gen-hackman

hello tu supprimes et recrées la clé via script : [-HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains] [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains] ""=""

ok thanks I give you the log by MP

okay I'll do that so I don't understand why It scans winsxs folder , it takes some time and I have never saw some infections in this folder in 10 years desinfecting ^^

Ok I 'll delete some lines in the log that I do not want to show

sorry I uninstalled Malwarebytes , I'm gonna reinstall, do a new complete scan and give you the log when it'll be ended the datas , as I remember aren't displayed in the log, only keys and values

If forgot to says it's detects my Program ProcessClose like a malware too it's in download in 10 sites or more ( sosvirus , toolslib, majorgeeks, etc..... ) https://www.google.fr/search?ei=196IW8SmKMyalwSymaHICA&q=ProcessClose+g3n-h%40ckm%40n&oq=ProcessClose+g3n-h%40ckm%40n&gs_l=psy-ab.3...11896.20665.0.21317.12.12.0.0.0.0.262.1754.0j10j2.12.0....0...1c.1.64.psy-ab..0.7.1023...0i19k1j0i22i30k1j33i160k1.0.x6Yoz-wt7qU I attach the file. ProcessClose.zip

Hello Malwarebytes detects HFS.exe like a malware analysing my Computer in it's last version, but it's 100% legit , it comes from Rejetto Http File Transfer ( Allows to transfer a file giving a link in http from PC to PC without Server, I use it for a long time.(perhaps it's cause we have to open a port in the box to make it work it's detected like this.....) http://www.rejetto.com/hfs/ In Virustotal analysis, Malwarebytes says it's Clean..... (zip containing the file attached) ====== it detects too as a Dns.unlocker but these IPs are "Free" OPEN DNS and local IP connection to my box [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]~[DhcpNameServer] : 212.27.40.240 212.27.40.241 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82eba569-60eb-4390-9f4d-45fec09da1b1}]~[DhcpNameServer] : 212.27.40.240 212.27.40.241 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b51955e3-93cb-4826-ac4f-741fec48fcd4}]~[DhcpNameServer] : 192.168.42.129 The value "NameServer" was detected too like a dns.unlocker but I looked in the registry at this place and there's nothing written in this value , no data. ISP: Free SAS Organization: Free SAS AS Number: AS12322 Free SAS 192.168.42.129 => Local ===== And like said My friend rubised in the other topic, detects cjoint.com like Fraud, but here's some examples to show you that's a really a false positive https://quttera.com/detailed_report/www.cjoint.com https://sitecheck.sucuri.net/results/www.cjoint.com And from the Kaspersky VirusDesk : Le lien https://www.cjoint.com est sain Ce lien est sain conformément aux données de réputation de Kaspersky VirusDesk. does mean in english : The link https://www.cjoint.com is healthy This link is healthy according to Kaspersky VirusDesk reputation data. ===== a Last thing : while analyzing my computer, malwarebytes takes very much percents of my processor , I cannot do anything other, it makes my computer going very slow almost static, the browsers pages cannot refresh correctly cause all the processor is taken by Mbam here's an example (png attached) , and sometimes it goes over 80% of the processor hfs.zip