Hi

I have an issue with Lucky123 that is regularly added to my browsers. I have cleaned already my computer with adwcleaner (4 times). The threads were destroyed, but their reappear.

What I can do more?

Agnieszka

 

Re: Lucky123

Hello,

You've already used another topic to ask for help: https://toolslib.net/forum/viewthread/8982-new-october-2016-adwcleaner-cleans-identified-issues-and-the/?p=1#!messageId-9052

Please use only one topic, here. Someone will answer in three days at most.

Can you share AdwCleaner logfiles ?

Regards,

Re: Lucky123

# AdwCleaner v6.020 -  03/10/2016  16:17:36

***** [ Usługi ] *****

Wykryto usługę: winsaber Wykryto usługę: CornerSunshineSvc

***** [ Foldery ] *****

Wykryto folder: C:\Users\...\AppData\Roaming\Corner Sunshine Wykryto folder: C:\Users\...\Documents\Play Wykryto folder: C:\ProgramData\sozy Wykryto folder: C:\ProgramData\Application Data\sozy Wykryto folder: C:\Program Files (x86)\WinSaber Wykryto folder: C:\Program Files (x86)\winsaber Wykryto folder: C:\Program Files (x86)\Corner Sunshine

***** [ Pliki ] *****

Wykryto plik: C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLL ] *****

Nie wykryto szkodliwych bibliotek DLL.

***** [ WMI ] *****

Nie wykryto szkodliwych kluczy.

***** [ Skróty ] *****

Zainfekowany skrót: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385 ) Zainfekowany skrót: C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385 ) Zainfekowany skrót: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256 Zainfekowany skrót: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN2 Zainfekowany skrót: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&fr Zainfekowany skrót: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389e Zainfekowany skrót: C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g9zd Zainfekowany skrót: C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.mylucky123.com/?type=sc&ts=1475220956&z=485389ea39c9e9334df8668g

***** [ Zaplanowane zadania ] *****

Nie wykryto szkodliwych zadań.

***** [ Rejestr ] *****

Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\dobreprogramy Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\PRODUCTSETUP Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\ICSW1.19 Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\csastats Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\Corner Sunshine Wykryto klucz: HKCU\Software\dobreprogramy Wykryto klucz: HKCU\Software\PRODUCTSETUP Wykryto klucz: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Wykryto klucz: HKCU\Software\ICSW1.19 Wykryto klucz: HKCU\Software\csastats Wykryto klucz: HKCU\Software\Corner Sunshine Wykryto klucz: HKLM\SOFTWARE\Corner Sunshine Wykryto klucz: HKLM\SOFTWARE\WinSaberSvc Wykryto klucz: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Corner Sunshine Wykryto klucz: HKLM\SOFTWARE\CLIENTS\Corner Sunshine Wykryto klucz: [x64] HKCU\Software\dobreprogramy Wykryto klucz: [x64] HKCU\Software\PRODUCTSETUP Wykryto klucz: [x64] HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Wykryto klucz: [x64] HKCU\Software\ICSW1.19 Wykryto klucz: [x64] HKCU\Software\csastats Wykryto klucz: [x64] HKCU\Software\Corner Sunshine Wykryto klucz: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine Wykryto dane: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e Wykryto dane: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com Wykryto dane: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCHP- Wykryto dane: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com Wykryto dane: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mylucky123.com/search/?type=ds&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7L Wykryto dane: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCHP- Wykryto dane: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mylucky123.com/search/?type=ds&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCH Wykryto dane: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCH Wykryto dane: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com Wykryto dane: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mylucky123.com/search/?type=ds&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ Wykryto dane: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256HCH Wykryto dane: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mylucky123.com/search/?type=ds&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929&uid=SAMSUNGXMZ7LN256H Wykryto klucz: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wykryto dane: HKU\S-1-5-21-3028706329-3897238258-986750184-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wykryto dane: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Wykryto klucz: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wykryto dane: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wykryto dane: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Wykryto klucz: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wykryto dane: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Wykryto klucz: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Wykryto klucz: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com

***** [ Przeglądarki internetowe ] *****

Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie. Wykryto preferencje Chromium: [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/?type=hp&ts=1475220956&z=485389ea39c9e9334df8668g9zdm7weo8o1e5tbw4t&from=uvc0929 Wykryto preferencje Chromium: [C:\Users\...k\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/searchfavicon.ico

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [8804 bajty] - [03/10/2016 16:17:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8877 bajty] ##########

