Beyond Compare Pro文件对比工具
Process Monitor进程依赖工具
Registry Workshop注册表挂载工具
WinHex修改2进制文件 还用其他功能大佬们自己探索哈
文件复制5大做的一款灰常好用的复制神器 需要列表哈 配合依赖工具使用最佳
WinPrefetchView依赖工具
WIM打解包工具y大制作的一款打解工具 避免出现无法启动现象
文件提取工具一位美女群主制作的 工具可以直接从WIM中提取列表中的文件到指定目录
右键管家可以轻松的找到右键菜单中注册表项
PECMD.INI Encryptor一款加密PECMD配置文件的工具
另外分享一些自己收藏的注册表项
;(1)任务栏设置
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]"SearchboxTaskbarMode"=dword:00000000 ;将任务栏中的Cortana小娜调整为 0隐藏 ;1 仅显示图标 ;2 ;显示搜索框
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowTaskViewButton"=dword:00000000 ;任务视图“按钮”0隐藏;1 ;显示
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer];操作中心任务栏托盘"DisableNotificationCenter"=- ;显示
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]"EnableAutoTray"=dword:00000001 ;关闭在任务栏显示所有图标和通知
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced];当任务栏被占满时"TaskbarGlomLevel"=dword:00000000 ;始终合并
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People];隐藏任务栏上的人脉;"PeopleBand"=- ;默认"PeopleBand"=dword:00000000; 隐藏
;(2)安全相关设置
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System];更改用户账号控制设置;从不通知(不推荐)"ConsentPromptBehaviorAdmin"=dword:00000000 "EnableLUA"=dword:00000001"PromptOnSecureDesktop"=dword:00000000
;用于内置管理员帐户的管理员批准模式"FilterAdministratorToken"=- ;关闭
;Smartscreen应用筛选器[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]"EnabledV9"=dword:00000000 ;关闭
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]"ModRiskFileTypes"=".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" ;关闭;打开程序的“安全警告“(当前用户)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations]"ModRiskFileTypes"=".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" ;关闭;打开程序的“安全警告“(系统)
;禁用Windows Defender[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]"DisableAntiSpyware"=dword:00000001;禁用
;(3)开始菜单[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager];不允许在开始菜单显示建议"SubscribedContent-338388Enabled"=dword:00000000"SubscribedContent-338389Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer];关闭在应用商店中查找关联应用"NoUseStoreOpenWith"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager];关闭商店应用推广"PreInstalledAppsEnabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]"SoftLandingEnabled"=dword:00000000 ;关闭“使用Windows时获取技巧和建议
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Start_NotifyNewApps"=dword:00000000 ;关闭“突出显示新安装的程序 尾数1开0关
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]"SilentInstalledAppsEnabled"=dword:00000000 ;禁止自动安装推荐的应用程序(尾数启用为1 禁止为 0或删除键值)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]"DisableFileSyncNGSC"=dword:00000001 ;关闭OneDrive尾数0开1关
;(4)EXPLORER
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"HideFileExt"=dword:00000000 ;0显示所有文件扩展名;1不显示
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons];win10隐藏快捷方式小箭头"29"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\ 31,00,39,00,37,00,00,00
;隐藏可执行文件小盾牌"77"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\ 31,00,38,00,30,00,00,00
;去掉“新建快捷方式”字样[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]"Link"=hex:00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]"DisableAutoplay"=dword:00000001;禁止自动播放1关0开
;(5)桌面图标
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel];桌面图标设置(1隐藏0显示)"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 ;桌面显示电脑"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=dword:00000000 ;桌面显示控制面板"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001 ;桌面显示用户文件夹"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=dword:00000000 ;桌面显示网络
;(6)右键菜单设置
;禁用可执行文件的“兼容性疑难解答”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\ContextMenuHandlers\Compatibility]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shellex\ContextMenuHandlers\Compatibility]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\-ContextMenuHandlers\Compatibility]@="{1d27f844-3a1f-4410-85ac-14651078412d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\-ContextMenuHandlers\Compatibility]@="{1d27f844-3a1f-4410-85ac-14651078412d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\-ContextMenuHandlers\Compatibility]@="{1d27f844-3a1f-4410-85ac-14651078412d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shellex\-ContextMenuHandlers\Compatibility]@="{1d27f844-3a1f-4410-85ac-14651078412d}"
;禁用磁盘的“启用Bitlocker”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\encrypt-bde]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\encrypt-bde-elev]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde]"MultiSelectModel"="Single""AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Off OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#OnPreProvisioned) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#False"@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\ 76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\ 00,30,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\ 74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\ 00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,54,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde-elev]"MultiSelectModel"="Single""HasLUAShield"="""AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Off OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#OnPreProvisioned) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#True"@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\ 76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\ 00,30,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde-elev\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\ 74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\ 00,45,00,6c,00,65,00,76,00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,\ 54,00,00,00
