Kone sammuu

Moi

Onko kellään ideoita, kun ajaa virustutkan läpi, kone sammuu..
Samoin tekee spybot.

Jos tosta hjk joku ymmärtää jotain, niin kiitos..

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leevinet.tk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leevinet.tk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: (no name) - {F371B35F-4762-F3FC-43F9-8D65A193EEDB} - C:\DOCUME~1\Leevi\APPLIC~1\Dupebyte\Ballproc.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mix Name Active Locks] C:\Documents and Settings\All Users\Application Data\cash user mix name\CastNurb.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mags grey] C:\DOCUME~1\Leevi\APPLIC~1\THISME~1\Idle anti bone.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136212916359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136212903687
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftware/Install/iFINDERH2O/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.197.172.28:8088/activex/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFE49F3-6FAD-434E-945B-559E9FCE1B32}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23288F-6B39-496A-9C43-D21398172BE5}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83A4627-8B68-49C1-B388-A675E143709C}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAF8BF7-C14B-494C-B3AB-9B1C86D22CA1}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE

 

Moro. Nyt on aika sekaisin kone Mese plus asennettu sponsori tuella.

Avaa ohjaupaneeli->Lisää/Poista Sovellus->Poista: MessengerPlus3

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Loki on täällä -> c:\fixwareout\report.txt

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked)
O2 - BHO: (no name) - {F371B35F-4762-F3FC-43F9-8D65A193EEDB} - C:\DOCUME~1\Leevi\APPLIC~1\Dupebyte\Ballproc.exe (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Mix Name Active Locks] C:\Documents and Settings\All Users\Application Data\cash user mix name\CastNurb.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [mags grey] C:\DOCUME~1\Leevi\APPLIC~1\THISME~1\Idle anti bone.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFE49F3-6FAD-434E-945B-559E9FCE1B32}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23288F-6B39-496A-9C43-D21398172BE5}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83A4627-8B68-49C1-B388-A675E143709C}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAF8BF7-C14B-494C-B3AB-9B1C86D22CA1}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87

Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä kone vikasietotilaan: http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37

[bold]Poista:[/bold] (mustalla merkityt)
C:\Program Files\[bold]Messenger Plus! 3[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]Dupebyte[/bold]
C:\Documents and Settings\All Users\Application Data\[bold]cash user mix name[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]THISME~1[/bold]

[bold]Käynnistä kone normaali tilaan![/bold]

Hommaa ewido: http://aaxxeell.googlepages.com/ewido4
Päivitä, Scannaa, [bold]Poista Löydöt[/bold] ja tallenna Raportti.

Lataa Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt

Lähetä uusi HjT-loki, ewidon raportti, C:\fixwareout\report.txt ja C:\findlop.txt

 

Moi ja kiitos...

Poistin mesen sponsorit ja ajoin fixwareout..
Tuli kone ainakin todella paljon nopeammaks.
Täytyy vielä tehdä noi loputkin.
Mitä toi fixwareout oikein tekee, jätin yöks tekeytyy..
Tuntu kestävän. Toimiiko 98 windowsissa?

T: Leevi

 

FixwareOut toimii win98:ssa. FixwareOut poista noi O17 -rivit, kun ne ei lähde vältämättä fixaamalla ja ovat kaapparin asettamat. Sinä siis asut suomessa? Meinaan noi O17 -rivin IP osoitteet johtaa Ukrainaan.

Muista sitten poistaa ewidon löydöt (ohjeet: http://aaxxeell.googlepages.com/ewido4)

Ja lähetä nämä edellä mainitut lokit, jotta osaan sanoa jatko ohjeet.

Lähetä uusi HjT-loki, ewidon raportti, C:\fixwareout\report.txt ja C:\findlop.txt

 

moi

Onko hyviä ideoita?
Ewido kun scannaa konetta, niin sammuu koko kone jonkun ajan kuluttua.
Tekee saman kun ajaa virustutkaa.

Ewidon scannaukseen asti sain kaikki tehtyä.

 

Aja ewido vikasietotilassa.

 

Sammuu silti...
Pitäiskö aloittaa kaikki alusta?

 

Tässä on nämä nyt ensin, katsotaan saanko muuta ulos.

Logfile of HijackThis v1.99.1
Scan saved at 21:44:58, on 15.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leevinet.tk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136212916359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136212903687
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftware/Install/iFINDERH2O/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.197.172.28:8088/activex/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32
{360FB835-FFDC-42ED-A445-1BE64D9D76A1}.exe
{5DEBBE3C-A43B-46F2-B051-EE02920FD654}.exe

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

 

Tehdään tällatti: (vaihdetaan ewido -> escan)

Avaa ohjaupaneeli->Lisää/Poista Sovellus->Poista: MessengerPlus3

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Loki on täällä -> c:\fixwareout\report.txt

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked)
O2 - BHO: (no name) - {F371B35F-4762-F3FC-43F9-8D65A193EEDB} - C:\DOCUME~1\Leevi\APPLIC~1\Dupebyte\Ballproc.exe (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Mix Name Active Locks] C:\Documents and Settings\All Users\Application Data\cash user mix name\CastNurb.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [mags grey] C:\DOCUME~1\Leevi\APPLIC~1\THISME~1\Idle anti bone.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFE49F3-6FAD-434E-945B-559E9FCE1B32}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23288F-6B39-496A-9C43-D21398172BE5}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83A4627-8B68-49C1-B388-A675E143709C}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAF8BF7-C14B-494C-B3AB-9B1C86D22CA1}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87

Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä kone vikasietotilaan: http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37

[bold]Poista:[/bold] (mustalla merkityt)
C:\Program Files\[bold]Messenger Plus! 3[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]Dupebyte[/bold]
C:\Documents and Settings\All Users\Application Data\[bold]cash user mix name[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]THISME~1[/bold]

[bold]Käynnistä kone normaali tilaan![/bold]

Hommaa eScan: http://koti.mbnet.fi/pattaya1/escanmwav.htm
Pävitä ja scannaa.

