MyCity » Ambulanta -> Arhiva Ambulante » Problem eiTahy (winlogon.exe)

Problem eiTahy (winlogon.exe)

Napisano na dan: 18.7.2010

Problem eiTahy (winlogon.exe)

Sledeća strana

Pagination

Odgovori

HeliumX Poslao: 18 Jul 2010 17:39 Idi na vrh
offline HeliumX Građanin Pridružio: 24 Maj 2010 Poruke: 51 Gde živiš: PS:CS3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Zdravo svima,imam problem,sumnjam da je ovo neki malwer ili virus,kada startujem kompijuter,pojavi mi se ovo, DSS izbacuje ovo: DDS (Ver_10-03-17.01) - NTFSx86 Run by MARKO at 16:31:04.68 on Sun 07/18/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.603 [GMT 2:00] AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\MARKO\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ??????? ?? ???????????: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll TB: {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No File uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [HKCU] c:\windows\system32\install\winlogon.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Vistadrv] mRun: [VIPv3_Auto_Update] mRun: [run32] c:\windows\system32\run32dll.exe mRun: [HKLM] c:\windows\system32\install\winlogon.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto uExplorerRun: [Policies] c:\windows\system32\install\winlogon.exe mExplorerRun: [Policies] c:\windows\system32\install\winlogon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe uPolicies-explorer: NoWindowsUpdate = 1 (0x1) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) uPolicies-explorer: NoSMHelp = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) mPolicies-explorer: NoSMHelp = 1 (0x1) mPolicies-explorer: NoInstrumentation = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: WB - c:\program files\alienguise\fastload.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File mASetup: {66DQ533A-FA4I-6D68-TS6A-058F33VEIQ5X} - c:\windows\system32\install\winlogon.exe ============= SERVICES / DRIVERS =============== R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-14 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-14 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-14 267432] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-14 60936] S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176] S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] =============== Created Last 30 ================ 2010-07-15 20:36:39 0 d-----w- c:\docume~1\alluse~1\applic~1\ZA_PreservedFiles 2010-07-15 20:23:16 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-07-15 20:23:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-07-15 20:23:05 0 d-----w- c:\windows\system32\ZoneLabs 2010-07-15 20:21:57 0 d-----w- c:\windows\Internet Logs 2010-07-15 20:04:50 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-07-15 12:44:27 0 d-sh--w- c:\documents and settings\marko\IECompatCache 2010-07-15 12:44:03 0 d-sh--w- c:\documents and settings\marko\PrivacIE 2010-07-15 12:42:52 0 d-sh--w- c:\documents and settings\marko\IETldCache 2010-07-15 12:40:00 0 dc-h--w- c:\windows\ie8 2010-07-14 15:34:07 0 d-----w- c:\docume~1\marko\applic~1\Avira 2010-07-14 15:28:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-14 15:28:09 0 d-----w- c:\program files\Avira 2010-07-14 15:28:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-14 11:16:53 0 d-----w- c:\docume~1\marko\applic~1\LimeWire 2010-07-14 11:16:06 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-07-14 11:16:06 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-07-14 10:41:13 0 d-----w- c:\program files\sXe Injected 2010-07-13 11:39:15 0 d-----w- C:\SC3d 2010-07-13 11:39:03 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-07-07 11:05:19 0 d-----w- c:\program files\CCleaner 2010-07-06 15:21:59 0 d-----w- c:\docume~1\marko\applic~1\Search Settings 2010-07-06 12:28:27 0 d-----w- c:\documents and settings\marko\Parts 2010-07-06 12:27:38 0 d-----w- c:\program files\Sidebar 2010-07-06 12:19:47 0 d-----w- c:\docume~1\marko\applic~1\TeamViewer 2010-07-05 19:32:36 0 d-----w- c:\program files\AKSoftware 2010-07-05 13:07:53 0 d-----w- c:\program files\Shock Utility 2010-07-05 13:07:46 65536 ----a-w- c:\windows\IFinst27.exe 2010-07-05 09:01:35 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-07-05 09:01:34 0 d-----w- c:\program files\Custom-Strike 2010-07-01 22:29:41 38848 ----a-w- c:\windows\avastSS.scr 2010-06-25 14:03:58 0 d-----w- c:\docume~1\marko\applic~1\BitTorrent 2010-06-21 16:40:50 0 d-----w- c:\program files\Search Settings 2010-06-21 16:40:44 0 d-----w- c:\program files\Application Updater 2010-06-21 16:39:53 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2010-06-21 16:39:49 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx 2010-06-21 16:39:49 208500 ----a-w- c:\windows\system32\ReyXpBasics.tlb 2010-06-21 16:39:49 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-06-21 16:39:48 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL 2010-06-21 16:39:48 84512 ----a-w- c:\windows\system32\PICCLP32.OCX 2010-06-21 16:39:48 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-06-21 16:39:47 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-06-21 16:39:47 24576 ----a-w- c:\windows\system32\ControlSubX.ocx 2010-06-21 16:39:47 0 d-----w- c:\docume~1\marko\applic~1\FreeFLVConverter 2010-06-21 16:26:50 0 d-----w- c:\docume~1\marko\applic~1\Toolbar4 2010-06-21 16:26:44 0 d-----w- c:\program files\HyCam2 2010-06-21 16:11:20 0 d-----w- c:\program files\BitLord 2010-06-20 18:45:08 0 d-----w- c:\docume~1\marko\applic~1\You-Tube ==================== Find3M ==================== 2010-07-18 14:16:59 648293 ---ha-w- c:\docume~1\marko\applic~1\logs.dat 2010-05-31 14:02:01 111197 ----a-w- c:\windows\ELITE GL 1.0.exe 2010-05-31 14:02:00 24341 ----a-w- c:\windows\wsc.tmp 2010-05-31 14:02:00 24341 ----a-w- c:\program files\wsock32.dll 2010-05-31 14:02:00 24341 ----a-w- c:\program files\common files\wsock32.dll 2010-05-31 14:02:00 24064 ----a-w- c:\windows\trdl.dll 2010-05-31 14:01:59 640 ----a-w- c:\docume~1\marko\applic~1\rcx.dat 2010-05-28 12:47:17 19100 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-28 12:19:18 39424 ----a-w- c:\windows\zipinst.exe 2010-05-01 08:18:27 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-04-30 07:08:07 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-30 07:08:07 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-04-29 14:42:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat ============= FINISH: 16:31:22.96 =============== Attach.txt mycity.rs/must-login.png GMER: mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 18 Jul 2010 18:03 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

