瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 有病毒瑞星删除失败,请DGDJ帮忙
模具工人 - 2008-9-19 9:41:00
RootKit.Agent.xj  文件路径C:\WINNT\system32\drivers
Trojan.DL.QQHelper.fjj    文件路径C:\WINNT\system32



还有一个问题,就是打开IE时经常出现如图情况:
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><Internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0\bin\jusched.exe>  []
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Windows木马防火墙><E:\Program Files\ftc\Trojanwall.exe>  [File is missing]
    <Adobe Photo Downloader><"E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe">  [File is missing]
    <xMapBar><C:\Program Files\xM\hide.exe>  [File is missing]
    <RavTask><"e:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
    <yassistse><C:\Program Files\Yahoo!\Assistant\yAssistSe.exe>  [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
    <runeip><"e:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\sstext3d.scr>  [(Verified)Microsoft Windows 2000 Publisher]



用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
模具工人 - 2008-9-19 9:42:00
启动文件夹
[EPSON Status Monitor 3 Environment Check 2]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Status Monitor 3 Environment Check 2.lnk --> C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [SEIKO EPSON CORPORATION]><N>
==================================
服务
[Development / Development Environment Tool][Running/Auto Start]
  <C:\WINNT\ser.exe -NetSata><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Clipboard / Patterns][Others/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\hctxs.dll><N/A>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
  <e:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"e:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[NT Data Provider / SHipING][Stopped/Auto Start]
  <C:\WINNT\SYSTEM32\RUNDLL2KXP.EXE C:\WINNT\SYSTEM32\WBEM\HMJWV.DLL,Export 1087><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[beadghde / beadghde][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\beadghde.sys><N/A>
[bootdrv / bootdrv][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[jooz / joozp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\joozp.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTGDT / NTGDT][Running/System Start]
  <\??\C:\WINNT\system32\Drivers\NTGDT.SYS><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[TDDI / TDDI][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\tddi.sys><SafeNet China Ltd.>
[wrlybwib / wrlybwib][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wrlybwib.sys><Yahoo! China Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, (Signed) Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, (Signed) yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, (Signed) yahoo! china>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINNT\system32\urlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[yFlashDl Class]
  {F166BC04-3C84-44cc-A6E9-2315EC4844B9} <C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll, (Signed) Yahoo! China>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, (Signed) Yahoo! China>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <e:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, (Signed) Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, (Signed) yahoo! china>
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINNT\system32\QQLiveInstaller.dll, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, (Signed) >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <e:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(756).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000}
模具工人 - 2008-9-19 9:49:00
<C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <e:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.755.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(756).dll, Xunlei Networking Technologies,LTD>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <E:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[收藏到QQ书签]
  <http://shuqian.qq.com/favit.html, N/A>
[添加到QQ表情]
  <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 228][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 240][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 464][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 624][E:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [E:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [E:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 268][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929)]
[PID: 692][C:\WINNT\ser.exe]  [N/A, ]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 708][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\system32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 772][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 852][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6920]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1120][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\WINNT\system32\wuaucpl.cpl.mui]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINNT\system32\powercfg.cpl]  [Microsoft Corporation, 5.00.3502.6601]
    [C:\WINNT\system32\ALSNDMGR.CPL]  [Realtek Semiconductor Corp., 1.5.63]
    [C:\WINNT\system32\igfxcpl.cpl]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [e:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [e:\Program Files\PhoXo\ExploreMenu.dll]  [, 1, 0, 0, 1]
[PID: 800][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 952][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.90.1101.0]
[PID: 776][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1212][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.0.16]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1240][C:\Program Files\Java\jre1.5.0\bin\jusched.exe]  [N/A, ]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1292][C:\WINNT\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
[PID: 1308][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
[PID: 1340][E:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [E:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 1364][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 6, 1032]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  [yahoo! china, 3, 0, 6, 1007]
[PID: 1384][C:\Program Files\Yahoo!\Assistant\yAssistSe.exe]  [Yahoo! China, 3, 1, 0, 1013]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 2, 1, 1029]
