Vraag & Antwoord

Beveiliging & privacy

Open port 53.. Just a check

Anoniem
None
47 antwoorden
  • Oké.

    We gaan opruimen en nog een kleine test doen!

  • Ik moest Armor elke keer weer van alles toestaan..

    log:


    Results of screen317's Security Check version 0.99.28
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    [b:00c028cc9e]``````````````````````````````
    [u:00c028cc9e]Antivirus/Firewall Check:[/u:00c028cc9e][/b:00c028cc9e]
    Windows Firewall Disabled!
    Avira Free Antivirus
    ESET Online Scanner v3
    Online Armor 5.1
    [size=1:00c028cc9e]WMI entry may not exist for antivirus; attempting automatic update.[/size:00c028cc9e]
    Avira successfully updated!
    [b:00c028cc9e]```````````````````````````````
    [u:00c028cc9e]Anti-malware/Other Utilities Check:[/u:00c028cc9e][/b:00c028cc9e]
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 29
    Adobe Flash Player ( 10.2.152.32) [b:00c028cc9e]
  • Online Armor heeft als bijzonderheid een actieve keyloggerscan.
    Dus bij vrijwel elke nieuwe installatie van software enz. meldt de firewall zich.
    Dat geeft vertrouwen erin, dat wil op gegeven moment een drive-by-download zich installeren, dat niet alleen Windows zelf eigenlijk maar ook de firewall hier melding van zal geven!

    Java is volgens de NL-Java-site uptodate, maar die site loopt achter!


    Er zijn twee onderdelen in Windows, die altijd de nieuwste versie dienen te zijn en dat zijn Java runtime en Adobe Flash Player.
    Waarom: in die nieuwste versies zijn altijd de ontdekte veiligheidsrisico's uitverbeterd en ook dat vaak het tool zelf beter funktioneert!

    Ga nu eerst naar Configuratiescherm
    [list:b06492cf2e][*:b06492cf2e][b:b06492cf2e]Software[/b:b06492cf2e] - Windows 2000/Windows XP
    [*:b06492cf2e][b:b06492cf2e]Programma's en onderdelen[/b:b06492cf2e] - Windows Vista en Windows 7[/list:u:b06492cf2e]
    en verwijder daar volgende onderdelen:

    Java(TM) 6 Update 29
    Adobe Flash Player ( 10.2.152.32)

    Herstart je PC opnieuw!

    Vervolgens ga jij eerst met Internet Explorer naar http://get.adobe.com/nl/flashplayer/ om de nieuwste Flasplayer 11.1.102.55 te laten installeren;
    (wil je de [b:b06492cf2e]Gratis Google Toolbar of McAfee Security Scan(optioneel) [/b:b06492cf2e] niet erbij hebben, haal dan eerst het vinkje weg bij die melding!).
    Op deze wijze wordt de Flashplayer niet alleen voor IE maar ook voor Windows geïnstalleerd!

    [b:b06492cf2e]Belangrijk[/b:b06492cf2e]: gebruik je ook andere browsers dan verwijder je eerst via dezelfde weg ook de [b:b06492cf2e]Adobe Flashplayer Plugins[/b:b06492cf2e] en daarna gebruik je dan die andere browsers telkens via hetzelfde internetadres om de nieuwste Flashplayer Plugins te downloaden en na afsluiten van de betreffende browser de nieuwe plugin te installeren!

    Download ook [b:b06492cf2e]Java 7 Update 1 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:b06492cf2e] eerst naar je bureaublad.
    Daarna mag jij de nieuwste Java-versie ook installeren.
  • Lees ook eens dit topic op een ander forum van iemand met hetzelfde probleem.
  • Abraham,

    Ik heb allerlei problemen die ik voor de scans ivm die open poort niet had.

    *)Dropbox zeurt regelmatig dat hij er geen harddisk verbonden is?
    *)Explorer loopt regelmatig vast (Niet de browser)
    *)Armor Online staat vage verbindingen toe zoals
    -D:\(boel blahblah)\Setup.exe (Komt dat van Combofix?, oorsprong is SteelWorx)
    - Zie screenshot
    *)Wifi netwerk schakelt steeds naar "Unidentified network" terwijl mijn SSD nog steeds als hetzelfde staat geidentificeerd maar er wel ineens een ander Wifi Device gevonden wordt.. Ik heb daar helaas nog geen screenshot van

    All and all ben ik niet echt blij…

    Hijackthis log en Combofix log hopenlijk bij gesloten. Hij blijft verbinding zoeken met piratebay maar ik kom daar never nooit?

    [img:eb7fd44cb4]https://lh3.googleusercontent.com/-D3eEsLHtAGY/Tujz2enhEhI/AAAAAAAAAt0/9q-NKoYZrew/s800/melding.jpg[/img:eb7fd44cb4]