;禁用磁盘的“以便携式方式打开”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}]"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
;禁用新建的“联系人”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.contact\ShellNew][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.contact\-ShellNew]"MenuText"=hex(2):40,00,25,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,50,00,72,00,\ 6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,73,\ 00,79,00,73,00,74,00,65,00,6d,00,5c,00,77,00,61,00,62,00,33,00,32,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,32,00,30,00,33,\ 00,00,00"iconpath"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\ 6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,\ 00,4d,00,61,00,69,00,6c,00,5c,00,77,00,61,00,62,00,2e,00,65,00,78,00,65,00,\ 2c,00,31,00,00,00"command"=hex(2):22,00,25,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\ 69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\ 00,20,00,4d,00,61,00,69,00,6c,00,5c,00,57,00,61,00,62,00,2e,00,65,00,78,00,\ 65,00,22,00,20,00,2f,00,43,00,72,00,65,00,61,00,74,00,65,00,43,00,6f,00,6e,\ 00,74,00,61,00,63,00,74,00,20,00,22,00,25,00,31,00,22,00,00,00
;禁用文件、磁盘以及属性的“还原以前版本”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
;禁用磁盘的“刻录到光盘”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]@=""
;禁用所有对象的“共享”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ModernSharing][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\-ContextMenuHandlers\ModernSharing]@="{e2bf9676-5f8f-435c-97eb-11607a5bedf7}"
;禁用文件、目录、桌面、磁盘以及库的“授予访问权限”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\Sharing][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Sharing][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\-ContextMenuHandlers\Sharing]@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\-ContextMenuHandlers\Sharing]@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\Sharing]@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\Sharing]@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LibraryFolder\background\shellex\-ContextMenuHandlers\Sharing]@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
;禁用目录、文件夹、所有对象、的“始终脱机可用”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Offline Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\Offline Files]@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\-ContextMenuHandlers\Offline Files]@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"
;禁用文件夹的“固定到快速访问”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\pintohome][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\-shell\pintohome]"MUIVerb"="@shell32.dll,-51377""AppliesTo"="System.ParsingName:<>\"::{679f85cb-0220-4080-b29b-5540cc05aab6}\" AND System.ParsingName:<>\"::{645FF040-5081-101B-9F08-00AA002F954E}\" AND System.IsFolder:=System.StructuredQueryType.Boolean#True"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\-shell\pintohome\command]"DelegateExecute"="{b455f46e-e4af-4035-b0a4-cf18d2f6f28e}"
;禁用文件、目录、桌面、所有对象的“工作文件夹”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WorkFolders][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shell\LaunchWorkfoldersControl][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\WorkFolders][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\-shellex\ContextMenuHandlers\WorkFolders]@="{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\-shell\LaunchWorkfoldersControl]"ProgrammaticAccessOnly"="""MuiVerb"="@%SystemRoot%\\system32\\WorkfoldersControl.dll,-1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\-shellex\ContextMenuHandlers\WorkFolders]@="{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}"
;禁用文件的“画图 3D”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3mf\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bmp\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.fbx\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gif\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jfif\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpe\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpeg\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpg\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tif\Shell\3D Edit][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tiff\Shell\3D