Beyond Compare Pro文件对比工具

Process Monitor进程依赖工具

Registry Workshop注册表挂载工具

WinHex修改2进制文件 还用其他功能大佬们自己探索哈

文件复制5大做的一款灰常好用的复制神器 需要列表哈 配合依赖工具使用最佳

WinPrefetchView依赖工具

WIM打解包工具y大制作的一款打解工具 避免出现无法启动现象

 

文件提取工具一位美女群主制作的 工具可以直接从WIM中提取列表中的文件到指定目录

右键管家可以轻松的找到右键菜单中注册表项

PECMD.INI Encryptor一款加密PECMD配置文件的工具

另外分享一些自己收藏的注册表项

;(1)任务栏设置

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
"SearchboxTaskbarMode"=dword:00000000 ;将任务栏中的Cortana小娜调整为 0隐藏 ;1 仅显示图标 ;2 ;显示搜索框

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowTaskViewButton"=dword:00000000 ;任务视图“按钮”0隐藏;1 ;显示

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer]
;操作中心任务栏托盘
"DisableNotificationCenter"=- ;显示

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=dword:00000001 ;关闭在任务栏显示所有图标和通知

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
;当任务栏被占满时
"TaskbarGlomLevel"=dword:00000000 ;始终合并

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People]
;隐藏任务栏上的人脉
;"PeopleBand"=- ;默认
"PeopleBand"=dword:00000000; 隐藏

;(2)安全相关设置

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
;更改用户账号控制设置
;从不通知(不推荐)
"ConsentPromptBehaviorAdmin"=dword:00000000 
"EnableLUA"=dword:00000001
"PromptOnSecureDesktop"=dword:00000000

;用于内置管理员帐户的管理员批准模式
"FilterAdministratorToken"=- ;关闭

;Smartscreen应用筛选器
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000000 ;关闭

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"ModRiskFileTypes"=".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" ;关闭;打开程序的“安全警告“(当前用户)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations]
"ModRiskFileTypes"=".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" ;关闭;打开程序的“安全警告“(系统)

;禁用Windows Defender
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001;禁用

;(3)开始菜单
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
;不允许在开始菜单显示建议
"SubscribedContent-338388Enabled"=dword:00000000
"SubscribedContent-338389Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer]
;关闭在应用商店中查找关联应用
"NoUseStoreOpenWith"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
;关闭商店应用推广
"PreInstalledAppsEnabled"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"SoftLandingEnabled"=dword:00000000 ;关闭“使用Windows时获取技巧和建议

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_NotifyNewApps"=dword:00000000 ;关闭“突出显示新安装的程序 尾数1开0关

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"SilentInstalledAppsEnabled"=dword:00000000 ;禁止自动安装推荐的应用程序(尾数启用为1 禁止为 0或删除键值)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive]
"DisableFileSyncNGSC"=dword:00000001 ;关闭OneDrive尾数0开1关

;(4)EXPLORER

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=dword:00000000 ;0显示所有文件扩展名;1不显示

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons]
;win10隐藏快捷方式小箭头
"29"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\
  25,00,5c,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
  00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  31,00,39,00,37,00,00,00

;隐藏可执行文件小盾牌
"77"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\
  25,00,5c,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\
  00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,\
  31,00,38,00,30,00,00,00

;去掉“新建快捷方式”字样
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers]
"DisableAutoplay"=dword:00000001;禁止自动播放1关0开

;(5)桌面图标

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
;桌面图标设置(1隐藏0显示)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000 ;桌面显示电脑
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=dword:00000000 ;桌面显示控制面板
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001     ;桌面显示用户文件夹
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=dword:00000000 ;桌面显示网络

;(6)右键菜单设置

;禁用可执行文件的“兼容性疑难解答”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\ContextMenuHandlers\Compatibility]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\ContextMenuHandlers\Compatibility]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\Compatibility]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shellex\ContextMenuHandlers\Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shellex\-ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shellex\-ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\-ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shellex\-ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"


;禁用磁盘的“启用Bitlocker”右键菜单

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\encrypt-bde]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\encrypt-bde-elev]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde]
"MultiSelectModel"="Single"
"AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Off OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#OnPreProvisioned) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#False"
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
  76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
  00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
  74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
  00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,54,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde-elev]
"MultiSelectModel"="Single"
"HasLUAShield"=""
"AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Off OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#OnPreProvisioned) AND System.Volume.BitLockerRequiresAdmin:=System.StructuredQueryType.Boolean#True"
@=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,66,00,\
  76,00,65,00,77,00,69,00,7a,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,32,\
  00,30,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\-shell\encrypt-bde-elev\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,42,00,69,00,\
  74,00,4c,00,6f,00,63,00,6b,00,65,00,72,00,57,00,69,00,7a,00,61,00,72,00,64,\
  00,45,00,6c,00,65,00,76,00,2e,00,65,00,78,00,65,00,20,00,25,00,31,00,20,00,\
  54,00,00,00

