corrupted/infected "samsung recovery"

[uef]

Good morning all,

I'm 52 years old and a friend assigned me a drive letter to the "samsung recovery" partition and without paying attention
infected the "samsung recovery" partition with onesafe, and a zip bomb,
the D: / disc was also touched by the zip bomb

all peripherals are connected (card, usb disk, external disk, etc ...) but only the smartphone & tablet ares
recognized by the explorer

we must download and then reinstall a new "samsung recovery" partition / pe environment of samsung recovery on the internal disk; But how to do it ?


below reports/logs of usbfix adsfix pre_scan:


Thanks...

 

[Corrine]

Hi, uef. Welcome to Sysnative.

Please disconnect all removable devices from the PC and follow the instructions at Malware Removal Posting Instructions.

Thank you.

 

[uef]

and frst logs

 

[Corrine]

Hi, uef.

Based on the portions of the logs you attached, you are not using a current version of FRST. Please do the following:

1. Please download a fresh copy of Farbar Recovery Scan Tool (FRST) and save it to your Desktop.
2. Because your operating system is not English, rename the downloaded file as EnglishFRST64.exe (64-bit) or EnglishFRST.exe (32-bit) so the resultant log will be in English.
3. After the scan has been completed, Copy/paste both FRST.txt and Addition.txt into your reply rather than attaching the logs.

You can review the complete instructions again here: Malware Removal Posting Instructions | Sysnative Forums

Thank you.

 

[uef]

i can upload this -> done

 

[uef]

all connected devices including android, ipod, are no longer recognized, only
keyboard & mouse are recognized


thanks...

 

[uef]

wisecleaner are malicious ?

 

[Corrine]

Hi, uef.

Thank you for the updated logs, although it would be much easier for me if you had renamed the downloaded file as EnglishFRST64.exe since I am not multi-lingual.

A. The logs show that there are multiple accounts on your PC with Administrator privileges with the aurore rousseau account being the account FRST was run from.

nawell cassouzet (S-1-5-21-185298743-3200257722-2405642193-1004 - Administrator - Enabled) => C:\Users\nawell cassouzet
night sun anti-VEFM1 (S-1-5-21-185298743-3200257722-2405642193-1001 - Administrator - Enabled) => C:\Users\night sun anti-VEFM1

1. If the other two accounts are not trusted users of your PC, do the following to make the change to standard/limited user:
2. Open Settings
3. Click on Accounts
4. Click on Family & other users
5. Under the "Your family" or "Other users" section, select the user account
6. Click the Change account type button
7. Select the Standard User account type and change to disabled
8. Click the OK button.

B. Edit: End of support for the Home version of Windows 10 Version 1709 ended April 9, 2019. It was the Enterprise or Education editions Pro versions that were extended to October 13, 2020 and will receive a final security update then. Regardless, the lack of space on your device will not allow version updates to be installed. Thus, I strongly recommend uninstalling unneeded and, in some cases, not recommended programs as well as the disabled anti-malware programs installed, followed by disk cleanup.

1. Avast: Avast Uninstall Utility | Download aswClear for Avast Removal
2. ByteFence Anti-Malware: Although not malicious, however, it has been known to be installed with adware or unwanted programs.
3. BitTorrent and Deluge: With P2P file sharing, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files. Thus, it is strongly suggested you uninstall both BitTorrent and Deluge.
4. Avast Cleanup Premium, BeeDoctor, Kerish Doctor 2020, OneSafe PC Cleaner, Dll-Files Fixer and Volume Concierge 2: It is your computer, thus, your choice. However, unless you know what you're doing, registry cleaners and similar cleanup programs are generally not recommended. In addition, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.
5. WebDiscover Browser is a potentially unwanted program that installs it's own customized Chromium browser.