Lataa Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt

Lähetä uusi HjT-loki, eScannin raportti, C:\fixwareout\report.txt ja C:\findlop.txt

 

moi

eScanilla skannas tunnin ja sit sammu kone....
Löysi kaks troijalaista, ja ilmeisesti poisti ne.
Ainakin luki file deleted.
Alkaa menee aika mystiseks.

 

Unohdetaan scannerit ja tee tämä: (ja muista lähettää lokit)

Avaa ohjaupaneeli->Lisää/Poista Sovellus->Poista: MessengerPlus3

Lataa fixwareout.exe täältä -> http://downloads.subratam.org/Fixwareout.exe
tai täältä ->
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Loki on täällä -> c:\fixwareout\report.txt

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked)
O2 - BHO: (no name) - {F371B35F-4762-F3FC-43F9-8D65A193EEDB} - C:\DOCUME~1\Leevi\APPLIC~1\Dupebyte\Ballproc.exe (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Mix Name Active Locks] C:\Documents and Settings\All Users\Application Data\cash user mix name\CastNurb.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [mags grey] C:\DOCUME~1\Leevi\APPLIC~1\THISME~1\Idle anti bone.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CFE49F3-6FAD-434E-945B-559E9FCE1B32}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A23288F-6B39-496A-9C43-D21398172BE5}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83A4627-8B68-49C1-B388-A675E143709C}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCAF8BF7-C14B-494C-B3AB-9B1C86D22CA1}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AC10C2B-F22C-40F5-BF6A-4865FF4C534E}: NameServer = 85.255.115.60,85.255.112.87
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.60 85.255.112.87

Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä kone vikasietotilaan: http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37

[bold]Poista:[/bold] (mustalla merkityt)
C:\Program Files\[bold]Messenger Plus! 3[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]Dupebyte[/bold]
C:\Documents and Settings\All Users\Application Data\[bold]cash user mix name[/bold]
C:\DOCUME~1\Leevi\APPLIC~1\[bold]THISME~1[/bold]

[bold]Käynnistä kone normaali tilaan![/bold]

Lataa Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt

Lähetä uusi [bold]HjT-loki, C:\fixwareout\report.txt ja C:\findlop.txt[/bold]

 

Taitaa olla raudassa myös vikaa. Mitkä on koneen lämmöt?

Nuo poistoon kans:

C:\WINDOWS\system32\{360FB835-FFDC-42ED-A445-1BE64D9D76A1}.exe
C:\WINDOWS\system32\{5DEBBE3C-A43B-46F2-B051-EE02920FD654}.exe

 

Laitoin biosiin hälyn 60 asteeseen ja kone huutaa kokoajan.
Mikä on hyvä ohjelma mittaamaan lämpöjä?
Ja miks ne nousee? Tuuletin pyörii..
Yritän ottaa hjt ulos..

Lisää/poista sovelluksessa ei näy mesen plus ohjelmaa.
Poistin sen sillo heti aluks.

 

Cpu lämpö on 94 astetta
ja system lämpö 40 astetta..

Että tulessa on....

 

Jep, eli vika on just siinä. Prossun lämpö on 40-50 astetta liian korkea. Hommaa parempi prosessorituuletin ja lisäksi vielä halutessasi kotelotuuletin.

 

Tuuletin pyörii 2800..
Onks se tarpeeks?
Ihmettelen vaan miks yhtäkkiä nostaa lämpöjä..
Kun ei tätä konetta rasita oikein mikää..
Ainakaan minä..

 

Jaa-a. Onkohan prossun ja tuulettimen väliin laitettu asennusvaiheessa pii/hopeatahnaa?

 

Lataa Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt

Ja laita uusi HjT-loki ja C:\findlop.txt, Niin nähdään onko kone puhtaana.

 

Moi

Tollainen tuli nyt.. Koneen lämpöongelmat johtuivat
todennäköisesti siilin pölyisyydestä..

Findlop.txt oli tyhjä, ei siis lukenut mitään...
Teinkö jotain väärin, vai onko se hyvä asia?


Logfile of HijackThis v1.99.1
Scan saved at 22:43:58, on 17.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leevinet.tk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136212916359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136212903687
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftware/Install/iFINDERH2O/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.197.172.28:8088/activex/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\LEEVI\LOCALS~1\TEMP\_VWUPSRV.EXE

 

Erittäin hyvä asia että Findlop.txt oli tyhjä

HjT-loki on puhdas.

Sitten mene [bold]Windows update[/bold] -palveluun, ja hommaa koneellesi SP2

[bold]Päivitä java:[/bold]
-> Avaa [bold]Lisää/Poista Sovellus[/bold] (Ohjauspaneeli)
-> Poista; Java
-> Lataa tästä uusi java
-> Asenna se

Jos haluat asentaa Mese Plussan turvallisesti -> OHJE!