‹‹ 上一主题 | 下一主题 ››
发新话题
分享到新浪微博 分享到QQ空间 打印

[求助] 有没有对Autorun类病毒有研究的

xyz小智

xyz/小x

中等会员[七级]

Rank: 22Rank: 22Rank: 22Rank: 22

俱乐部 PM Pursuer
威望 1
帖子
1293 
精华
1 
积分
3377 
PT币
14915 枚 
热度
48 °C 
贡献值
55 点 

 火球鼠  Lv.29
     
楼主 发表于 2008-11-22 12:32 显示全部帖子
病毒被运行后拷贝自身到系统盘,产生双进程互相守护,在注册表里写入启动项。尝试杀死众多安全软件进程,监控并  关闭与杀毒有关的窗体。通过文件映象劫持来使杀毒软件不能运行,监视注册表的启动和文件,防治被删除。监视U盘,并  写入autorun.inf达到随U盘传播的目的。 [编辑本段]二、病毒基本情况  病毒名称:Virus.Win32.AutoRun.f   病毒别名:帕虫–瑞星,AV终结者–金山,U盘寄生虫–江民  病毒类型:病毒  危害级别:3   感染平台:Windows   病毒大小:91,648 (字节)   SHA1 :c3d1e9c2c682d642a977e8248675cdcc47a17a31   加壳类型:FSG   开发工具:Delphi [编辑本段]三、病毒行为  1、病毒运行后会生成以下文件:   %ProgramFiles%\Common Files\System\tsnqtjn.exe(25099 字节)   %ProgramFiles%\Common Files\Microsoft Shared\crpqluj.exe(25099 字节)   %ProgramFiles%\meex.exe(25099 字节)   %ProgramFiles%\vgmjnhj.inf(169 字节)   在除系统盘外的各盘根目录下生成  autorun.inf(169 字节)   qkkiwvs.exe(25099 字节)   2、删除以下注册表项破坏安全模式:  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-   08002BE10318}\@   HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-   08002BE10318}\@   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-   08002BE10318}\@   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-   08002BE10318}\@   3、添加IFEO映像劫持项:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\360rpt.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\360Safe.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\360tray.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\adam.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\AgentSvr.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\AppSvc32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\ArSwp.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\AST.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\autoruns.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\avconsol.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\avgrssvc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\AvMonitor.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\avp.com   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\avp.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\CCenter.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\ccSvcHst.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\EGHOST.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\FileDsty.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\FTCleanerShell.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\FYFireWall.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\HijackThis.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\IceSword.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\iparmo.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Iparmor.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\isPwdSvc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\kabaload.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KaScrScn.SCR   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KASMain.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KASTask.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAV32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAVDX.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAVPF.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAVPFW.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAVSetup.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KAVStart.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KISLnchr.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KMailMon.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KMFilter.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KPFW32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KPFW32X.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KPfwSvc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KRegEx.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KRepair.com   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KsLoader.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVCenter.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KvDetect.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KvfwMcl.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVMonXP.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVMonXP_1.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\kvol.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\kvolself.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KvReport.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVScan.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVSrvXP.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KVStub.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\kvupload.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\kvwsc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KvXP.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KvXP_1.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KWatch.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KWatch9x.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\KWatchX.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\loaddll.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\MagicSet.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\mcconsol.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\mmqczj.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\mmsk.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Navapsvc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Navapw32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\nod32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\nod32krn.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\nod32kui.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\NPFMntor.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\PFW.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\PFWLiveUpdate.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\QHSET.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\QQDoctor.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\QQKav.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Ras.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Rav.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RavMon.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RavMonD.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RavStub.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RavTask.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RegClean.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\rfwcfg.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\rfwmain.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\rfwsrv.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\RsAgent.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Rsaupd.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\runiep.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\safelive.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\scan32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\shcfg32.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\SmartUp.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\SREng.EXE   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\symlcsvc.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\SysSafe.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\TrojanDetector.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\Trojanwall.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\TrojDie.kxp   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UIHost.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UmxAgent.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UmxAttachment.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UmxCfg.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UmxFwHlp.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UmxPol.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\upiea.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\UpLive.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\USBCleaner.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\vsstat.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\webscanx.exe   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution   Options\WoptiClean.exe   以上键值均指向:%Program Files%\Common Files\\Microsoft Shared\\crpqluj.exe   4、修改系统隐藏属性。  将HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall   下的CheckedValue的值改为0。  5、设置开机自启动。  在HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run下,添加以下内容达到开机自启动的目的:  "qkkiwvs"="C:\\Program Files\\Common Files\\Microsoft Shared\\crpqluj.exe"   "vgmjnhj"="C:\\Program Files\\Common Files\\System\\tsnqtjn.exe"   6、修改注册表,将以下键值改为0x00000004:  HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start   HKLM\System\CurrentControlSet\Services\helpsvc\Start   HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\start   HKLM\System\CurrentControlSet\Services\SharedAccess\Start   来关闭以下服务:   Automatic Updates(允许下载并安装 Windows 更新。如果此服务被禁用,计算机将不能使用 Windows Update 网  站的自动更新功能。)  Help and Support(启用在此计算机上运行帮助和支持中心。如果停止服务,帮助和支持中心将不可用。如果禁用  服务,任何直接依赖于此服务的服务将无法启动。)   Security Center(监视系统安全设置和配置。)   Windows Firewall/Internet Connection Sharing (ICS)(为家庭和小型办公网络提供网络地址转换、寻址、名  称解析和/或入侵保护服务。)  7、产生crpqluj.exe和tsnqtjn.exe两个进程,进程相互守护,监视注册表的启动项和文件,防止启动项和文件被删除。  8、尝试关闭众多杀毒软件进程,监控并关闭与杀毒有关的窗体。  9、监视U盘,并写入autorun.inf和qkkiwvs.exe ,以达到通过U盘传播的目的。
本帖最近评分记录
  • dedede PT币 +50 问题解决 2008-11-22 12:47