HeliumX Poslao: 18 Jul 2010 19:26 Idi na vrh
offline HeliumX Građanin Pridružio: 24 Maj 2010 Poruke: 51 Gde živiš: PS:CS3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo: ComboFix 10-07-16.02 - MARKO 07/18/2010 19:11:00.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.600 [GMT 2:00] Running from: c:\documents and settings\MARKO\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Zwunzi c:\documents and settings\MARKO\Application Data\logs.dat c:\documents and settings\MARKO\Recent\Thumbs.db c:\program files\Internet Explorer\Plugins\npqtplugin2.dll c:\program files\Internet Explorer\Plugins\npqtplugin3.dll c:\program files\Internet Explorer\Plugins\npqtplugin4.dll c:\program files\Internet Explorer\Plugins\npqtplugin5.dll c:\program files\Internet Explorer\Plugins\npqtplugin6.dll c:\program files\Internet Explorer\Plugins\npqtplugin7.dll c:\program files\Messenger\wsock32.dll c:\program files\QuickTime\Plugins\npqtplugin2.dll c:\program files\QuickTime\Plugins\npqtplugin3.dll c:\program files\QuickTime\Plugins\npqtplugin4.dll c:\program files\QuickTime\Plugins\npqtplugin5.dll c:\program files\QuickTime\Plugins\npqtplugin6.dll c:\program files\QuickTime\Plugins\npqtplugin7.dll c:\program files\Search Settings c:\program files\Search Settings\SeARchsettings.dll c:\program files\Search Settings\SearchSettings.exe c:\program files\Search Settings\SearchSettingsRes409.dll c:\program files\Zwunzi c:\program files\Zwunzi\uninstall.exe c:\program files\Zwunzi\zwunzi.exe c:\windows\explorer.backup c:\windows\notepad.tmp c:\windows\system32\install\winlogon.exe c:\windows\system32\msssc.dll c:\windows\system32\notepad.tmp c:\windows\system32\Winbooterr D:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZWUNZI_SERVICE ((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 ))))))))))))))))))))))))))))))) . 2010-07-15 20:36 . 2010-07-15 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles 2010-07-15 20:23 . 2010-07-15 20:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-07-15 20:23 . 2010-06-23 11:51 69120 ----a-w- c:\windows\system32\zlcomm.dll 2010-07-15 20:23 . 2010-06-23 11:51 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2010-07-15 20:23 . 2010-06-23 11:51 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-07-15 20:23 . 2010-07-15 20:36 -------- d-----w- c:\windows\system32\ZoneLabs 2010-07-15 20:21 . 2010-07-15 20:36 -------- d-----w- c:\windows\Internet Logs 2010-07-15 20:04 . 2010-07-15 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-07-15 12:44 . 2010-07-15 12:44 -------- d-sh--w- c:\documents and settings\MARKO\IECompatCache 2010-07-15 12:44 . 2010-07-15 12:44 -------- d-sh--w- c:\documents and settings\MARKO\PrivacIE 2010-07-15 12:42 . 2010-07-15 12:42 -------- d-sh--w- c:\documents and settings\MARKO\IETldCache 2010-07-15 12:40 . 2010-07-15 12:40 -------- dc-h--w- c:\windows\ie8 2010-07-14 15:34 . 2010-07-14 15:34 -------- d-----w- c:\documents and settings\MARKO\Application Data\Avira 2010-07-14 15:28 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-07-14 15:28 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-07-14 15:28 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-07-14 15:28 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-07-14 15:28 . 2010-07-14 15:28 -------- d-----w- c:\program files\Avira 2010-07-14 15:28 . 2010-07-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-14 11:16 . 2010-07-15 09:19 -------- d-----w- c:\documents and settings\MARKO\Application Data\LimeWire 2010-07-14 11:16 . 2010-07-14 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-07-14 11:15 . 2010-07-14 11:15 -------- d-----w- c:\program files\Java 2010-07-14 11:15 . 2010-07-14 11:15 152576 ----a-w- c:\documents and settings\MARKO\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2010-07-14 10:41 . 2010-07-14 10:41 -------- d-----w- c:\program files\sXe Injected 2010-07-13 11:39 . 2010-07-13 11:39 -------- d-----w- C:\SC3d 2010-07-13 11:39 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-07-07 11:05 . 