    [C:\Program Files\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 5, 1007]
    [C:\Program Files\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [C:\Program Files\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 4, 1005]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
[PID: 1400][E:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [E:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [E:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [E:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [E:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [E:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [E:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [E:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [E:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [E:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.33]
    [e:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [e:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [E:\Program Files\Rising\AntiSpyware\pscan.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.53]
    [E:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[PID: 1424][C:\WINNT\system32\Internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1372][C:\Program Files\Microsoft Office\Office\EXCEL.EXE]  [Microsoft Corporation, 9.0.8924]
    [C:\Program Files\Microsoft Office\Office\MSO9.DLL]  [Microsoft Corporation, 9.0.6926]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [e:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [e:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [e:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.20]
    [C:\Program Files\Microsoft Office\Office\msohev.dll]  [Microsoft Corporation, 9.0.3508]
    [C:\WINNT\system32\PINTLGNT.IME]  [Microsoft Corporation, 4.2.32]
    [C:\WINNT\system32\WINABCX.IME]  [PKUETI, 5.22.216]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.1.2600.1147 (xpsp2.021108-1929)]
[PID: 308][E:\Program Files\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [e:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [e:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
[PID: 1924][e:\Program Files\QvodPlayer\QvodTerminal.exe]  [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 54]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [e:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [e:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 584][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [e:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [e:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo! China, 3, 0, 3, 1004]
    [C:\WINNT\system32\wshCHS.DLL]  [Microsoft Corporation, 5.6.0.8515]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll]  [yahoo! china, 3, 5, 1, 1128]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll]  [Yahoo! China, 3, 3, 0, 1035]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [yahoo! china, 3, 0, 7, 1009]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo! China, 3, 0, 5, 1006]
    [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll]  [Yahoo! China, 3, 1, 0, 1011]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo! China, 3, 1, 2, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  [Yahoo! China, 3, 1, 3, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL]  [yahoo! china, 3, 3, 0, 1044]
    [C:\Program Files\Yahoo!\Assistant\Assist\ymailp.dll]  [Yahoo! China, 3, 0, 7, 1013]
    [C:\Program Files\Yahoo!\Assistant\Assist\ymyweb.dll]  [Yahoo! China, 3, 0, 5, 1007]
    [C:\Program Files\Yahoo!\Assistant\Assist\ypagetr.dll]  [, 3, 0, 1, 1006]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  [yahoo! china, 3, 0, 9, 1011]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [E:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINNT\system32\urlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [e:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll]  [Yahoo! China, 3, 1, 1, 1025]
    [C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.90.1101.0]
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  [Yahoo! China, 3, 2, 1, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yoptimum.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  [Yahoo! China, 3, 1, 7, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  [Yahoo! China, 2, 1, 3, 89]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yxpstyle.dll]  [Yahoo! China, 3, 0, 1, 1001]
[PID: 2184][E:\新建文件夹\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 728][E:\新建文件夹\sreng2\SREc1046fe1.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [e:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [e:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [E:\新建文件夹\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
模具工人 - 2008-9-19 9:50:00
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1372, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1924, E:\PROGRAM FILES\QVODPLAYER\QVODTERMINAL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, E:\新建文件夹\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x00C7569D)
入口点错误:NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x00C7583D)
入口点错误:NtLoadDriver (危险等级: 高,  被下面模块所HOOK: 0x00C75F8D)
入口点错误:NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x00C7590D)
入口点错误:NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x00C7576D)
入口点错误:ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x00C7569D)
入口点错误:ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x00C7583D)
入口点错误:ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x00C7590D)
入口点错误:ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x00C7576D)
入口点错误:CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x00C75C4D)
入口点错误:CreateServiceW (危险等级: 高,  被下面模块所HOOK: 0x00C75D1D)
入口点错误:LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x00C7694D)
入口点错误:LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x00C7551D)
入口点错误:CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x00C7646D)
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00C7687D)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00C766DD)
神之影子 - 2008-9-19 13:29:00
瑞星+卡卡安全模式下杀毒
模具工人 - 2008-9-19 14:41:00


引用:
原帖由 神之影子 于 2008-9-19 13:29:00 发表
瑞星+卡卡安全模式下杀毒


没用啊,手工也删不掉染毒文件
非拉鐵非 - 2008-9-21 16:36:00
把那可疑文件
上报瑞星分析http://up.rising.com.cn/webmail/uploadnew.htm

并说明【杀毒失败】
炫橴銥 - 2008-9-22 15:19:00
进入安全模式用瑞星试试
1
查看完整版本: 有病毒瑞星删除失败,请DGDJ帮忙
© 2000 - 2026 Rising Corp. Ltd.