;禁用磁盘的“以便携式方式打开”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}]
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"

;禁用新建的“联系人”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.contact\ShellNew]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.contact\-ShellNew]
"MenuText"=hex(2):40,00,25,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,50,00,72,00,\
  6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,73,\
  00,79,00,73,00,74,00,65,00,6d,00,5c,00,77,00,61,00,62,00,33,00,32,00,72,00,\
  65,00,73,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,32,00,30,00,33,\
  00,00,00
"iconpath"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,\
  6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,\
  00,4d,00,61,00,69,00,6c,00,5c,00,77,00,61,00,62,00,2e,00,65,00,78,00,65,00,\
  2c,00,31,00,00,00
"command"=hex(2):22,00,25,00,70,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,4d,00,61,00,69,00,6c,00,5c,00,57,00,61,00,62,00,2e,00,65,00,78,00,\
  65,00,22,00,20,00,2f,00,43,00,72,00,65,00,61,00,74,00,65,00,43,00,6f,00,6e,\
  00,74,00,61,00,63,00,74,00,20,00,22,00,25,00,31,00,22,00,00,00

;禁用文件、磁盘以及属性的“还原以前版本”右键菜单

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shellex\-PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]

;禁用磁盘的“刻录到光盘”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

;禁用所有对象的“共享”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ModernSharing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\-ContextMenuHandlers\ModernSharing]
@="{e2bf9676-5f8f-435c-97eb-11607a5bedf7}"

;禁用文件、目录、桌面、磁盘以及库的“授予访问权限”右键菜单

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Sharing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\Sharing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Sharing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LibraryFolder\background\shellex\ContextMenuHandlers\Sharing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\-ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\-ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\-ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LibraryFolder\background\shellex\-ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

;禁用目录、文件夹、所有对象、的“始终脱机可用”右键菜单

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Offline Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\-ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\-ContextMenuHandlers\Offline Files]
@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\-ContextMenuHandlers\Offline Files]
@="{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}"

;禁用文件夹的“固定到快速访问”右键菜单

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\pintohome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\-shell\pintohome]
"MUIVerb"="@shell32.dll,-51377"
"AppliesTo"="System.ParsingName:<>\"::{679f85cb-0220-4080-b29b-5540cc05aab6}\" AND System.ParsingName:<>\"::{645FF040-5081-101B-9F08-00AA002F954E}\" AND System.IsFolder:=System.StructuredQueryType.Boolean#True"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\-shell\pintohome\command]
"DelegateExecute"="{b455f46e-e4af-4035-b0a4-cf18d2f6f28e}"

;禁用文件、目录、桌面、所有对象的“工作文件夹”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WorkFolders]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shell\LaunchWorkfoldersControl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\WorkFolders]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\-shellex\ContextMenuHandlers\WorkFolders]
@="{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\-shell\LaunchWorkfoldersControl]
"ProgrammaticAccessOnly"=""
"MuiVerb"="@%SystemRoot%\\system32\\WorkfoldersControl.dll,-1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\-shellex\ContextMenuHandlers\WorkFolders]
@="{E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}"


;禁用文件的“画图 3D”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.3mf\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bmp\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.fbx\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gif\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jfif\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpe\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpeg\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpg\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tif\Shell\3D Edit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tiff\Shell\3D Edit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.3mf\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.3mf\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.bmp\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.bmp\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.fbx\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.fbx\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.gif\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.gif\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jfif\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jfif\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpe\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpe\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpeg\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpeg\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpg\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.jpg\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.png\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.png\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tif\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tif\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tiff\Shell\3D Edit]
@="@%SystemRoot%\\system32\\mspaint.exe,-59500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DismRegBackup\SystemFileAssociations\.tiff\Shell\3D Edit\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  70,00,61,00,69,00,6e,00,74,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\
  00,22,00,20,00,2f,00,46,00,6f,00,72,00,63,00,65,00,42,00,6f,00,6f,00,74,00,\
  73,00,74,00,72,00,61,00,70,00,50,00,61,00,69,00,6e,00,74,00,33,00,44,00,00,\
  00

;禁用文件夹的“包含到库中”右键菜单
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library Location]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\-ContextMenuHandlers\Library Location]
@="{3dad6c5d-2167-4cae-9914-f99e41c12cfa}"

;(6)IE浏览器设置

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"WarnOnClose"=dword:00000000  ;关闭多个选项卡时不发出警告

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites]
"Enabled"=dword:00000000 ;关闭建议的网站

;跳过IE首次运行自定义设置
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"RunOnceHasShown"=dword:00000001
"RunOnceComplete"=dword:00000001
"DisableFirstRunCustomize"=dword:00000001

 ;关闭自动更新
"NoUpdateCheck"=dword:00000001

将同时可用下载数目调整到 10
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:0000000a
"MaxConnectionsPerServer"=dword:0000000a

  ;隐藏IE右上角的笑脸按钮
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoHelpItemSendFeedback"=dword:00000001