2010-07-07 11:05 -------- d-----w- c:\program files\CCleaner 2010-07-06 15:21 . 2010-07-06 15:21 -------- d-----w- c:\documents and settings\MARKO\Application Data\Search Settings 2010-07-06 12:28 . 2010-07-06 12:28 -------- d-----w- c:\documents and settings\MARKO\Parts 2010-07-06 12:27 . 2010-07-06 12:28 -------- d-----w- c:\program files\Sidebar 2010-07-06 12:19 . 2010-07-06 12:19 -------- d-----w- c:\documents and settings\MARKO\Application Data\TeamViewer 2010-07-05 19:32 . 2010-07-05 19:32 -------- d-----w- c:\documents and settings\MARKO\Local Settings\Application Data\AKSoftware 2010-07-05 19:32 . 2010-07-05 19:32 -------- d-----w- c:\program files\AKSoftware 2010-07-05 13:07 . 2010-07-05 13:07 -------- d-----w- c:\program files\Shock Utility 2010-07-05 13:07 . 2010-07-05 13:07 65536 ----a-w- c:\windows\IFinst27.exe 2010-07-05 09:01 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-07-05 09:01 . 2010-07-05 09:01 -------- d-----w- c:\program files\Custom-Strike 2010-07-01 22:29 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr 2010-06-25 14:03 . 2010-07-07 18:02 -------- d-----w- c:\documents and settings\MARKO\Application Data\BitTorrent 2010-06-24 11:30 . 2010-06-24 11:30 -------- d-----w- c:\program files\Windows Live Safety Center 2010-06-21 18:08 . 2010-07-09 11:22 -------- d-----w- c:\documents and settings\MARKO\Local Settings\Application Data\WMTools Downloaded Files 2010-06-21 16:40 . 2010-06-21 16:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater 2010-06-21 16:40 . 2010-06-21 16:40 -------- d-----w- c:\program files\Application Updater 2010-06-21 16:39 . 2010-06-01 16:39 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2010-06-21 16:39 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-06-21 16:39 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL 2010-06-21 16:39 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-06-21 16:39 . 2010-06-21 16:40 -------- d-----w- c:\documents and settings\MARKO\Application Data\FreeFLVConverter 2010-06-21 16:39 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-06-21 16:26 . 2010-07-07 10:57 -------- d-----w- c:\documents and settings\MARKO\Application Data\Toolbar4 2010-06-21 16:26 . 2010-06-21 16:26 -------- d-----w- c:\program files\HyCam2 2010-06-21 16:11 . 2010-07-07 11:00 -------- d-----w- c:\program files\BitLord 2010-06-20 18:45 . 2010-06-20 18:45 -------- d-----w- c:\documents and settings\MARKO\Application Data\You-Tube . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-18 15:34 . 2010-05-27 13:22 -------- d-----w- c:\program files\Text to Speech Maker 2010-07-14 15:15 . 2010-04-30 10:04 -------- d-----w- c:\program files\Alwil Software 2010-07-10 21:19 . 2010-04-29 15:11 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-08 09:26 . 2010-04-30 09:29 -------- d-----w- c:\program files\Google 2010-07-07 18:08 . 2010-04-29 15:42 -------- d-----w- c:\documents and settings\MARKO\Application Data\Ahead 2010-07-07 11:12 . 2010-05-26 13:06 -------- d-----w- c:\documents and settings\MARKO\Application Data\Media Player Classic 2010-07-07 11:07 . 2010-04-30 07:06 -------- d-----w- c:\program files\Common Files\ACD Systems 2010-07-07 11:07 . 2010-04-30 07:06 -------- d-----w- c:\program files\ACD Systems 2010-07-07 11:05 . 2010-04-29 15:06 19408 ----a-w- c:\documents and settings\MARKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-07 11:02 . 2010-05-02 18:03 -------- d-----r- c:\program files\Skype 2010-07-07 11:02 . 2010-05-02 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-07 11:02 . 2010-04-29 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-07 11:02 . 2010-04-30 07:08 -------- d-----w- c:\program files\CyberLink 2010-07-07 11:01 . 2010-04-30 07:08 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2010-07-07 11:00 . 2010-06-18 11:31 -------- d-----w- c:\program files\Cs 1.6 Color Scheme Editor v3.0 Final 2010-07-07 10:58 . 2010-04-30 14:41 -------- d-----w- c:\program files\Windows sidebar 2010-07-07 10:58 . 2010-06-08 19:36 -------- d-----w- c:\program files\ViSplore 2010-07-07 10:58 . 