收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 虚拟机讨论区 Shadow Defender影子卫士排除火绒的方法
返回列表 发新帖
查看: 9808|回复: 5
收起左侧

[讨论] Shadow Defender影子卫士排除火绒的方法

[复制链接]
taotao666666
发表于 2020-1-19 13:02:40 | 显示全部楼层 |阅读模式
利用IObit Uninstaller Pro监控火绒安装文件路径,注册表路径,然后根据路径信息在Shadow Defender中逐一排除。自测目前更新没有发现问题,如果说方法正确,那么排除所有的杀软或者说软件更新应该都是可行的。本人小白,不懂。还请各位大神测试




软件信息

显示名称: 火绒安全软件
出版商: 北京火绒网络科技有限公司
版本: 5.0
注册表项: 71
文件: 111
总大小: 43.8 MB
安装日期: 2020/1/19 0:51:48
安装包: C:\Users\海\Downloads\sysdiag-all-5.0.36.5.exe
目录: -
安装持续时间: 14 seconds


注册表值

HKEY_CURRENT_USER\Software\Huorong\Sysdiag|Value|InstallPath
HKEY_CURRENT_USER\Software\Huorong\Sysdiag
HKEY_CURRENT_USER\Software\Huorong
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong\Sysdiag\app|Value|DataPath
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong\Sysdiag\app|Value|InstallTime
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong\Sysdiag\app|Value|UpdateLink
HKEY_LOCAL_MACHINE\Software\Huorong\Sysdiag\app
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong\Sysdiag|Value|InstallPath
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong\Sysdiag
HKEY_LOCAL_MACHINE\SOFTWARE\Huorong
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Value|Sysdiag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag|Value|VersionMinor
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96C-E325-11CE-BFC1-08002BE10318}|Value|UpperFilters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}|Value|UpperFilters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\HipsDaemon|Value|(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\HipsDaemon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HipsDaemon|Value|Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon|Value|Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrdevmon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv|Value|Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hrwfpdrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\config|Value|ProtectDirs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\config|Value|ProtectKeys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\config|Value|TrampoLib
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\config|Value|TrampoLib64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\Instances\sysdiag|Value|Altitude
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\Instances\sysdiag|Value|Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\Instances\sysdiag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\Instances|Value|DefaultInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag\Instances
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|DebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|DisplayName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag|Value|Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sysdiag
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HipsDaemon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hrdevmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hrwfpdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sysdiag\config
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sysdiag