炽天使之翼为光辉 光辉为揭露罪恶的纯白 纯白是净化的证据
证据是行动的结果
结果是未来 未来是时间 时间是一律 一律是全部
创造全部的是过去
过去是原因 原因是一个 一个是罪 罪是人
人一害怕惩罚 害怕是罪恶 罪恶在自己体内
自己体内有必须唾弃之物
凭借炽天使之翼揭露自己体内的罪恶 将他们全部排除!

TOP

xyz小智

xyz/小x

中等会员[七级]

Rank: 22Rank: 22Rank: 22Rank: 22

俱乐部 PM Pursuer
威望 1
帖子
1293 
精华
1 
积分
3377 
PT币
14915 枚 
热度
48 °C 
贡献值
55 点 

 火球鼠  Lv.29
     
沙发 发表于 2008-11-22 12:32 显示全部帖子
1、杀死病毒进程。打开超级巡警(因为病毒进行了文件映象劫持,所以要将超级巡警的主程序重命名后才能运行),
  选择进程管理功能,选中crpqluj.exe和tsnqtjn.exe两个进程,然后右键,选择终止标记进程。
  2、清除注册表启动项。删除HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run下的以下键值:
  "qkkiwvs"="C:\\Program Files\\Common Files\\Microsoft Shared\\crpqluj.exe"
  "vgmjnhj"="C:\\Program Files\\Common Files\\System\\tsnqtjn.exe"
  3、修复映象劫持和安全模式启动。打开超级巡警,点安全优化,选择系统修复,选中修复映象劫持和修复安全模式启
  动,然后修复就可以了。
  4、修复系统隐藏属性。将HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Explorer\Advanced\Folder\Hidden\SHOWALL下的”CheckedValue”= dword:00000001
  5、删除病毒文件。清除以下文件:
  %ProgramFiles%\Common Files\System\tsnqtjn.exe
  %ProgramFiles%\Common Files\Microsoft Shared\crpqluj.exe
  %ProgramFiles%\meex.exe
  %ProgramFiles%\vgmjnhj.inf
  各盘根目录下的autorun.inf和qkkiwvs.exe文件。
  6、根据个人需要更改被病毒修改的服务。
  7、不要立即重启电脑,请先启动杀毒软件,升级病毒库,进行全盘扫描。以清除木马下载器下载的其它病毒。
由于此病毒是通过U盘传播的,所以建议使用超级巡警的U盘免疫对U盘进行免疫,并且废除系统的自动运行功能。再将U盘插入到电脑时要对U盘进行杀毒,然后再使用。
本帖最近评分记录
  • dedede PT币 +50 问题解决 2008-11-22 12:47

炽天使之翼为光辉 光辉为揭露罪恶的纯白 纯白是净化的证据
证据是行动的结果
结果是未来 未来是时间 时间是一律 一律是全部
创造全部的是过去
过去是原因 原因是一个 一个是罪 罪是人
人一害怕惩罚 害怕是罪恶 罪恶在自己体内
自己体内有必须唾弃之物
凭借炽天使之翼揭露自己体内的罪恶 将他们全部排除!

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题