# AdwCleaner v6.021 - 12/10/2016  12:49:00


***** [ Rejestr ] *****

Wykryto dane: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Wykryto dane: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [Default] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" Wykryto dane: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [Default] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

***** [ Przeglądarki internetowe ] *****

Wykryto preferencje Firefoksa: [C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\yqrrck07.default-1475501467672\prefs.js] - "browser.search.hiddenOneOffs" -  "Google,Yahoo,Bing,Amazon.com,DuckDuckGo,mylucky123,Twit Wykryto preferencje Chromium: [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/searchfavicon.ico

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8100 bajty] - [03/10/2016 16:18:34] C:\AdwCleaner\AdwCleaner[C2].txt - [5763 bajty] - [11/10/2016 13:35:59] C:\AdwCleaner\AdwCleaner[C3].txt - [1979 bajty] - [11/10/2016 17:47:06] C:\AdwCleaner\AdwCleaner[C4].txt - [1975 bajty] - [12/10/2016 12:14:23] C:\AdwCleaner\AdwCleaner[S0].txt - [9028 bajty] - [03/10/2016 16:17:36] C:\AdwCleaner\AdwCleaner[S1].txt - [8349 bajty] - [11/10/2016 13:35:37] C:\AdwCleaner\AdwCleaner[S2].txt - [2319 bajty] - [11/10/2016 17:46:52] C:\AdwCleaner\AdwCleaner[S3].txt - [2308 bajty] - [12/10/2016 12:14:06] C:\AdwCleaner\AdwCleaner[S4].txt - [2459 bajty] - [12/10/2016 12:49:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2532 bajty] ##########

 

Re: Lucky123

Hello,

Can you

  • Download MalwareBytes Anti Malware here.
  • Launch MalwareByte's Anti Malware from your desktop
  • Click on the tab Settings -> Detection & Protection -> PUP/PUM and check "Treat these detections like malware".
  • Tab Scan choose Threats scan, click on Start scan.
  • If something is detected, choose to Quarantine everything. If it asks you to reboot the computer, do it.
  • After the reboot (or at the end of the exam), launch Malwarebytes -> click on History -> Application logs -> Select the last exam log -> Show.
  • Click on Export -> text file (*.txt) -> Choose the desktop as destination, name the file "report-mbam" for example, and click on Save.
  • Paste the logfile in your next answer.

Best regards,

Re: Lucky123

thank your for the help.

Malwarebytes Anti-Malware

www.malwarebytes.org



Scan Date: 2016-10-16

Scan Time: 20:31

Logfile: 2016_10_16_AP_Logs.txt

Administrator: Yes



Version: 2.2.1.1043

Malware Database: v2016.10.16.07

Rootkit Database: v2016.09.26.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled



OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: ...



Scan Type: Threat Scan

Result: Completed

Objects Scanned: 315005

Time Elapsed: 12 min, 51 sec



Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled



Processes: 1

PUP.Optional.Elex, C:\ProgramData\UvConverter\UvConverter.exe, 1960, Delete-on-Reboot, [e9fe4e4b9bff0e28ec1f7487de2608f8]



Modules: 0

(No malicious items detected)



Registry Keys: 2

PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarantined, [af38f4a5f6a4e155d090eb1c1ce9d927],

PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UVCONVERTER, Quarantined, [e9fe4e4b9bff0e28ec1f7487de2608f8],



Registry Values: 2

PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|ImagePath, system32\DRIVERS\EsgScanner.sys, Quarantined, [af38f4a5f6a4e155d090eb1c1ce9d927]

PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UVCONVERTER|ImagePath, "C:\ProgramData\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}, Quarantined, [e9fe4e4b9bff0e28ec1f7487de2608f8]



Registry Data: 6

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "c:\program files (x86)\mozilla firefox\firefox.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (firefox.exe), Bad: ("c:\program files (x86)\mozilla firefox\firefox.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[b532128772281a1cb4a9896b9c687e82]

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (Chrome.exe), Bad: ("c:\program files (x86)\google\chrome\application\chrome.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[27c091084852ba7cd98020d410f4df21]

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "c:\program files\internet explorer\iexplore.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (iexplore.exe), Bad: ("c:\program files\internet explorer\iexplore.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[d80f9108faa0aa8cd18bb73dfc08ed13]

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "c:\program files (x86)\mozilla firefox\firefox.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (firefox.exe), Bad: ("c:\program files (x86)\mozilla firefox\firefox.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[eafd44552377dc5afd60995b49bb37c9]

