WMI 连接远程计算机并进行局域网进程扫描

标签：

On Error Resume Next

Dim myArray(231)

myArray(0)="smss.exe"
myArray(1)="csrss.exe"
myArray(2)="winlogon.exe"
myArray(3)="services.exe"
myArray(4)="lsass.exe"
myArray(5)="svchost.exe"
myArray(6)="ccsetmgr.exe"
myArray(7)="ccevtmgr.exe"
myArray(8)="spbbcsvc.exe"
myArray(9)="spoolsv.exe"
myArray(10)="repsvc.exe"
myArray(11)="defwatch.exe"
myArray(12)="dwrcs.exe"
myArray(13)="mdm.exe"
myArray(14)="savroam.exe"
myArray(15)="rtvscan.exe"
myArray(16)="ccmexec.exe"
myArray(17)="wmiprvse.exe"
myArray(18)="explorer.exe"
myArray(19)="dwrcst.exe"
myArray(20)="ccapp.exe"
myArray(21)="vptray.exe"
myArray(22)="outlook.exe"
myArray(23)="pcsws.exe"
myArray(24)="ctfmon.exe"
myArray(25)="msmsgs.exe"
myArray(26)="xdict.exe"
myArray(27)="pcscm.exe"
myArray(28)="winword.exe"
myArray(29)="wuauclt.exe"
myArray(30)="rundll32.exe"
myArray(31)="hkcmd.exe"
myArray(32)="excel.exe"
myArray(33)="wisptis.exe"
myArray(34)="wnwb.exe"
myArray(35)="lingoes.exe"
myArray(36)="acs_ln.exe"
myArray(37)="hpgs2wnd.exe"
myArray(38)="hpgs2wnf.exe"
myArray(39)="mnmsrvc.exe"
myArray(40)="conime.exe"
myArray(41)="wzqkpick.exe"
myArray(42)="smax4pnp.exe"
myArray(43)="dntus26.exe"
myArray(44)="wdkeymonitorccb.exe"
myArray(45)="wzcsldr2.exe"
myArray(46)="packone.exe"
myArray(47)="iexplore.exe"
myArray(48)="igfxpers.exe"
myArray(49)="igfxsrvc.exe"
myArray(50)="jusched.exe"
myArray(51)="jqs.exe"
myArray(52)="ati2evxx.exe"
myArray(53)="igfxtray.exe"
myArray(54)="winzip32.exe"
myArray(55)="ravmond.exe"
myArray(56)="inetinfo.exe"
myArray(57)="liveupdate360.exe"
myArray(58)="googlepinyindaemon.exe"
myArray(59)="eyefoo.exe"
myArray(60)="360sd.exe"
myArray(61)="googlepinyinservice.exe"
myArray(62)="360rp.exe"
myArray(63)="wscript.exe"
myArray(64)="notepad.exe"
myArray(65)="cmd.exe"
myArray(66)="fxcalendar.exe"
myArray(67)="payroll2.exe"
myArray(68)="antiu.exe"
myArray(69)="googletoolbarnotifier.exe"
myArray(70)="doscan.exe"
myArray(71)="userinit.exe"
myArray(72)="360antiarp.exe"
myArray(73)="sqlservr.exe"
myArray(74)="sqlbrowser.exe"
myArray(75)="sqlwriter.exe"
myArray(76)="ukeymonitor.exe"
myArray(77)="360se.exe"
myArray(78)="haikeysrv.exe"
myArray(79)="ekey_cli.exe"
myArray(80)="icbcbatchclient.exe"
myArray(81)="orderreminder.exe"
myArray(82)="msiexec.exe"
myArray(83)="360safe.exe"
myArray(84)="360tray.exe"
myArray(85)="applemobiledeviceservice.exe"
myArray(86)="asfipmon.exe"
myArray(87)="certregx.exe"
myArray(88)="cwblmsrv.exe"
myArray(89)="ebomain.exe"
myArray(90)="g2comm.exe"
myArray(91)="g2pre.exe"
myArray(92)="g2svc.exe"
myArray(93)="g2tray.exe"
myArray(94)="hpwuschd2.exe"
myArray(95)="iaanotif.exe"
myArray(96)="iaantmon.exe"
myArray(97)="ijplmsvc.exe"
myArray(98)="isuspm.exe"
myArray(99)="javaw.exe"
myArray(100)="ktengine.exe"
myArray(101)="lpdaemon.exe"
myArray(102)="msnmsgr.exe"
myArray(103)="mspview.exe"
myArray(104)="postgres.exe"
myArray(105)="pphbuf.exe"
myArray(106)="pphidpad.exe"
myArray(107)="rapimgr.exe"
myArray(108)="rj.communicationserver.exe"
myArray(109)="rj.easy.exe"
myArray(110)="rthdcpl.exe"
myArray(111)="safeboxtray.exe"
myArray(112)="seaport.exe"
myArray(113)="statusclient.exe"
myArray(114)="stormliv.exe"
myArray(115)="tssb.exe"
myArray(116)="wfcrun32.exe"
myArray(117)="ois.exe"
myArray(118)="mspscan.exe"
myArray(119)="fastaitimhelper.exe"
myArray(120)="wdfmgr.exe"
myArray(121)="360leakfixer.exe"
myArray(122)="360sdupd.exe"
myArray(123)="acdsee.exe"
myArray(124)="acrord32.exe"
myArray(125)="acrord32info.exe"
myArray(126)="adobearm.exe"
myArray(127)="adobeupdater.exe"
myArray(128)="agent.exe"
myArray(129)="agentserviceinvoker.exe"
myArray(130)="agentsvr.exe"
myArray(131)="alproc.exe"
myArray(132)="atiptaxx.exe"
myArray(133)="calc.exe"
myArray(134)="cbtray.exe"
myArray(135)="cidaemon.exe"
myArray(136)="cisvc.exe"
myArray(137)="clipsrv.exe"
myArray(138)="cnab5rpk.exe"
myArray(139)="custom.exe"
myArray(140)="cwbinhlp.exe"
myArray(141)="cwbtf.exe"
myArray(142)="cwbunplp.exe"
myArray(143)="davcdata.exe"
myArray(144)="defrag.exe"
myArray(145)="dfrgntfs.exe"
myArray(146)="dllhost.exe"
myArray(147)="drawobj.exe"
myArray(148)="dsagnt.exe"
myArray(149)="dumprep.exe"
myArray(150)="dvdlauncher.exe"
myArray(151)="dwhwizrd.exe"
myArray(152)="dwrcc.exe"
myArray(153)="dwwin.exe"
myArray(154)="epsmon.exe"
myArray(155)="fontserver.exe"
myArray(156)="freecell.exe"
myArray(157)="fxssvc.exe"
myArray(158)="handwriting.exe"
myArray(159)="haozip.exe"
myArray(160)="hasplms.exe"
myArray(161)="helpsvc.exe"
myArray(162)="hh.exe"
myArray(163)="hpbpro.exe"
myArray(164)="hpcmpmgr.exe"
myArray(165)="hpqscnvw.exe"
myArray(166)="hpztsb10.exe"
myArray(167)="hz_commsrv.exe"
myArray(168)="iexplor.exe"
myArray(169)="imeutil.exe"
myArray(170)="itvs.exe"
myArray(171)="kaqsvc.exe"
myArray(172)="kdwin.exe"
myArray(173)="ksdsvc.exe"
myArray(174)="kswebshield.exe"
myArray(175)="livesrv.exe"
myArray(176)="lservnt.exe"
myArray(177)="lucoms~1.exe"
myArray(178)="mashmaro.exe"
myArray(179)="mdnsresponder.exe"
myArray(180)="mplayerc.exe"
myArray(181)="msconfig.exe"
myArray(182)="msnchk.exe"
myArray(183)="msohtmed.exe"
myArray(184)="mspocrdc.exe"
myArray(185)="mstsc.exe"
myArray(186)="nclrssrv.exe"
myArray(187)="nclusbsrv.exe"
myArray(188)="netdde.exe"
myArray(189)="ocserv.exe"
myArray(190)="ose.exe"
myArray(191)="payroll2_jj.exe"
myArray(192)="penmin.exe"
myArray(193)="pg_ctl.exe"
myArray(194)="pinyinup.exe"
myArray(195)="postmaster.exe"
myArray(196)="ravcopy.exe"
myArray(197)="rdpclip.exe"
myArray(198)="reader_sl.exe"
myArray(199)="repgui.exe"
myArray(200)="scardsvr.exe"
myArray(201)="searchfilterhost.exe"
myArray(202)="searchindexer.exe"
myArray(203)="searchprotocolhost.exe"
myArray(204)="servicelayer.exe"
myArray(205)="shmgrate.exe"
myArray(206)="smartupg.exe"
myArray(207)="sndvol32.exe"
myArray(208)="spider.exe"
myArray(209)="spkrmon.exe"
myArray(210)="spnsrvnt.exe"
myArray(211)="srvalproc.exe"
myArray(212)="startupmonitor.exe"
myArray(213)="stormtray.exe"
myArray(214)="svcadmin.exe"
myArray(215)="systrayicon.exe"
myArray(216)="taskmgr.exe"
myArray(217)="tlntsvr.exe"
myArray(218)="tradecardse1.exe"
myArray(219)="txopshow.exe"
myArray(220)="valucore.exe"
myArray(221)="verclsid.exe"
myArray(222)="vpdaemon.exe"
myArray(223)="wcescomm.exe"
myArray(224)="wfica32.exe"
myArray(225)="wiaacmgr.exe"
myArray(226)="windowssearch.exe"
myArray(227)="winvnc.exe"
myArray(228)="wnie.exe"
myArray(229)="xcommsvr.exe"
myArray(230)="zhudongfangyu.exe"

