📄 vclmain.pas
字号:
unit VclMain;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, Clipbrd, Tlhelp32, Registry, Buttons, ExtCtrls, ComCtrls, WinSkinData;
type
TForm1 = class(TForm)
StatusBar1: TStatusBar;
Panel1: TPanel;
SpeedButton1: TSpeedButton;
SpeedButton2: TSpeedButton;
SkinData1: TSkinData;
TaskList: TListBox;
SpeedButton3: TSpeedButton;
Timer1: TTimer;
GroupBox1: TGroupBox;
Console: TMemo;
SpeedButton4: TSpeedButton;
procedure SpeedButton2Click(Sender: TObject);
procedure SpeedButton1Click(Sender: TObject);
procedure SpeedButton3Click(Sender: TObject);
procedure SpeedButton4Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
procedure DelVirusFile(AFile: String);
function RepairRegedit: Boolean;
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
gWinPath: String;
implementation
{$R *.dfm}
function FindProcByName(AProc: String): THandle;
var
hHandle: THandle;
PE32: TProcessEntry32;
bFind: Boolean;
begin
Result := 0;
hHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hHandle <= 0 then
begin
Exit;
end;
PE32.dwSize := SizeOf(TProcessEntry32);
bFind := Process32First(hHandle, PE32);
while bFind do
begin
if (UpperCase(AProc) = UpperCase(PE32.szExeFile)) or
(UpperCase(AProc) = UpperCase(ExtractFileName(PE32.szExeFile))) then
begin
Result := PE32.th32ProcessID;
Exit;
end;
bFind := Process32Next(hHandle, PE32);
end;
end;
function KillTaskByProc(AProc: THandle): Boolean;
var
hHandle: THandle;
begin
Result := False;
hHandle := OpenProcess(PROCESS_TERMINATE, False, AProc);
if hHandle <= 0 then
begin
Exit;
end;
Result := TerminateProcess(hHandle, 0);
end;
function KillTaskByName(ATask: String): Integer;
var
hHandle, hProc: THandle;
PE32: TProcessEntry32;
bFind: Boolean;
begin
Result := 0;
hHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hHandle <= 0 then
begin
Result := hHandle;
Exit;
end;
PE32.dwSize := SizeOf(TProcessEntry32);
bFind := Process32First(hHandle, PE32);
while bFind do
begin
if (UpperCase(ATask) = UpperCase(PE32.szExeFile)) or
(UpperCase(ATask) = UpperCase(ExtractFileName(PE32.szExeFile))) then
begin
hProc := OpenProcess(PROCESS_TERMINATE, False, PE32.th32ProcessID);
TerminateProcess(hProc, 0);
end;
bFind := Process32Next(hHandle, PE32);
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
Sleep(500);
SpeedButton1Click(Sender);
Sleep(500);
end;
procedure TForm1.DelVirusFile(AFile: String);
var
iErr: Integer;
begin
if DeleteFile(AFile) then
begin
Console.Lines.Add(' ' + ExtractFileName(AFile) + '删除成功!');
Exit;
end;
iErr := GetLastError;
Console.Lines.Add(' ' + ExtractFileName(AFile) + '删除失败:' + IntToStr(iErr));
if iErr = 2 then Exit;
RenameFile(AFile, AFile + '.bak');
Console.Lines.Add(' ' + ExtractFileName(AFile) + '重命名!' + IntToStr(GetLastError));
end;
function TForm1.RepairRegedit: Boolean;
var
Regist: TRegistry;
begin
Result := True;
Regist := TRegistry.Create;
try
Regist.RootKey := HKEY_USERS;
if Regist.OpenKey('.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System', True) then
begin
Regist.WriteInteger('DisableTaskMgr', 0);