文件

C:\Program Files (x86)\Huorong
C:\Program Files (x86)\Huorong\Sysdiag
C:\Program Files (x86)\Huorong\Sysdiag\bin
C:\Program Files (x86)\Huorong\Sysdiag\bin\Autoruns.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\autoruns.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\behavior.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\BugReport.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\cleaneng.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\CrashDump.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\CrashHandler.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\daemon.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\DuiLib.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\FileShred.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\FileShred.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\HipsDaemon.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\HipsDB.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HipsLog.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\HipsMain.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\HipsTray.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\hrcomm.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRConfig.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRConfig.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRShell.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRShell-x64.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HrShredShell.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HrShredShell-x64.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRSword.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\HRUpdate.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\jansson.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\leakrepair.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\leakrepair.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\libcobra.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\libcodecs.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\libcurl.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\libvxf.dat
C:\Program Files (x86)\Huorong\Sysdiag\bin\libvxf.tdl
C:\Program Files (x86)\Huorong\Sysdiag\bin\libvxf.vdl
C:\Program Files (x86)\Huorong\Sysdiag\bin\libvxf.vds
C:\Program Files (x86)\Huorong\Sysdiag\bin\libxscore.bundle
C:\Program Files (x86)\Huorong\Sysdiag\bin\libxsse.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\log.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\main.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\NetDiag.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\NetDiag.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\NetFlow.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\NetFlow.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\PopBlkEng.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\PopBlock.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\popblock.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\popup.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\rclick.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\repaireng.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\repairhelper-x64.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\RightClickMan.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\scenter.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\sqlite.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\SysClean.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\SysClean.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\SysDiag.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\SysDiag.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\uactmon.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\update.ui
C:\Program Files (x86)\Huorong\Sysdiag\bin\upgrade.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\usysdiag.dll
C:\Program Files (x86)\Huorong\Sysdiag\bin\usysdiag.exe
C:\Program Files (x86)\Huorong\Sysdiag\bin\wsctrl.exe
C:\Program Files (x86)\Huorong\Sysdiag\LICENSE.3rd
C:\Program Files (x86)\Huorong\Sysdiag\LICENSE.libcodecs
C:\Program Files (x86)\Huorong\Sysdiag\LICENSE.libdt
C:\Program Files (x86)\Huorong\Sysdiag\uninst.exe
C:\Program Files (x86)\Huorong\Sysdiag\VERSION
C:\ProgramData\Huorong
C:\ProgramData\Huorong\Sysdiag
C:\ProgramData\Huorong\Sysdiag\config.db
C:\ProgramData\Huorong\Sysdiag\db
C:\ProgramData\Huorong\Sysdiag\db\appprot.db
C:\ProgramData\Huorong\Sysdiag\db\autoruns.db
C:\ProgramData\Huorong\Sysdiag\db\behav.db
C:\ProgramData\Huorong\Sysdiag\db\hips.db
C:\ProgramData\Huorong\Sysdiag\db\hrfw.db
C:\ProgramData\Huorong\Sysdiag\db\ipflt.db
C:\ProgramData\Huorong\Sysdiag\db\ipproto.db
C:\ProgramData\Huorong\Sysdiag\db\leakrepair.db
C:\ProgramData\Huorong\Sysdiag\db\malurl.db
C:\ProgramData\Huorong\Sysdiag\db\popblk.db
C:\ProgramData\Huorong\Sysdiag\db\posttreat.db
C:\ProgramData\Huorong\Sysdiag\db\splock.db
C:\ProgramData\Huorong\Sysdiag\db\sysclean.db
C:\ProgramData\Huorong\Sysdiag\db\sysrepair.db
C:\ProgramData\Huorong\Sysdiag\db\tradesafe.db
C:\ProgramData\Huorong\Sysdiag\db\urlcls.db
C:\ProgramData\Huorong\Sysdiag\db\webres.db
C:\ProgramData\Huorong\Sysdiag\db\wlst.db
C:\ProgramData\Huorong\Sysdiag\log.db-shm
C:\ProgramData\Huorong\Sysdiag\virdb
C:\ProgramData\Huorong\Sysdiag\virdb\hwl.db
C:\ProgramData\Huorong\Sysdiag\virdb\prop.db
C:\ProgramData\Huorong\Sysdiag\virdb\pset.db
C:\ProgramData\Huorong\Sysdiag\virdb\troj.db
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\火绒安全实验室
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\火绒安全实验室\Sysdiag
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\火绒安全实验室\Sysdiag\火绒安全软件.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\火绒安全实验室\Sysdiag\火绒日志.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\火绒安全实验室\Sysdiag\卸载火绒.lnk
C:\Users\Public\Desktop\火绒安全软件.lnk
C:\Users\海\AppData\Local\Temp\nsq60E6.tmp
C:\Users\海\AppData\Local\Temp\nsq60E6.tmp\AccessControl.dll
C:\Users\海\AppData\Local\Temp\nsq60E6.tmp\DuiLib.dll
C:\Users\海\AppData\Local\Temp\nsq60E6.tmp\installer-helper.dll
C:\Windows\System32\dtrampo.dll
C:\Windows\SysWOW64\dtrampo.dll




回复

举报

爱卡巴888
发表于 2020-3-3 21:26:31 | 显示全部楼层
太麻烦了,还不如直接排除目录
回复

举报

恰饭喽
头像被屏蔽
发表于 2020-3-9 13:17:09 | 显示全部楼层
提示: 该帖被管理员或版主屏蔽
回复

举报

〃萝卜
发表于 2020-3-13 21:57:20 | 显示全部楼层
爱卡巴888 发表于 2020-3-3 21:26
太麻烦了,还不如直接排除目录

目录投毒呢?
回复

举报

w6903608759
发表于 2020-3-20 13:16:56 | 显示全部楼层
也想知道这个问题
回复

举报

汪子凯
发表于 2020-4-2 17:52:01 来自手机 | 显示全部楼层
其实我在别的论坛发了个帖子,正好在问这个,不过还是比较感谢
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-9 04:06 , Processed in 0.122568 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表