Set objFSO = CreateObject("Scripting.FileSystemObject")

do
 Set objPC = objFSO.OpenTextFile("C:\pc.txt", 1)

 Set objRs = objFSO.OpenTextFile("C:\rs.txt", 8)

 Do While objPC.AtEndOfStream = False

  host = objPC.ReadLine

  Set WshShell = WScript.CreateObject("WScript.Shell")

  Ping = WshShell.Run("ping -n 1 " & host, 0, True)

  if Ping = 0 then

   WshShell.Run "net use \\" & host & "\ipc$ Aa123456 /user:ln-tf\liaobin", 0, True

   set bag=GetObject("winmgmts:\\"& host &"\root\cimv2")

   if bag <> nothing then

    set pipe=bag.execquery("select ExecutablePath, Name from win32_process where name like ‘%.exe‘")

    for each i in pipe
     bEx = false
     For Each present In myArray
      if lcase(i.name) = present then
       bEx = true
      end if
     Next
     if bEx = false then
      objRs.Writeline(now() & "|" & host & "|" & i.name & "|" & i.ExecutablePath)
     end if
    next
   else

    objRs.Writeline(host & " is denied")
   end if

   set bag=nothing

   WshShell.Run "net use \\" & host & "\ipc$ /delete", 0, True
  else

   objRs.Writeline(host & " is outline")

  end if

  Set WshShell = nothing

 Loop

 objRs.Close

 set objRs = nothing

 objPC.Close

 set objPC = nothing

 wscript.sleep 60000

loop

Set objFSO = nothing

WMI 连接远程计算机并进行局域网进程扫描

标签：

原文地址：http://www.cnblogs.com/lbnnbs/p/4784937.html