C. After uninstalling those programs, shutdown/restart your computer and do the following to clean up additional space:

1. In the search box on the taskbar, type disk cleanup, then select it from the results.
2. Select the check box next to the type of files you want to delete. (To view a description of each type of file, select the name.) You can select everything there, but be careful if you need some files in the Downloads folder.
3. Press the button Clean up system files and wait a bit.
4. Again, select everything you don't need, including old Windows installations, if any.
5. Select the tab More options.
6. Under the title System Restore and Shadow Copies, press Clean up.
7. Press Delete and OK if you are asked to.
8. Wait some time (depending of the items that are deleted).
9. Restart the computer when the process is finished.

D. Please provide fresh FRST logs and copy/paste the logs in your next reply.

 

[uef]

frst logs (no especially AVG PC TuneUp Utilities, Spybot & others foistwares)

what is opinion of Softorino products (memory optimizer pro, volume concierge , spybot search & destroy, folder colorizer, waltr & task forcequit ) ?

 

[zbook]

The text reports were in a foreign language.

Please use English as the default language then post new reports:

Add, Remove, and Change Display Language in Windows 10
Change Display Language in Windows 10


The Windows version displayed: Windows 10 Home Version 1709 16299.64
Did you want to upgrade to Windows 2004?
Were upgrades blocked or were there upgrade failures?

Please run the Sysnative log collector > upload results into this thread
Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista

 

[uef]

The text reports were in a foreign language.

Please use English as the default language then post new reports:

Add, Remove, and Change Display Language in Windows 10
Change Display Language in Windows 10


The Windows version displayed: Windows 10 Home Version 1709 16299.64
Did you want to upgrade to Windows 2004?
Were upgrades blocked or were there upgrade failures?

Please run the Sysnative log collector > upload results into this thread
Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista

i wait october 8th to update my pc into 19H2 &/or 2004
i uninstall daemon tools
uninstall Paragon softwares until october 8th
my uncle says "Tor browser are better than Paragon Softwares, Windows 19H2 & Windows 20H1", my system buffers are infected

Traduction:
la mémoire tampon est infectée en permanence

and i'm infected by AldiBot: -> « Aldi Bot », le réseau zombie hard-discount | G DATA

Thanks...

 

[uef]

Ad-Aware Eset Comodo & Avira are the 4 antimalwares apps

i think better than AVG

 

[uef]

not free space for install Sims 3 & Sims 4 -> 35 GB Required

no devices (includes usb disks, android, ipod) recognized in explorer -> it's a shame

 

[Corrine]

@zbook, BSOD threads are not analyzed in this forum. At this point, there is not sufficient free space on the device to upgrade the Windows 10 version. In addition, when helping members, we deal with one issue at a time. Also, it is not necessary for @uef to change the default language on his computer.

@uef, as to your question regarding various optimizers, etc., as I indicated above, unless you know what you're doing, registry cleaners and similar cleanup programs are generally not recommended. In addition, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities. In addition, due to the lack of space on your computer, at this point, a priority is removal of programs providing duplicate actions. In addition, until you do clear additional space on your computer, you will not be able to update to either 19H2 or 2004. That will involve uninstalling programs that provide duplicate services as; such as, selecting one antivirus program, wihether it be ESET, Comodo, Avira or Windows Defender.

As to your uncle's diagnosis, as I indicated above, "With P2P file sharing, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files. Thus, it is strongly suggested you uninstall both BitTorrent and Deluge." It is known that with P2P programs, people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

A. My earlier instructions pointed out a second user on your computer with Administrator privileges. Although that user no longer shows as Administrator, now anti-sandra camondo is:

anti-sandra camondo (S-1-5-21-185298743-3200257722-2405642193-1005 - Administrator - Enabled) => C:\Users\anti-sandra camondo

Please do the following:

• Open Settings
• Click on Accounts
• Click on Family & other users
• Under the "Your family" or "Other users" section, select the user account
• Click the Change account type button
• Select the Standard User account type for anti-sandra camondo and change to disabled
• Click the OK button

B. Also note that there are ~40 additional users shown on the computer! As a result, after changing permissions for anti-sandra camondo, please do the following:

1. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) is unchecked.
  Under the title Potentially unwanted items are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threads are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

