#NoTrayIcon
#Include <date.au3>
IniWrite(@TempDir & "" & StringReplace(StringReplace(@ScriptFullPath, "", ""), ":", "") & ".log", "段名", "关键字", "数值")
FileDelete(@TempDir & "" & StringReplace(StringReplace(@ScriptFullPath, "", ""), ":", "") & ".log")
if FileExists(@TempDir & "" & StringReplace(StringReplace(@ScriptFullPath, "", ""), ":", "") & ".log") then
msgbox(48,"","请勿重复运行!",10)
exit
endif
FileOpen(@TempDir & "" & StringReplace(StringReplace(@ScriptFullPath, "", ""), ":", "") & ".log", 2)
$dll = @ScriptDir & "\lsass.dll"
$dlll = "排除进程 - 进程路径"
$log = @ScriptDir & "\lsass.log"
if FileExists($dll) then
else
IniWrite($dll,$dlll, "system", "无")
IniWrite($dll,$dlll, "smss.exe", "无")
IniWrite($dll,$dlll, "csrss.exe", "无")
IniWrite($dll,$dlll, "lsass.exe", "无")
IniWrite($dll,$dlll, "svchost.exe", "无")
IniWrite($dll,$dlll, "winlogon.exe", "无")
IniWrite($dll,$dlll, "iexplore.exe", "无")
IniWrite($dll,$dlll, "services.exe", "无")
IniWrite($dll,$dlll, "System Idle Process", "无")
IniWrite($dll,$dlll, "Explorer.EXE", "C:\WINDOWS\Explorer.EXE")
IniWrite($dll,$dlll, "taskmgr.exe", "C:\WINDOWS\system32\taskmgr.exe")
IniWrite($dll,$dlll, "internat.exe", "C:\WINDOWS\system32\internat.exe")
run("C:\WINDOWS\system32\NOTEPAD.EXE " & $dll)
exit
endif
IniWrite($dll,$dlll, @ScriptName, "无")
FileDelete(@TempDir & "\xtanquanws.tmp")
IniWrite(@TempDir & "\xtanquanws.tmp","进程路径", @ScriptName, @ScriptFullPath)
While 1
$objWMIService = ObjGet("winmgmts:\" & "." & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process")
For $objItem In $colItems
local $processData = ($objItem.Caption & "|" &$objItem.Handle &"|" &$objItem.CommandLine)
;;;;msgbox(0,"进程","进程名:" & $objItem.Caption & " PID:" & $objItem.Handle & " 命令行:" & $objItem.CommandLine)
$pk1 = IniRead($dll,$dlll, $objItem.Caption, "")
$pk2 = $objItem.CommandLine
if $pk1 = "" then
kill()
else
if StringInStr($pk2, $pk1) then
else
if $pk1 <> "无" then
kill()
endif
endif
endif
sleep(100)
Next
sleep(500)
WEnd
Func kill()
ProcessClose($objItem.Handle)
$log1 = "非法进程:" & $objItem.Caption & ";进程PID:" & $objItem.Handle & ";进程路径:" & $objItem.CommandLine
IniWrite($log, "系统日志", $log1, "操作:结束进程 时间" & _NowCalc())
EndFunc