001: [FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrateur\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64\FileSyncShell64.dll -> File not found
FirewallRules: [{A95C405E-FBE5-4DCE-83F7-42902CEEA418}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe => File not found
FirewallRules: [{77AE7EDE-11AE-48B1-B2DE-F2F1B19F64D6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe => File not found
FirewallRules: [{77CA3A0F-07F7-4209-AAD9-E7279CEE6BD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe => File not found
FirewallRules: [{40D24A65-141F-49F8-8E52-898C1B8F8483}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe => File not found
FirewallRules: [{E346E5DE-F2FE-48AA-9F33-BE94987DBE78}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => File not found
FirewallRules: [{1DC91EB7-BC37-43EE-9492-67DA969C8D05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => File not found
FirewallRules: [{FDB1D809-E190-45AF-9E75-6C98DE830AE8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => File not found
FirewallRules: [{8473A9C5-7618-4051-9A4E-912A3A4A5F4A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => File not found
FirewallRules: [{C30615A8-6238-4238-9733-49BEB0DB9D67}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => File not found
FirewallRules: [{36E25AF3-C93E-45D4-80A9-AC4E93FD6AE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => File not found
FirewallRules: [{7348C302-E010-4CF7-8789-1736C975645F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => File not found
FirewallRules: [{DDA1B605-6DE3-4BDF-8E6C-658C1988351A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => File not found
EmptyTemp:
End::

3- Once the script is copied, click on Fix; FRST will automatically take the script from the clipboard.



Let the fix complete; once it's done, you will be asked to restart your PC. Do it as soon as prompted, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop; then send these reports to https://www.cjoint.com/, see this tutorial, and provide the link generated by Cjoint in your next message.
0
Answer 3 / 5
pof67 Posted messages 32 Status Member
 
Thank you, I will do what you told me, but the report indicates a serious threat Trojan:Win32/Wacatac.B!ml, I'm having a hard time using my PC, it's a nightmare.
I'm leaving this afternoon, I will do what you asked me, I'll keep you updated by the end of the afternoon, thank you, it's nice of you to help me.
0
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
  
I am leaving this afternoon I will do what you asked me

I gave you advice and only made suggestions, it's up to you to decide whether to apply them or not since there is no infection on your PC, you are in the virus/security forum and therefore the problem not coming from an infection you will have to go to another forum like the Windows 10 forum to ask your question because here we only deal with infected PCs.

Your problem is more likely coming from a process launched by a software or a legitimate Windows process check the task manager to discover the culprit. 

The report signals a serious threat Trojan:Win32/Wacatac.B!ml

I know you are convinced you have an infection but that is not the case moreover Malwarebytes anti-malware and FRST find nothing.
For Wacatac it's Windows Defender that is behaving badly by detecting FRST as a trojan, this is quite classic with Windows Defender.

For information:
We can see in the FRST report that there have been quite a few application errors and system errors, with the driver "Intel(R) Management Engine Interface driver" also with the Windows defragmenter, you should check if all your drivers are up to date especially the chipset one. 

Application Errors:
==================
Error: (06/04/2022 01:02:00 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center could not validate the caller. Error %1.

Error: (06/04/2022 12:39:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer could not finish reoptimization on \\?\Volume{eaca5632-2c1b-ac1d-f709-31a4953839c1}\ because: The requested operation is not supported by the underlying hardware of the volume. (0x8900002A)

Error: (06/04/2022 12:39:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer could not finish reoptimization on \\?\Volume{eaca5632-2c1b-ac1d-f709-31a4953839c1}\because: The requested operation is not supported by the underlying hardware of the volume. (0x8900002A)

Error: (06/04/2022 11:04:17 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during system restore: (Scheduled checkpoint). Additional information: 0x80070005.

Error: (06/03/2022 06:52:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer could not finish reoptimization on (C:) because: The requested operation is not supported by the underlying hardware of the volume. (0x8900002A)

Error: (06/03/2022 06:26:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name bad_module_info, version: 0.0.0.0, timestamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, timestamp: 0x00000000
Exception code: 0x00000000
Error offset: 0x00000000
Faulting process ID: 0x95c
Faulting application start time: 0x01d87766943f7a08
Faulting application path: bad_module_info
Faulting module path: unknown
Faulting report ID: 65edf79a-20a7-4c25-90ba-cf575a0613b8
Faulting package full name: 
Faulting package relative application ID:

Error: (06/03/2022 02:41:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (6652,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening a log file C:\Windows\SoftwareDistribution\DataStore\Logs\edb00164.log.

Error: (06/02/2022 07:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name bad_module_info, version: 0.0.0.0, timestamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, timestamp: 0x00000000
Exception code: 0xc0020001
Error offset: 0x767fc3a2
Faulting process ID: 0x2f84
Faulting application start time: 0x01d876a5d7397903
Faulting application path: bad_module_info
Faulting module path: unknown
Faulting report ID: 69adee4f-5279-4a14-914d-27cbc6b26f27
Faulting package full name: 
Faulting package relative application ID:


System Errors:
=============
Error: (06/05/2022 11:31:10 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).

Error: (06/05/2022 11:30:39 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).

Error: (06/05/2022 11:30:07 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).

Error: (06/05/2022 11:31:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:16:44 on 04/06/2022 was unexpected.

Error: (06/04/2022 02:24:34 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: An unrecoverable error occurred while creating client credentials for TLS. Internal error state: 10013.

Error: (06/04/2022 01:16:33 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).

Error: (06/04/2022 01:16:02 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).

Error: (06/04/2022 01:15:29 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E000042, FWSTS1: 0x63002106).


That's all from my side.
0
Answer 4 / 5
pof67
 
I’m putting the link: https://www.cjoint.com/c/LFftmceCkja okay thank you for your help and the time spent with me, I will ask the question in the other forum.
0
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 
The fixlog is OK.
0
Answer 5 / 5
pof67 Posted messages 32 Status Member
 
It's much better by disabling the Intel(R) Management Engine Interface driver, it’s no longer lagging at all. I didn’t find how to update it, I’ll manage without it, thank you very much, it’s solved!
0
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 
Yes, as I mentioned earlier, many errors were due to the Intel(R) Management Engine Interface driver, which caused other errors during the hard drive defragmentation. It's still better than an infection. ;)
According to FRST, you have a Lenovo L540 PC; if that's the case and you're still experiencing slowness issues, you can automatically update the drivers via this page. If you're not having any more problems, there's no need to do anything.
I'm marking the post as resolved.
@+ on CCM.
0