2. Run AdwCleaner (Scan mode)
Download AdwCleanerand save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

In your next reply, please make sure to post:

1. The MBAM report
2. AdwCleaner[S0*].txt

3. Please then provide fresh FRST logs and copy/paste the logs in your next reply.

 

[uef]

we think my our pc had marked/burned with red branding iron


we are uef Nathalie Tulissi, Noémie, Lynnlo.Léa(a le brulog) aka Camondo, and sysnative are perhaps partnership with tweaking.com & Samsung S-Voice app on Android,

the problem persists if we goin' download/install from Play Store Samsung S-Voice app in/for my Huawei Y6 2018 Phone, and we ran SFCFix

we think sysnative have partnership with S-Voice, SFCFix, Tweaking.com in the past (like Ad-Aware have partnership with Avanquest in the past and more actually)


seems my problem/bugs in Samsung S-Voice in tabet/huawey phone (and downloading S-Voice apk from Windows for all my android devices/disks on windows explorer) and my tablet (sometmes recognized at windows explorer) have big bug on old Play Store app, with big bug makes impossible to upgrade-install into a new version of Play Store (the tablet is marked "GT-P7501" on explorer
aand problem with SFCFix and twreaking.com (his sites & apps)

in rage we unactived/disabled Avira but persists

it's a grotty bug/glitch

mbam can scanned D:/ & F/: disks
adwcleaner have scan mode only

and i don't know what to tell my Noémie, Lea,A le brulog wifes & nathalie & forums members (such in samsung & tweaking.com forums)

we ran Comodo, PC Performer, ESET, Wondershare Any Disk Cleaner by Wondershare, then MBAM in clean mode & Adwcleaner in scanmode

then no make illusion for enter in maintenance/diagnostic mode weand mbam chameleon comes updated into MBAM v4.0 from mbam chameleon


with my mania for switch windows language to english for english forums (bleepingcomputer, adaware emsisoft forums, malwaretips, etc...)

my keyboard suddenly switched to qwerty

in rage i played in my mp3 player the Chipmunk version of Izzo (H.O.V.A) by Jay-Z & You Don't Know Me by Armand Van Helden & try to switch to initial AZERTY mode same way into go keeping english language

but sadly blocked in qwerty,



i want french keyboard standard and english language in pc



but interface language stays in french (bug)

it's blocked to qwertyand i cant to configure to azerty (bug)

it's infectious


because of that bugs/infections my cousin Nathalie is crying, in rage i play Say So by Doja Cat & Rain On Me by Lady Gaga ft Ariana Grande on my magnetophone,

my mother decided to ran Ultra Adware Killer i uninstalled bittorrent & deluge

it's rain on my pc, WinThruster/Solvusoft/Spybot S&D blow my pc


infections at full frequency and if i goin' swith language to english it's blocks/stays on french sadly

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-09-29.1 (Cloud)
# Support: Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-03-2020
# Duration: 00:03:12
# OS: Windows 10 Home
# Scanned: 31837
# Detected: 28


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.SysTweak C:\Users\aurore rousseau\AppData\Roaming\Systweak
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\All Users\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\Users\aurore rousseau\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\aurore rousseau\AppData\Roaming\Lavasoft\Web Companion

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\anti-sandra camondo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
PUP.Optional.Legacy C:\Users\anti-sandra camondo\Desktop\Goodgame Empire.lnk
PUP.Optional.Legacy C:\Windows\System32\drivers\TFsFltX64.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f368b816-06f5-47fc-8081-c169498bfa92}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f368b816-06f5-47fc-8081-c169498bfa92}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f368b816-06f5-47fc-8081-c169498bfa92}|UninstallString
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
PUP.Optional.SysTweak HKCU\Software\systweak
PUP.Optional.SysTweak HKLM\Software\Wow6432Node\systweak
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


thanks...