Edit][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.3mf\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.3mf\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.bmp\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.bmp\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.fbx\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.fbx\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.gif\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.gif\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jfif\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jfif\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpe\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpe\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpeg\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpeg\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpg\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpg\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.png\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.png\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tif\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tif\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tiff\Shell\3D Edit]@="@%SystemRoot%\\system32\\mspaint.exe,-59500"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tiff\Shell\3D Edit\command]@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\ 70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\ 73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\ 00
;禁用文件夹的“包含到库中”右键菜单[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library Location][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\-ContextMenuHandlers\Library Location]@="{3dad6c5d-2167-4cae-9914-f99e41c12cfa}"
;(6)IE浏览器设置
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing]"WarnOnClose"=dword:00000000 ;关闭多个选项卡时不发出警告
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites]"Enabled"=dword:00000000 ;关闭建议的网站
;跳过IE首次运行自定义设置[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"RunOnceHasShown"=dword:00000001"RunOnceComplete"=dword:00000001"DisableFirstRunCustomize"=dword:00000001
;关闭自动更新"NoUpdateCheck"=dword:00000001
将同时可用下载数目调整到 10[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"MaxConnectionsPer1_0Server"=dword:0000000a"MaxConnectionsPerServer"=dword:0000000a
;隐藏IE右上角的笑脸按钮[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]"NoHelpItemSendFeedback"=dword:00000001
;(7)微软拼音
;微软拼音默认为英语输入[HKEY_CURRENT_USER\Software\Microsoft\InputMethod\Settings\CHS]"Default Mode"=dword:00000001
;(8)Windows更新
;Windows更新不包括驱动程序[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]"ExcludeWUDriversInQualityUpdate"=dword:00000001
;Windows更新不包括恶意软件删除工具[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]"DontOfferThroughWUAU"=dword:00000001
;将Windows Update自动更新调整为[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]"AUOptions"=dword:00000001 ;1从不检查 2仅检查更新 3检查并下载更新 4自动安装更新
;(9)记事本
[HKEY_CURRENT_USER\Software\Microsoft\Notepad]"fWrap"=dword:00000001 ;启用自动换行;"StatusBar"=dword:00000001 ;显示状态栏
;(10)网络设置
;关闭防火墙[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall"=dword:00000000
;(11)服务优化
;禁用系统日志[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting]"LoggingDisabled"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting]"Disabled"=dword:00000001
;禁用错误报告[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]"Start"=dword:00000004[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc]"Start"=dword:00000004
;禁用客户体验改善计划[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows]"CEIPEnable"=dword:00000000
;禁止自动维护计划[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics]"EnabledExecution"=dword:00000000
;(12)Windows Media Player [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]"GroupPrivacyAcceptance"=dword:00000001;不显示首次使用对话框"DisableAutoUpdate"=dword:00000001 ;防止WMP自动更新"EnableScreenSaver"=dword:00000001 ;播放WMP时关闭屏保"PreventLibrarySharing"=dword:00000001 ;防止媒体共享
;(13)启用 Windows 照片查看器
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]".tif"="PhotoViewer.FileAssoc.Tiff"".tiff"="PhotoViewer.FileAssoc.Tiff"".jpg"="PhotoViewer.FileAssoc.Tiff"".png"="PhotoViewer.FileAssoc.Tiff"".jpeg"="PhotoViewer.FileAssoc.Tiff"".bmp"="PhotoViewer.FileAssoc.Tiff"".jpe"="PhotoViewer.FileAssoc.Tiff"".jfif"="PhotoViewer.FileAssoc.Tiff"".dib"="PhotoViewer.FileAssoc.Tiff"".ico"="PhotoViewer.FileAssoc.Tiff"".gif"="PhotoViewer.FileAssoc.Tiff"".tga"="PhotoViewer.FileAssoc.Tiff"
;(14)其他
;蓝屏时自动重启;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl];"AutoReboot"=dword:00000001
[HKEY_CLASSES_ROOT\*\shell\runas]@="管理员取得所有权""NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F""IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\exefile\shell\runas2]@="管理员取得所有权""NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\exefile\shell\runas2\command]@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F""IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\Directory\shell\runas]@="管理员取得所有权""NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t""IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
在此也希望飞哥社区 有更多大佬的到来
**论坛真的不行了 这里实话实说 每天小号顶帖 我就问一句有意思吗 好自然会有人
文件:https://cloud.189.cn/t/JzMvqaNzA3Qv (访问码:gxq5)
厉害啊,这么多有用的
caocaofff 厉害啊,这么多有用的
这个附件上传有问题
Jiaossy 这个附件上传有问题
是限制了文件上传大小,目前是按用户等级区分的
感谢大佬分享 我不是小号 我觉得在坛子里学到很多
这是一款远程软件 在PE里打开一闪而过 而且进程跟任务管理器里都没有 正常系统中可用 不知道差什么 怎么分析
935254524 这是一款远程软件 在PE里打开一闪而过 而且进程跟任务管理器里都没有 正常系统中可用 不知道差什么 怎么分析
https://pecmd.net/thread-73.htm
抓取依赖的dll可以正常运行的
caocaofff 是限制了文件上传大小,目前是按用户等级区分的
也好防止一些无用资源占用服务器
收藏了,有时间学习一下
厉害了。
云盘好像失效了🙃
下载地址有误,请及时更新
谢谢分享!
请更新下载地址!
不能下载了😬
注册表信息,备用😁
链接失效了,奈何?!
链接失效了。哪位大神再给分享一下呢?