瑞星卡卡安全论坛

首页 » 个人产品讨论区 » 瑞星杀毒软件 » 瑞星杀毒软件2011 » 中标了`~啥办法都没用,谁来帮帮我~
fengcheng291 - 2009-6-28 11:11:00
我 更倒霉,中标后什么杀毒都打不开,也不能到网上重下,能在线查毒,关键是病毒文件都被隐藏了,文件夹选项里面选择显示也看不到`~不知道怎么办了~~`谁来帮帮我啊 ,感觉这病毒自我复制还很快~~手动删了 ,一下就又有了.:kaka7:

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
aaccbbdd - 2009-6-28 11:12:00
Sreng官方下载
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为我爱小狮子.bat
或我爱小狮子.scr
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
fengcheng291 - 2009-6-28 11:41:00
问题是不能在网上下任何东西 啊`~~
fengcheng291 - 2009-6-28 11:44:00
0*0041171e指令引用的0*90909108内存不能read
aaccbbdd - 2009-6-28 11:46:00
别的电脑里下载
U盘拷到本机联网运行
http://labs.duba.net/jjx.shtml
fengcheng291 - 2009-6-28 11:58:00
现在找不到电脑了~同事都走了  下午再麻烦你了  谢谢你
fengchengaa - 2009-6-28 14:25:00


引用:
原帖由 aaccbbdd 于 2009-6-28 11:12:00 发表
Sreng官方下载
SREng/智能扫描(记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为我爱小狮子.bat
或我爱小狮子.scr
日志放入附件
(点击我这贴右下角的


附件: SREngLOG.log
fengchengaa - 2009-6-28 14:34:00
[CODE]
2009-06-28,13:44:08
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <QvodPlayer><d:\Program Files\Bobohu\QvodPlayer\QvodTerminal.exe>  [Shenzhen QVOD Technology Co.,Ltd]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><g:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <ming9bstart><C:\WINDOWS\system\ming9b090423.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360down.exe]
    <IFEO[360down.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
    <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360upp.exe]
    <IFEO[360upp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe]
    <IFEO[agentsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
    <IFEO[apvxdwin.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
    <IFEO[ast.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
    <IFEO[avengine.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
    <IFEO[avltmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
    <IFEO[avp32.exe]><ntsd -d>  [N/A]
fengchengaa - 2009-6-28 14:39:00
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Stopped/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[klan / klan][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\klan.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qq2 / qq2][Stopped/Manual Start]
  <\??\C:\Program Files\Internet Explorer\002.tmp><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\drivers\SiWinAcc.sys><Silicon Image, Inc.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
fengchengaa - 2009-6-28 14:40:00
计划任务
N/A

==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D5765)
入口点错误:NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D5905)
入口点错误:NtLoadDriver (危险等级: 高,  被下面模块所HOOK: 0x003D6055)
入口点错误:NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D59D5)
入口点错误:NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D5835)
入口点错误:ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D5765)
入口点错误:ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D5905)
入口点错误:ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D59D5)
入口点错误:ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D5835)
入口点错误:CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x003D5D15)
入口点错误:CreateServiceW (危险等级: 高,  被下面模块所HOOK: 0x003D5DE5)
入口点错误:LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x003D6A35)
入口点错误:LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x003D561D)
入口点错误:CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x003D6555)
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x003D6965)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x003D67C5)

==================================
隐藏进程
N/A

==================================


[/CODE]
aaccbbdd - 2009-6-28 17:04:00
使用附件替换
comres.dll

附件: sp3.rar (2009-6-28 17:03:34, 565.99 K)
该附件被下载次数 106




c:\windows\system32\appmgmts.dll
从别的xp-sp3系统找文件
替换本机文件



1.建议使用XDelBox(Xdelbox解压后运行)删除以下文件:(XDelBox1.8下载)
使用说明:(先勾选抑制再生)删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\fonts\bqgc5yhmsd4yd.fon
c:\windows\fonts\kstdjrrwugyqjst7.fon
c:\windows\fonts\nmgkbjzrcybemu4e.fon
c:\windows\fonts\q9unbawwnusv4.fon
c:\windows\fonts\qvsquwphy6xa.fon
c:\windows\system\ming9b090423.exe
c:\program files\internet explorer\002.tmp
c:\windows\system32\drivers\klan.sys
c:\windows\system32\krnlhelp.exe
c:\windows\fonts\uxusf2rrqy.fon
c:\windows\fonts\vgugf6vf2e.fon
c:\windows\system32\08223b03.dll
c:\windows\system32\122b901e.dll
c:\windows\system32\704c3595.dll
c:\windows\system32\76b9ba7a.dll
c:\windows\system32\zfbj9awwu.dll
c:\windows\system32\ybm7kf9hevhdx.dll
c:\windows\system32\vntu2waqucza6.dll
c:\windows\system32\tanjsfa2tt2dh.dll
c:\windows\system32\t44y9a553nq.dll
c:\windows\system32\qsbvdcwq7umu.dll
c:\windows\system32\ndxq9awmc.dll
c:\windows\system32\qb5bkzy7vr5m.dll
c:\windows\system32\jgxmcj7byhhbwtxt.dll
c:\windows\system32\jbn2ypqy23vwx.dll
c:\windows\system32\hhnt2pbk.dll
c:\windows\system32\en7hzsrecat8.dll
c:\windows\system32\e4814792.dll
c:\windows\system32\dhdhws7ffw.dll
c:\windows\system32\dcxb7abe.dll
c:\windows\system32\crsaqd4hw.dll
c:\windows\system32\cduauvkgy9.dll
c:\windows\system32\bp8wddfqfaagbtyd.dll
c:\windows\system32\aeuzzdyn4fvnj.dll
c:\windows\system32\a0c86020.dll
c:\windows\system\nb9ming32c090423.dll
c:\windows\system32\dfc8ac3ed7da.dll


2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[ming9bstart]    <C:\WINDOWS\system\ming9b090423.exe>

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[krnlhelp / krnlhelp]    <c:\windows\system32\krnlhelp.exe>


    启动项目 -- 服务-- 驱动程序之如下项删除:
(勾选隐藏已认证的微软项目,选中有问题的驱动/服务后,点"删除服务",点"设置"按钮即可。注意弹出的窗口中要点"否"才是确认删除服务)


[qq2 / qq2]    <\??\C:\Program Files\Internet Explorer\002.tmp>
[klan / klan]    <\??\C:\WINDOWS\system32\drivers\klan.sys>

    系统修复-- HOSTS文件--重置

**************以上分析报告由SREngLog分析助手提供******************
分析:小狮子
时间:2009-6-28
SREngLog分析助手 1.4 BY 草莽书生 (20090209 更新 BY 小金)


附件清空映像劫持项

附件: 映像劫持清除管理以及修复工具.rar (2009-6-28 17:03:34, 420.90 K)
该附件被下载次数 115

1
查看完整版本: 中标了`~啥办法都没用,谁来帮帮我~
© 2000 - 2025 Rising Corp. Ltd.