 

[uef]

et aussi...:

Sysnative BSoD Collection blocks on repeated "Waiting for SystemInfo"

 

[uef]

frst:


wait a minute: Sysnative is a concurrent of Nirsoft by Microsoft
Sysnative is a brand of Microsoft


no, my memory comes back: is Sysinternals, not sysnative

i had until today a alzheimer: i believed Sysnative a concurrence of Nirsoft by Microsoft, finally is Sysinternals

we are BNAN/Anti-DFM2 and we sorry for confuse Sysnative with Sysinternals

we apologize to confuze

everybody knows when somebody confused Sysnative with Sysinternals


i think the Sysinternals forums exists

 

[Corrine]

Hi, uef. Let me assure you, Sysnative is not associated with any other forum, business or company.

There are certainly a lot of people using that computer. Please do not download or run any other malware removal programs unless requested in the steps of cleaning the computer. It is also important that you request the same of other users on the computer.

Please do the following:

Right-click AdwCleaner.exe and select Run as Administrator to start the tool.

• Press the Scan Now button and wait for it to complete.
• A window titled Scan Results will open.
• Ensure all boxes are checked and click Quarantine.
• Click Next.
• If preinstalled software was detected during the scan, click OK to close the dialog box.
• If you would like to remove any preinstalled software, check the respective boxes. (If you aren't experiencing any issues with the software, no need to select any)
• Select Quarantine.
• Click Continue > Restart now.
• After the restart, AdwCleaner will open. (If not, right-click AdwCleaner.exe and select Run as Administrator)
• Click the Log Files button on the left pane.
• Doubleclick the newest log file to open it in Notepad. (AdwCleaner[Cxx].txt, where x is replaced by a number)
• Copy and paste the contents of the log to your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt

Please then provide fresh FRST logs and copy/paste the logs in your next reply. Note, that it isn't necessary to provide the shortcut.txt.

 

[uef]

basic informations of sysnative user/samsung s-voice (for android) user/tweaking.com & camondo museum (nissim de camondo museum in paris) user/noemie/L.L. Torres/a le brulog/Nathalie a.k.a Mrs Widen41 aka UEF Clan accounts in our pc are adwcleaner & frst

 

[Corrine]

Hi, uef.

​

Please do not download or run any other malware removal programs unless requested in the steps of cleaning the computer. It is also important that you request the same of other users on the computer.

Regardless of my specific request about you and family members not downloading anything or running other removal programs, this has continued. We will not be able to continue assisting if this persists as it tends to cause other issues. Thank you and your family for understanding.

Please uninstall the following programs:

Ashampoo Snap 10​

BeeDoctor​

ByteFence Anti-Malware​

McAfee Safe Connect​

Smart Privacy Cleaner v2.0​

Kerish Doctor 2020​

NoVirusThanks Win Update Stop​

UsbFix Anti-Malware Premium​

After completing that, restart the computer and please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".