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "c:\program files (x86)\google\chrome\application\chrome.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (Chrome.exe), Bad: ("c:\program files (x86)\google\chrome\application\chrome.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[67803069dbbfb284e27739bb35cf07f9]

PUP.Optional.MyLucky123.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "c:\program files\internet explorer\iexplore.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385, Good: (iexplore.exe), Bad: ("c:\program files\internet explorer\iexplore.exe" http://www.mylucky123.com/?type=sc&ts=1476185471&z=54eaa1be23f6bae3c90612ag3z3m2qfg6b3wez2mfo&from=che0812&uid=SAMSUNGXMZ7LN256HCHP-000L7_S20HNXAH120385),Replaced,[cd1af4a5eab071c51d3f777dae565aa6]



Folders: 2

PUP.Optional.PriceFountain, C:\Users\...\AppData\Roaming\PriceFountainUpdateVer, Quarantined, [e403a4f5e1b96fc727720db946bc51af],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],



Files: 29

PUP.Optional.ProductKeyFinder, C:\Users\...\AppData\Roaming\Skype\My Skype Received Files\produkey-x64.zip, Quarantined, [4c9bb5e4306ae94dea4da1af33ce649c],

PUP.Optional.BundleInstaller, C:\Users\...\Downloads\Adobe-Flash-Player-13091-dp.exe, Quarantined, [d80fa6f3841662d47dd3c787ad537e82],

PUP.Optional.InstallCore, C:\Users\...\Downloads\DAEMON-Tools-Lite-12708-dp.exe, Quarantined, [1ccb3b5e801a69cd477ee308ee1317e9],

PUP.Optional.InstallCore, C:\Users\...\Downloads\pobierz_Windows_movie_maker_V16.4.3528.331.exe, Quarantined, [7077a7f20f8b6cca15b241ead22f4cb4],

PUP.Optional.Linkury, C:\Users\...\AppData\Roaming\md.xml, Quarantined, [549329706e2c52e4c881e40ba360e21e],

PUP.Optional.Linkury, C:\Users\...\AppData\Roaming\noah.dat, Quarantined, [984f8613584281b570da846b689b21df],

PUP.Optional.Linkury, C:\Users\...\AppData\Roaming\inst.lat, Quarantined, [3bac4f4aa8f2270f97994badea19c43c],

PUP.Optional.Linkury.Gen, C:\Users\...\AppData\Roaming\Greenhold.tst, Quarantined, [37b03465f2a8bc7afb00d824a65de51b],

PUP.Optional.Linkury.Gen, C:\Users\...\AppData\Roaming\KeyJaylab.tst, Quarantined, [df08762363370531f2098f6dc24119e7],

PUP.Optional.SpyHunter, C:\Windows\System32\drivers\EsgScanner.sys, Quarantined, [af38f4a5f6a4e155d090eb1c1ce9d927],

PUP.Optional.Elex, C:\ProgramData\UvConverter\UvConverter.exe, Delete-on-Reboot, [e9fe4e4b9bff0e28ec1f7487de2608f8],

PUP.Optional.PriceFountain, C:\Users\...\AppData\Roaming\PriceFountainUpdateVer\config.dat, Quarantined, [e403a4f5e1b96fc727720db946bc51af],

PUP.Optional.PriceFountain, C:\Users\...\AppData\Roaming\PriceFountainUpdateVer\info.dat, Quarantined, [e403a4f5e1b96fc727720db946bc51af],

PUP.Optional.PriceFountain, C:\Users\...\AppData\Roaming\PriceFountainUpdateVer\STTL.DAT, Quarantined, [e403a4f5e1b96fc727720db946bc51af],

PUP.Optional.PriceFountain, C:\Users\...\AppData\Roaming\PriceFountainUpdateVer\TTL.DAT, Quarantined, [e403a4f5e1b96fc727720db946bc51af],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Rkey.dat, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\allegro.pl .lnk, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\allegro.pl.ico, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\allegro.pl.lnk, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\allegro.pl.smenu.URL, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\allegro.pl.tbar.URL, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Booking .lnk, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Booking.ico, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Booking.lnk, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Booking.smenu.URL, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\Booking.tbar.URL, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.PriceFountain.Gen, C:\Users\...\AppData\Local\SnobbierEnticement\VigilantnessFlattening.dat, Quarantined, [c126dfbaa5f582b42dabb2e9cf35936d],

PUP.Optional.Linkury.ACMB1, C:\Users\...\AppData\Roaming\Config.xml, Quarantined, [ca1da2f7f1a9d95d792f1e7e867e4eb2],

PUP.Optional.Linkury.ACMB1, C:\Users\...\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [e106e7b2cfcb2f07248565374cb80ef2],



Physical Sectors: 0

(No malicious items detected)





(end)

 

Re: Lucky123

Hello,

Can you please launch AdwCleaner, then start a new scan and past the logfile content on your next answer?