2010-06-08 19:38 -------- d-----w- c:\program files\ViGlance 2010-07-07 10:57 . 2010-05-23 16:57 -------- d-----w- c:\documents and settings\MARKO\Application Data\THQ 2010-07-07 10:55 . 2010-05-28 12:19 -------- d-----w- c:\program files\Finderbar 1.5 2010-07-07 10:55 . 2010-04-30 07:10 -------- d-----w- c:\program files\AIMP2 2010-07-07 10:54 . 2010-05-23 15:50 -------- d-----w- c:\program files\7-Zip 2010-07-06 19:23 . 2010-05-02 13:18 -------- d-----w- c:\documents and settings\MARKO\Application Data\AIMP 2010-07-05 12:53 . 2010-05-30 13:12 -------- d-----w- c:\program files\(zabranjeno)ed Steam 2010-06-21 20:03 . 2010-05-23 08:45 -------- d-----w- c:\documents and settings\MARKO\Application Data\ViStart 2010-06-19 19:48 . 2010-05-02 18:04 -------- d-----w- c:\documents and settings\MARKO\Application Data\Skype 2010-06-19 19:33 . 2010-05-02 18:07 -------- d-----w- c:\documents and settings\MARKO\Application Data\skypePM 2010-06-18 11:58 . 2010-06-18 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-06-14 18:57 . 2010-06-14 18:56 -------- d-----w- c:\program files\Windows Live 2010-06-14 18:56 . 2010-06-14 18:56 -------- d-----w- c:\program files\Microsoft 2010-06-13 11:08 . 2010-06-13 11:08 -------- d-----w- c:\program files\Stardock 2010-06-06 20:35 . 2010-05-12 21:32 16 ----a-w- c:\windows\popcinfo.dat 2010-06-02 15:52 . 2010-06-02 15:42 -------- d-----w- c:\program files\Styler 2010-06-02 15:43 . 2010-06-02 15:43 -------- d-----w- c:\documents and settings\MARKO\Application Data\Styler 2010-05-31 14:01 . 2010-05-31 14:01 640 ----a-w- c:\windows\rcx.dat 2010-05-31 14:01 . 2010-05-31 14:01 640 ----a-w- c:\documents and settings\MARKO\Application Data\rcx.dat 2010-05-28 12:47 . 2010-05-28 12:47 19100 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-28 12:47 . 2010-05-26 19:26 -------- d-----w- c:\documents and settings\MARKO\Application Data\Apple Computer 2010-05-28 12:46 . 2010-05-28 12:46 -------- d-----w- c:\program files\Common Files\Apple 2010-05-28 12:46 . 2010-05-28 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-28 12:19 . 2010-05-28 12:19 39424 ----a-w- c:\windows\zipinst.exe 2010-05-28 12:14 . 2010-05-28 12:14 -------- d-----w- c:\documents and settings\MARKO\Application Data\IconTweaker 2010-05-28 12:14 . 2010-05-28 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker 2010-05-26 12:38 . 2010-05-26 12:38 -------- d-----w- c:\documents and settings\MARKO\Application Data\AnvSoft 2010-05-23 16:58 . 2010-05-23 16:58 -------- d-----w- c:\program files\Common Files\DirectX 2010-05-05 21:19 . 2010-05-05 21:19 499712 ----a-w- c:\documents and settings\MARKO\Application Data\MessengerDiscovery 2\Plugins\CommandCollection.dll 2010-05-05 21:17 . 2010-05-05 21:17 13312 ----a-w- c:\documents and settings\MARKO\Application Data\MessengerDiscovery 2\Plugins\HackMdBar.dll 2010-05-02 18:07 . 2010-05-02 18:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-05-01 08:18 . 2008-04-14 04:42 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-04-30 09:32 . 2010-04-30 09:32 0 ----a-w- c:\windows\nsreg.dat 2010-04-30 08:58 . 2010-04-30 08:58 1956808 ----a-w- c:\documents and settings\MARKO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-04-30 07:08 . 2010-04-30 07:08 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-30 07:08 . 2010-04-30 07:08 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-04-29 14:45 . 2010-04-29 14:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 14:42 . 2010-04-29 14:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088] "nwiz"="nwiz.exe" [2008-05-17 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2010-4-29 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKLM\~\startupfolder\C:^Documents and Settings^MARKO^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\MARKO\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-15 20:34 136176 ----atw- c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-07-14 11:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb] 2010-04-30 14:39 167936 ----a-w- c:\program files\ViOrb\ViOrb.