Start::
CreateRestorePoint:
CloseProcesses:
McAfee Safe Connect (HKLM-x32\...\{7827AC7B-8F5F-45B4-8864-6A951BA959D8}) (Version: 2.8 - McAfee, LLC.) Hidden
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [PcgShlExt] -> {83F61F6E-D265-40C7-AD53-7F2C37AE8F7A} => C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgShlExt64.dll [2014-11-06] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
ContextMenuHandlers4: [PcgShlExt] -> {83F61F6E-D265-40C7-AD53-7F2C37AE8F7A} => C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgShlExt64.dll [2014-11-06] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [PcgShlExt] -> {83F61F6E-D265-40C7-AD53-7F2C37AE8F7A} => C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgShlExt64.dll [2014-11-06] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
ContextMenuHandlers1_S-1-5-21-185298743-3200257722-2405642193-1008: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-185298743-3200257722-2405642193-1008: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-185298743-3200257722-2405642193-1008: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1_S-1-5-21-185298743-3200257722-2405642193-1009: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-185298743-3200257722-2405642193-1009: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-185298743-3200257722-2405642193-1009: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1_S-1-5-21-185298743-3200257722-2405642193-1010: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-185298743-3200257722-2405642193-1010: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-185298743-3200257722-2405642193-1010: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1003 -> DefaultScope {7B5E17A5-1DFB-4269-9519-177F01849132} URL = 
SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1003 -> {7B5E17A5-1DFB-4269-9519-177F01849132} URL = 
SearchScopes: HKU\S-1-5-21-185298743-3200257722-2405642193-1009 -> DefaultScope {7B5E17A5-1DFB-4269-9519-177F01849132} URL = 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [BeeDoctor-Tray] => C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\pcgstartup.exe [831056 2014-11-06] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
HKU\S-1-5-21-185298743-3200257722-2405642193-1003\...\Run: [] => [X]
HKU\S-1-5-21-185298743-3200257722-2405642193-1003\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [577296 2015-04-27] (Anvei Technology Co., LTD -> Anvisoft)
HKU\S-1-5-21-185298743-3200257722-2405642193-1008\...\Run: [Rewasd Tray Agent] => "D:\Users\Maud, justine, aurélie & aïcha\reWASD\reWASDTray.exe" -autoremap
HKU\S-1-5-21-185298743-3200257722-2405642193-1008\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Task: {67DB5419-958B-4514-8E71-2B9736F8F85E} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3942880 2020-05-19] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {D15A6E66-7D48-4348-A5C9-39A1BD015AAA} - System32\Tasks\Kerish Doctor => C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe [4892280 2020-10-03] (OOO AMA -> Kerish Products)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\yaqqis0qmu5.js [2020-10-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\yaqqis0qmu5.cfg [2020-10-02] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
S2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42768 2015-04-27] (Anvei Technology Co., LTD -> Anvisoft)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [162272 2020-05-19] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
R2 PCGRTP; C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgRtp.exe [1044688 2014-11-06] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
S2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2020-10-03] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
S2 WALTR2Service; C:\Program Files\WALTR2\x86\WALTR2Service.exe [X]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [X]
R4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 bbwfp; C:\Program Files (x86)\Anvisoft\Cloud System Booster\wfp\x64\BBWFP.sys [40720 2015-03-24] (Anvei Technology Co., LTD -> Anvisoft)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [161408 2017-09-12] (Zemana Ltd. -> Zemana Ltd.)
R2 PcgSysMonX64; C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgSysMonX64.sys [134736 2014-08-22] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
R2 TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [98384 2014-08-22] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
R4 TSSysKit; C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\TSSysKit64.sys [97360 2014-08-22] (BEETALK PRIVATE LIMITED -> BeeDoctor Private Limited)
R2 WiseFs; C:\Windows\WiseFs64.sys [66512 2020-10-03] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2020-10-02] (Zemana Ltd. -> Zemana Ltd.)
U2 agp440; no ImagePath
R4 avusbflt; System32\Drivers\avusbflt.sys [X]
U0 Compbatt; no ImagePath
R4 eamonm; system32\DRIVERS\eamonm.sys [X]
R4 edevmon; system32\DRIVERS\edevmon.sys [X]
R4 ehdrv; \SystemRoot\system32\DRIVERS\ehdrv.sys [X]
R4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X]
U2 ERSvc; no ImagePath
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
U2 IAStorDataMgrsvc; no ImagePath
S0 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
U2 NIHardwareService; no ImagePath
U2 NVSvc; no ImagePath
U2 Parvdm; no ImagePath
U2 srService; no ImagePath
U2 wudfsvc; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
C:\Program Files (x86)\Wondershare
C:\Windows\System32\DRIVERS\KeyCrypt64.sys
C:\Windows\system32\Drivers\TFsFltX64.sys 
C:\Windows\WiseFs64.sys
C:\Windows\System32\drivers\zamguard64.sys
C:\Windows\system32\DRIVERS\avkmgr.sys
C:\Program Files\Common Files\McAfee
C:\Program Files (x86)\Kerish Doctor
C:\Program Files\ByteFence
C:\Program Files (x86)\Anvisoft
C:\Program Files\ByteFence
C:\Program Files (x86)\BeeDoctor
EmptyTemp:
End::

• Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
• Please post the log in your next reply.