Thank you.

Re: Lucky123

# AdwCleaner v6.030 - raport utworzono 21/10/2016 o 17:40:24
# Ostatnia aktualizacja: 19/10/2016 przez Malwarebytes
# Baza danych : 2016-10-18.1 [Z serwera]
# System operacyjny : Windows 7 Professional Service Pack 1 (X64)
# Nazwa użytkownika : ... - ...
# Lokalizacja programu : C:\Users\...\Downloads\adwcleaner_6.030.exe
# Tryb: Czyszczenie
# Wsparcie : hxxps://www.malwarebytes.com/support



***** [ Usługi ] *****



***** [ Foldery ] *****



***** [ Pliki ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Skróty ] *****



***** [ Zaplanowane zadania ] *****



***** [ Rejestr ] *****

[-] Usunięto wartość: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Sunshinesvc]

***** [ Przeglądarki ] *****

[-] [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: mylucky123
[-] [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Usunięto: hxxp://www.mylucky123.com/searchfavicon.ico

*************************

:: Usunięto klucze "Tracing" :: Zresetowano ustawienia Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8100 bajty] - [03/10/2016 16:18:34] C:\AdwCleaner\AdwCleaner[C2].txt - [5763 bajty] - [11/10/2016 13:35:59] C:\AdwCleaner\AdwCleaner[C3].txt - [1979 bajty] - [11/10/2016 17:47:06] C:\AdwCleaner\AdwCleaner[C4].txt - [1975 bajty] - [12/10/2016 12:14:23] C:\AdwCleaner\AdwCleaner[C5].txt - [2271 bajty] - [12/10/2016 12:49:28] C:\AdwCleaner\AdwCleaner[C6].txt - [1593 bajty] - [21/10/2016 17:40:24] C:\AdwCleaner\AdwCleaner[S0].txt - [9028 bajty] - [03/10/2016 16:17:36] C:\AdwCleaner\AdwCleaner[S1].txt - [8349 bajty] - [11/10/2016 13:35:37] C:\AdwCleaner\AdwCleaner[S2].txt - [2319 bajty] - [11/10/2016 17:46:52] C:\AdwCleaner\AdwCleaner[S3].txt - [2308 bajty] - [12/10/2016 12:14:06] C:\AdwCleaner\AdwCleaner[S4].txt - [2611 bajty] - [12/10/2016 12:49:00] C:\AdwCleaner\AdwCleaner[S5].txt - [2362 bajty] - [21/10/2016 17:39:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [2104 bajty] ##########

 

Re: Lucky123

Hi, still the same problem. Mylucky reapears in chrome after restarting.

# AdwCleaner v6.030 - raport utworzono 24/11/2016 o 11:21:27

# Ostatnia aktualizacja: 19/10/2016 przez Malwarebytes

# Baza danych : 2016-11-23.1 [Z serwera]

# System operacyjny : Windows 7 Professional Service Pack 1 (X64)

# Nazwa użytkownika : …

# Lokalizacja programu : C:\Users\...\Downloads\adwcleaner_6.030.exe

# Tryb: Skanowanie

# Wsparcie : https://www.malwarebytes.com/support



***** [ Przeglądarki internetowe ] *****



Nie wykryto szkodliwych obiektów w przeglądarkach opartych na Firefoksie.

Wykryto preferencje Chromium: [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mylucky123.com/searchfavicon.ico



*************************



C:\AdwCleaner\AdwCleaner[C0].txt - [8100 bajty] - [03/10/2016 15:18:34]

C:\AdwCleaner\AdwCleaner[C2].txt - [5763 bajty] - [11/10/2016 12:35:59]

C:\AdwCleaner\AdwCleaner[C3].txt - [1979 bajty] - [11/10/2016 16:47:06]

C:\AdwCleaner\AdwCleaner[C4].txt - [1975 bajty] - [12/10/2016 11:14:23]

C:\AdwCleaner\AdwCleaner[C5].txt - [2271 bajty] - [12/10/2016 11:49:28]

C:\AdwCleaner\AdwCleaner[C6].txt - [2183 bajty] - [21/10/2016 16:40:24]

C:\AdwCleaner\AdwCleaner[C7].txt - [2482 bajty] - [24/11/2016 11:12:31]

C:\AdwCleaner\AdwCleaner[C8].txt - [2377 bajty] - [24/11/2016 11:19:19]

C:\AdwCleaner\AdwCleaner[S0].txt - [9028 bajty] - [03/10/2016 15:17:36]

C:\AdwCleaner\AdwCleaner[S1].txt - [8349 bajty] - [11/10/2016 12:35:37]

C:\AdwCleaner\AdwCleaner[S2].txt - [2319 bajty] - [11/10/2016 16:46:52]

C:\AdwCleaner\AdwCleaner[S3].txt - [2308 bajty] - [12/10/2016 11:14:06]

C:\AdwCleaner\AdwCleaner[S4].txt - [2611 bajty] - [12/10/2016 11:49:00]

C:\AdwCleaner\AdwCleaner[S5].txt - [2362 bajty] - [21/10/2016 16:39:59]

C:\AdwCleaner\AdwCleaner[S6].txt - [2576 bajty] - [24/11/2016 11:11:07]

C:\AdwCleaner\AdwCleaner[S7].txt - [2605 bajty] - [24/11/2016 11:18:58]

C:\AdwCleaner\AdwCleaner[S8].txt - [2472 bajty] - [24/11/2016 11:21:27]



########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2545 bajty] ##########
# AdwCleaner v6.030 - raport utworzono 24/11/2016 o 11:19:19

# Ostatnia aktualizacja: 19/10/2016 przez Malwarebytes

# Baza danych : 2016-11-23.1 [Z serwera]

# System operacyjny : Windows 7 Professional Service Pack 1 (X64)

# Nazwa użytkownika : …

# Lokalizacja programu : C:\Users\...\Downloads\adwcleaner_6.030.exe

# Tryb: Czyszczenie

# Wsparcie : hxxps://www.malwarebytes.com/support





***** [ Przeglądarki ] *****



[-] [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Usunięto: mylucky123

[-] [C:\Users\...\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Usunięto: hxxp://www.mylucky123.com/searchfavicon.ico





*************************



:: Usunięto klucze "Tracing"

:: Zresetowano ustawienia Winsock



*************************



C:\AdwCleaner\AdwCleaner[C0].txt - [8100 bajty] - [03/10/2016 15:18:34]

C:\AdwCleaner\AdwCleaner[C2].txt - [5763 bajty] - [11/10/2016 12:35:59]

C:\AdwCleaner\AdwCleaner[C3].txt - [1979 bajty] - [11/10/2016 16:47:06]

C:\AdwCleaner\AdwCleaner[C4].txt - [1975 bajty] - [12/10/2016 11:14:23]

C:\AdwCleaner\AdwCleaner[C5].txt - [2271 bajty] - [12/10/2016 11:49:28]

C:\AdwCleaner\AdwCleaner[C6].txt - [2183 bajty] - [21/10/2016 16:40:24]

C:\AdwCleaner\AdwCleaner[C7].txt - [2482 bajty] - [24/11/2016 11:12:31]

C:\AdwCleaner\AdwCleaner[C8].txt - [1641 bajty] - [24/11/2016 11:19:19]

C:\AdwCleaner\AdwCleaner[S0].txt - [9028 bajty] - [03/10/2016 15:17:36]

C:\AdwCleaner\AdwCleaner[S1].txt - [8349 bajty] - [11/10/2016 12:35:37]

C:\AdwCleaner\AdwCleaner[S2].txt - [2319 bajty] - [11/10/2016 16:46:52]

C:\AdwCleaner\AdwCleaner[S3].txt - [2308 bajty] - [12/10/2016 11:14:06]

C:\AdwCleaner\AdwCleaner[S4].txt - [2611 bajty] - [12/10/2016 11:49:00]

C:\AdwCleaner\AdwCleaner[S5].txt - [2362 bajty] - [21/10/2016 16:39:59]

C:\AdwCleaner\AdwCleaner[S6].txt - [2576 bajty] - [24/11/2016 11:11:07]

C:\AdwCleaner\AdwCleaner[S7].txt - [2605 bajty] - [24/11/2016 11:18:58]



########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [2298 bajty] ##########

 

Re: Lucky123

Hello,

Can you stop the Chrome synchronization, and then retry with AdwCleaner?

-> https://support.google.com/chrome/answer/1181420?hl=en

Thanks,