    ComboFix 11-12-13.03 - Sander 14-12-2011 19:36:34.4.2 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1033.18.2046.1080 [GMT 1:00]
    Gestart vanuit: c:\users\Sander\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-11-14 to 2011-12-14 ))))))))))))))))))))))))))))))
    .
    .
    2011-12-14 18:41 . 2011-12-14 18:41 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-12-14 18:23 . 2011-12-14 18:23 388096 —-a-r- c:\users\Sander\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-29 23:21 . 2011-11-28 17:51 24408 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-29 23:21 . 2011-11-28 17:53 304472 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-29 23:20 . 2011-11-28 17:52 42328 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-29 23:20 . 2011-11-28 17:52 58712 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-29 23:20 . 2011-11-28 17:54 591192 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-29 23:20 . 2011-11-28 18:01 256960 —-a-w- c:\windows\system32\aswBoot.exe
    2011-11-29 23:20 . 2011-11-28 17:52 66904 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-29 23:19 . 2011-11-28 18:01 41184 —-a-w- c:\windows\avastSS.scr
    2011-11-29 23:19 . 2011-11-28 18:01 199816 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-11-29 23:19 . 2011-11-29 23:19 ——– d—–w- c:\programdata\AVAST Software
    2011-11-29 23:19 . 2011-11-29 23:19 ——– d—–w- c:\program files\AVAST Software
    2011-11-29 23:17 . 2011-12-12 17:26 ——– d—–w- c:\users\Sander\AppData\Local\Adobe
    2011-11-25 20:37 . 2011-11-25 21:07 ——– d—–w- c:\programdata\OnlineArmor
    2011-11-25 20:37 . 2011-11-25 20:37 ——– d—–w- c:\users\Sander\AppData\Roaming\OnlineArmor
    2011-11-25 20:36 . 2011-11-01 10:34 56648 —-a-w- c:\windows\SysWow64\drivers\oahlp64.sys
    2011-11-25 20:36 . 2011-11-01 10:34 59176 —-a-w- c:\windows\SysWow64\drivers\OADriver.sys
    2011-11-25 20:36 . 2011-11-01 10:34 38064 —-a-w- c:\windows\SysWow64\drivers\OAmon.sys
    2011-11-25 20:36 . 2011-11-01 10:34 32920 —-a-w- c:\windows\system32\drivers\OAnet.sys
    2011-11-25 20:36 . 2011-11-29 23:26 ——– d—–w- c:\program files (x86)\Online Armor
    2011-11-25 17:48 . 2011-11-27 11:24 ——– d—–w- c:\program files\COMODO
    2011-11-25 17:48 . 2011-11-25 17:48 1700352 —-a-w- c:\windows\SysWow64\gdiplus.dll
    2011-11-25 17:47 . 2011-11-25 17:48 ——– d—–w- c:\programdata\Comodo Downloader
    2011-11-22 17:50 . 2011-11-22 17:50 ——– d—–w- c:\program files (x86)\ESET
    2011-11-21 17:32 . 2011-11-21 17:35 ——– d—–w- c:\windows\system32\appmgmt
    2011-11-20 22:04 . 2011-11-20 22:04 ——– d—–w- c:\users\Sander\AppData\Roaming\Malwarebytes
    2011-11-20 22:04 . 2011-11-20 22:04 ——– d—–w- c:\programdata\Malwarebytes
    2011-11-20 22:04 . 2011-12-11 10:55 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-20 22:04 . 2011-08-31 16:00 25416 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-20 21:36 . 2011-12-11 02:32 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2011-11-20 21:36 . 2011-12-11 02:32 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2011-11-20 21:19 . 2011-11-20 21:19 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-11-20 21:11 . 2011-06-21 04:09 200976 —-a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-11-20 14:25 . 2011-11-20 14:25 ——– d—–w- c:\users\Sander\AppData\Local\MetaGeek,_LLC
    2011-11-19 14:32 . 2011-11-19 14:32 ——– d—–w- c:\users\Sander\AppData\Local\uTorrent
    2011-11-19 14:08 . 2011-11-19 14:08 ——– d—–w- c:\users\Sander\AppData\Roaming\Overlook
    2011-11-19 14:07 . 2011-11-19 14:07 ——– d—–w- c:\programdata\Overlook
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-11 10:58 . 2011-06-27 19:12 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2011-01-16 15:10 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-29 16:29 . 2011-11-09 18:13 1923952 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 04:03 . 2011-11-09 18:13 3144704 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="d:\adobe\CS4\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="d:\adobe\CS4\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\Sander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2011-11-01 56648]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe [2011-11-01 4363040]
    R2 WLMS;Windows Licensing Monitoring Service;c:\windows\system32\wlms\wlms.exe [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-06-29 25640]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-26 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 136176]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-06-29 30528]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys [2011-11-01 59176]
    S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys [2011-11-01 38064]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe [2011-11-01 207936]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 15:27]
    .
    2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-14 15:27]
    .
    2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677367547-3624079886-4196243676-1000Core.job
    - c:\users\Sander\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 15:27]
    .
    2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677367547-3624079886-4196243676-1000UA.job
    - c:\users\Sander\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 15:27]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 134384 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\Sander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-12 10134560]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
    "@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2011-11-01 2531104]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.nl/
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    uInternet Settings,ProxyOverride = local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{03992723-09C3-4B34-8142-BFAF1A33B640}\3433030324253543: NameServer = 62.177.144.11,82.204.127.40
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-677367547-3624079886-4196243676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-677367547-3624079886-4196243676-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ThunderbirdEML"
    .
    [HKEY_USERS\S-1-5-21-677367547-3624079886-4196243676-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-12-14 19:43:07
    ComboFix-quarantined-files.txt 2011-12-14 18:43
    .
    Pre-Run: 1.835.900.928 bytes free
    Post-Run: 1.881.706.496 bytes free
    .
    - - End Of File - - 3C5A1A7A4F2E0C321BDB31D419368E38
  • En hijack log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:16:22, on 14-12-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    D:\Adobe\CS4\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Online Armor\oaui.exe
    C:\Program Files (x86)\Online Armor\OAhlp.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\CS4\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe\CS4\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - Startup: Dropbox.lnk = Sander\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files (x86)\Online Armor\OAcat.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files (x86)\Online Armor\oasrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\wlms\wlms.exe,-1 (WLMS) - Unknown owner - C:\Windows\system32\wlms\wlms.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10517 bytes
  • Met de door jou geposte logs is niks mis.
    In Online Armor kan je ook handmatig instellingen veranderen!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.