;(7)微软拼音

;微软拼音默认为英语输入
[HKEY_CURRENT_USER\Software\Microsoft\InputMethod\Settings\CHS]
"Default Mode"=dword:00000001

;(8)Windows更新

;Windows更新不包括驱动程序
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"ExcludeWUDriversInQualityUpdate"=dword:00000001

;Windows更新不包括恶意软件删除工具
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001

;将Windows Update自动更新调整为
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000001  ;1从不检查  2仅检查更新  3检查并下载更新  4自动安装更新

;(9)记事本

[HKEY_CURRENT_USER\Software\Microsoft\Notepad]
"fWrap"=dword:00000001 ;启用自动换行
;"StatusBar"=dword:00000001 ;显示状态栏

;(10)网络设置

;关闭防火墙
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=dword:00000000

;(11)服务优化

;禁用系统日志
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting]
"LoggingDisabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting]
"Disabled"=dword:00000001

;禁用错误报告
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc]
"Start"=dword:00000004

;禁用客户体验改善计划
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows]
"CEIPEnable"=dword:00000000

;禁止自动维护计划
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics]
"EnabledExecution"=dword:00000000

;(12)Windows Media Player 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]
"GroupPrivacyAcceptance"=dword:00000001;不显示首次使用对话框
"DisableAutoUpdate"=dword:00000001      ;防止WMP自动更新
"EnableScreenSaver"=dword:00000001      ;播放WMP时关闭屏保
"PreventLibrarySharing"=dword:00000001  ;防止媒体共享

;(13)启用 Windows 照片查看器

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".tif"="PhotoViewer.FileAssoc.Tiff"
".tiff"="PhotoViewer.FileAssoc.Tiff"
".jpg"="PhotoViewer.FileAssoc.Tiff"
".png"="PhotoViewer.FileAssoc.Tiff"
".jpeg"="PhotoViewer.FileAssoc.Tiff"
".bmp"="PhotoViewer.FileAssoc.Tiff"
".jpe"="PhotoViewer.FileAssoc.Tiff"
".jfif"="PhotoViewer.FileAssoc.Tiff"
".dib"="PhotoViewer.FileAssoc.Tiff"
".ico"="PhotoViewer.FileAssoc.Tiff"
".gif"="PhotoViewer.FileAssoc.Tiff"
".tga"="PhotoViewer.FileAssoc.Tiff"

;(14)其他

;蓝屏时自动重启
;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
;"AutoReboot"=dword:00000001

;禁用系统日志
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting]
"LoggingDisabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting]
"Disabled"=dword:00000001

[HKEY_CLASSES_ROOT\*\shell\runas]
@="管理员取得所有权"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\exefile\shell\runas2]
@="管理员取得所有权"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas2\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="管理员取得所有权"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

在此也希望飞哥社区 有更多大佬的到来

**论坛真的不行了 这里实话实说 每天小号顶帖 我就问一句有意思吗 好自然会有人

 文件:https://cloud.189.cn/t/JzMvqaNzA3Qv (访问码:gxq5)

 

 

收藏
分享
最新回复 (9)
  • 超级版主 caocaofff 2020-08-05 23:47:47

    厉害啊,这么多有用的

    我的博客:cboot.org
  • 士兵 Jiaossy 2020-08-05 23:56:20   楼主
    caocaofff 厉害啊,这么多有用的

    这个附件上传有问题

  • 超级版主 caocaofff 2020-08-06 08:49:18
    Jiaossy 这个附件上传有问题

    是限制了文件上传大小,目前是按用户等级区分的

    我的博客:cboot.org
  • 士官 935254524 2020-08-06 10:05:29

    感谢大佬分享 我不是小号 我觉得在坛子里学到很多

  • 士官 935254524 2020-08-06 10:53:02

    这是一款远程软件 在PE里打开一闪而过 而且进程跟任务管理器里都没有  正常系统中可用 不知道差什么 怎么分析

    上传的附件:
    • TrustViewer.exe (上传时间:2020-08-06 10:53:02,大小:2.04M,下载次数:3)
  • 超级版主 caocaofff 2020-08-06 11:19:35
    935254524 这是一款远程软件 在PE里打开一闪而过 而且进程跟任务管理器里都没有&nbsp; 正常系统中可用 不知道差什么 怎么分析

    https://pecmd.net/thread-73.htm

    我的博客:cboot.org
  • 士兵 Jiaossy 2020-08-06 22:06:11   楼主
    935254524 这是一款远程软件 在PE里打开一闪而过 而且进程跟任务管理器里都没有&nbsp; 正常系统中可用 不知道差什么 怎么分析

    抓取依赖的dll可以正常运行的

  • 士兵 Jiaossy 2020-08-06 22:07:47   楼主
    caocaofff 是限制了文件上传大小,目前是按用户等级区分的

    也好防止一些无用资源占用服务器

  • 士兵 xlt 2020-08-15 16:40:02

    收藏了,有时间学习一下

返回