Regist.WriteInteger('DisableRegistryTools', 0);
end;
Regist.RootKey := HKEY_CURRENT_USER;
if Regist.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\System', True) then
begin
Regist.WriteInteger('DisableTaskMgr', 0);
Regist.WriteInteger('DisableRegistryTools', 0);
end;
Regist.RootKey := HKEY_LOCAL_MACHINE;
if Regist.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run', True) then
begin
Regist.DeleteValue('ExFilter');
Regist.DeleteValue('Select Server');
Regist.DeleteValue('mssysint');
Regist.DeleteValue('Windows Management Instrumentation');
end;
except
Result := False;
end;
Regist.CloseKey;
Regist.Free;
end;
procedure TForm1.SpeedButton2Click(Sender: TObject);
begin
ClipBoard.Clear;
ClipBoard.SetTextBuf(TaskList.Items.GetText);
end;
procedure TForm1.SpeedButton1Click(Sender: TObject);
var
I: Integer;
hHandle: THandle;
PE32: TProcessEntry32;
bFind: Boolean;
begin
I := TaskList.ItemIndex;
TaskList.Items.Clear;
hHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hHandle <= 0 then
begin
Exit;
end;
PE32.dwSize := SizeOf(TProcessEntry32);
bFind := Process32First(hHandle, PE32);
while bFind do
begin
TaskList.Items.Add(PE32.szExeFile);
bFind := Process32Next(hHandle, PE32);
end;
TaskList.ItemIndex := I;
if (TaskList.Count > 0) and (TaskList.ItemIndex < 0) then
TaskList.Selected[0] := True;
end;
procedure TForm1.SpeedButton3Click(Sender: TObject);
begin
if TaskList.ItemIndex >= 0 then
begin
KillTaskByName(TaskList.Items[TaskList.ItemIndex]);
Sleep(10);
SpeedButton1Click(Sender);
end;
end;
procedure TForm1.SpeedButton4Click(Sender: TObject);
var
hProc: THandle;
begin
Console.Clear;
Console.Lines.Add('STEP1: 终止wmimgr.exe进程');
hProc := FindProcByName('wmimgr.exe');
if hProc <= 0 then
Console.Lines.Add(' 查找进程失败:' + IntToStr(GetLastError))
else if not KillTaskByProc(hProc) then
Console.Lines.Add(' 终止进程失败:' + IntToStr(GetLastError))
else
Console.Lines.Add(' 程序执行成功!');
Console.Lines.Add('STEP2: 终止comime.exe进程');
hProc := FindProcByName('comime.exe');
if hProc <= 0 then
Console.Lines.Add(' 查找进程失败:' + IntToStr(GetLastError))
else if not KillTaskByProc(hProc) then
Console.Lines.Add(' 终止进程失败:' + IntToStr(GetLastError))
else
Console.Lines.Add(' 程序执行成功!');
Sleep(100);
Console.Lines.Add('STEP3: 删除病毒文件');
DelVirusFile(gWinPath + '\System32\slserv.exe');
DelVirusFile(gWinPath + '\System32\slcsvr.exe');
DelVirusFile(gWinPath + '\System32\slrundll.exe');
DelVirusFile(gWinPath + '\System32\hookdll.dll');
DelVirusFile(gWinPath + '\System32\wbem\dhelp.dll');
DelVirusFile(gWinPath + '\System32\dhelp.dll');
DelVirusFile(gWinPath + '\System32\wmimgr.exe');
DelVirusFile(gWinPath + '\System32\comime.exe');
DelVirusFile(gWinPath + '\System32\msinthk.dll');
DelVirusFile(gWinPath + '\dhelp.dll');
Console.Lines.Add('STEP4: 恢复注册表');
if RepairRegedit then
Console.Lines.Add(' 注册表恢复成功!')
else
Console.Lines.Add(' 注册表恢复失败!');
end;
var
aBuf: Array[0..MAX_PATH] of Char;
initialization
GetWindowsDirectory(aBuf, MAX_PATH);
gWinPath := aBuf;
finalization
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -