Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2014-10-02 Scan Time: 21:50:11 Logfile: Mbam skan log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.02.07 Rootkit Database: v2014.09.19.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: MichaA? ZiÄ?cina Scan Type: Threat Scan Result: Completed Objects Scanned: 391140 Time Elapsed: 12 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 Trojan.Agent.MNR, C:\Users\User\AppData\Roaming\System32\svchost.exe, 5204, Delete-on-Reboot, [6689808f8eee44f2058d6c1734d0857b] Modules: 0 (No malicious items detected) Registry Keys: 70 PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [9a5554bb5d1f39fda3308f09a75bcd33], PUP.Optional.SaveSense.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71e129ff-6c2a-4984-818c-7e2c998b8d99}, Quarantined, [b738aa654537bb7baa4dbbdb4eb456aa], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [935cf01ffc8046f0f29e590d17ed0bf5], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [34bb9679b0cc68cec8c8dc8a7c88da26], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [33bcb15ef28a54e2f19fd88e4aba926e], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [49a6ea25d3a9dc5a4a46085e6d97916f], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [21ce08073c4054e2315f6cfac53f936d], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [f7f876992b51a4920090db8b9c6821df], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [2fc09877a5d7a690dab6a7bf45bfa25e], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [e807b15ed1abb87ebed2ff67f60e837d], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [915e08076c106dc9325ef670fc08867a], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [15da42cdd9a3c373474992d40ef69070], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [ec037798ec9065d1137d293dc63eeb15], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [11de8887c3b902347b15056120e426da], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [27c81ef13e3eb2847f11521405ff32ce], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [a84708079ce0e84e2868f76f4bb9be42], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [ce217f904d2f0e28395784e2b74d3fc1], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [9758ee21f28a5ed8751b89dd758f11ef], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [4ea1848b572585b1048cd98d57adab55], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [34bb000f49332c0a2070f76f3bc947b9], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [c62945ca96e6b284830d0c5a39cbeb15], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [6f8029e64d2fd165eca4bcaad82c1be5], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [09e666a9611bd066b3dd8bdb32d216ea], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [d41b64abbdbfe452f19ff1759074fb05], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [1cd365aa7408a294751bee78be46c53b], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [0fe08f804537f244bfd1085e57ad9070], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [26c9c748205cbe780b8591d5778d42be], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [8a65d837f389dc5a523ef571778d7090], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [3db2a76837459e98137c8dd9dd2733cd], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, Quarantined, [589710ff9ae26ec8ce6208510cf85aa6], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\SaveSenseLive, Quarantined, [48a742cdc6b6a1958e07c2a40cf8b749], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [fff056b9b6c60036d1bf75f1ea1afd03], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [35ba6ea1abd16dc9eea220463bc915eb], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [0be466a9f4888da93a5682e47094e41c], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [de11db34700c39fdefa1580e0df7e51b], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [02eda16edf9deb4bade37ee8cd37e11f], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [46a9a966a3d9ec4a49472d39e71d16ea], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [925d37d8b7c5fb3baae66204d3316799], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [28c7b25dfa825ed80b857fe79272669a], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [34bb8a85e29a092df0a0630341c3ea16], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [5e9163ace29af442751b7beb4eb63ec2], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [25caef2082fa6ec8088882e437cd51af], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [a54a8b84b4c8a88ef19f7de93fc5c838], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [2dc27a95a8d4082efe92382ee4201de3], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [b23d7a951c6065d1d9b74323877d9e62], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [5e91d53a36460531d7b9a5c128dc14ec], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [6d82f619c3b92e08efa10165aa5a6d93], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [18d7d53a7705e155e5abd294838134cc], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [a14ee22da8d4bf7790005f0724e051af], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [b03f25eae3990e28cfc10b5bec18d42c], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [04ebc14e15673df9b5dbc6a045bf649c], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [9f50ea25fe7eea4c0f81372f0103748c], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [2dc206093c40c670b7d99dc9fc0845bb], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [d41b5cb36c10ee48711f03637b8912ee], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [d41b8e8153297eb80a86e28434d055ab], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [3fb0f11e7408ab8b0f812e38e71db749], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [f5fa9d723a4293a3c5cba4c25da7da26], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [0be46fa0a7d5cb6b5936f96df3113dc3], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3, Quarantined, [fef11df2611bb284801365010400a65a], PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9, Quarantined, [5996cc438eeef3435d36aeb855af01ff], PUP.Optional.SaveSense.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, Quarantined, [836c8f802e4e91a50f824d19fa0aa15f], PUP.Optional.SaveSense.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, Quarantined, [dc1342cd9ddf1f1795fd9dc9709417e9], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [af407d92750768cee892063b3bc8d12f], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [ba359877e399a78fa333144357ad1fe1], Registry Values: 2 Trojan.Agent.MNR, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|System Network Service, C:\Users\User\AppData\Roaming\System32\svchost.exe, Quarantined, [6689808f8eee44f2058d6c1734d0857b] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3168158027-1598748805-4083129569-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1N2Y1S0V1R1H, Quarantined, [ba359877e399a78fa333144357ad1fe1] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.SaveSense, C:\Users\User\AppData\Roaming\SaveSense, Quarantined, [e8070906daa22e081bb3578a669c2fd1], PUP.Optional.SaveSense, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense, Quarantined, [dc130609c7b577bf25aa637eec1659a7], Files: 7 Trojan.Agent.MNR, C:\Users\User\AppData\Roaming\System32\svchost.exe, Delete-on-Reboot, [6689808f8eee44f2058d6c1734d0857b], Trojan.BitcoinMiner, c:\Users\User\AppData\Roaming\System32\minerd.exe, Quarantined, [42ad818e512b0531bd693cdc857c2bd5], PUP.Optional.SaveSense.A, C:\Users\User\AppData\Local\Temp\is1751165634\1085096_stp\sas.exe, Quarantined, [658a818e95e77eb8bb1e84d06899eb15], PUP.Optional.SaveSense.A, C:\Users\User\AppData\Local\Temp\{0E429184-8396-48D6-9803-E3EA585C46C0}\o-update\SaveSenseLive.exe, Quarantined, [de112ce3ef8df4420833dfa0827f4cb4], PUP.Optional.SaveSense, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url, Quarantined, [dc130609c7b577bf25aa637eec1659a7], PUP.Optional.SaveSense, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url, Quarantined, [dc130609c7b577bf25aa637eec1659a7], PUP.Optional.SaveSense, C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk, Quarantined, [dc130609c7b577bf25aa637eec1659a7], Physical Sectors: 0 (No malicious items detected) (end)