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\csuljka\\Counter-Strike Source\\hl2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\bit torent skidac\\BitTorrent\\bittorrent.exe"= "d:\\cs 1.6 obican\\CS 1.6 v42 FULL\\hl.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 5:49 PM 77312] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:28 PM 135336] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2010 11:29 AM 136176] . Contents of the 'Scheduled Tasks' folder 2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 09:29] 2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 09:29] 2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1757981266-1177238915-1003Core.job - c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-22 20:34] 2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1757981266-1177238915-1003UA.job - c:\documents and settings\MARKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-22 20:34] 2010-07-18 c:\windows\Tasks\User_Feed_Synchronization-{9DA92150-382F-43E3-BEBD-663791F12270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - WebBrowser-{4C350B19-6CA1-4569-B14C-296D8D6535B2} - (no file) HKLM-Run-Vistadrv - (no file) HKLM-Run-VIPv3_Auto_Update - (no file) HKLM-Run-run32 - c:\windows\system32\run32dll.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-RemoteControl9 - c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe MSConfigStartUp-TrueTransparency - c:\documents and settings\MARKO\Desktop\TrueTransparency\TrueTransparency.exe MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe ActiveSetup-{66DQ533A-FA4I-6D68-TS6A-058F33VEIQ5X} - c:\windows\system32\install\winlogon.exe AddRemove-Steam App 240 - c:\program files\(zabranjeno)ed Steam\steam.exe AddRemove-Zwunzi - c:\program files\Zwunzi\uninstall.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-18 19:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1757981266-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(640) c:\program files\AlienGUIse\fastload.dll - - - - - - - > 'explorer.exe'(3456) c:\windows\system32\SHDOCVW.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WgaTray.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************ . Completion time: 2010-07-18 19:23:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-18 17:23 Pre-Run: 14,129,721,344 bytes free Post-Run: 14,322,376,704 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - AA06061DE8E2EBEFF59275620C350FE7

Profil

Bogdan-Tc Poslao: 19 Jul 2010 00:15 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: DeQuarantine:: C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin2.dll.vir C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin3.dll.vir C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin4.dll.vir C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin5.dll.vir C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin6.dll.vir C:\Qoobox\Quarantine\C\program files\Internet Explorer\Plugins\npqtplugin7.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin2.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin3.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin4.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin5.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin6.dll.vir C:\Qoobox\Quarantine\C\program files\QuickTime\Plugins\npqtplugin7.dll.vir Quit:: Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Kad odradiš po uputstvu napiši mi kakvo je stanje.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem eiTahy (winlogon.exe)

Ko je trenutno na forumu

Ukupno su 1141 korisnika na forumu :: 35 registrovanih, 9 sakrivenih i 1097 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Bane san, Bobrock1, bozo13, cuculo, draganca, Džordžino, elenemste, FileFinder, HogarStrashni, Kazablankasrb, kolle.the.kid, Kubovac, Lieutenant, MiroslavD, mkukoleca, nenad81, nikoladim, Parker, pein, raptorsi, Srle993, stagezin, styg, Tila Painen, tmanda323, Tvrtko I, vandrej, vathra, Vlada78, vladaa012, voja64, vukdra, Zerajic, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by