SFC /SCANNOW 系统修复命令
注册表快跳
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionAppletsRegedit" /v lastkey /t reg_sz /d "注册表位置" /f && regedit.exe
打开注册表(广播)
<oBJECT classid="clsid:21111127-FC08-4373-8F54-1A02E3C15B7D" codebase=">
从系统备份中COPY文件到指定路径
cmd /k copy C:WINDOWSsystem32dllcachectfmon.exe c:windowssystem32
去掉盗版五角星
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywgalogon" /f
然后马上重启机子,电脑中搜索wgatray.exe找到删除就可以了
改变大图标(桌面图标)大小(像素):
(默认:32 小:16 大:64 )
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v Shell Icon Size /t REG_SZ /d 32 /f
改变小图标(如网页中的IE)大小(像素):
(默认:16 大小以倍数计算)
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v Shell Small Icon Size /t REG_SZ /d 16 /f
禁止名称有“快捷方式”四个字
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer" /v link /t REG_BINARY /d 00000000 /f
禁止系统右键弹出菜单:(禁用:1 启用:0 默认无此项)
禁用:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoViewContextMenu /t REG_DWORD /d 1 /f
解禁:
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoViewContextMenu /f
禁止任务栏右键弹出菜单 :
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoTrayContextMenu /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[控制面板]和[打印机]菜单项:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetFolders /t REG_DOWRD /d 1 /f
隐藏[设置]菜单中[任务栏和开始菜单]菜单项:
cmd /k reg add " HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
cmd /k reg add "
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetTaskbar /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[文件夹选项...]:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoFolderOptions /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[活动桌面]项:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetActiveDesktop /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[Windows Update]项:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoWindowsUpdat /t REG_DWORD /d 1 /f
禁止“文档”记录功能:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoRecentDocsHistory /t REG_DWORD /d 1 /f
“隐藏文件”不能显示
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v CheckedValue /f
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f
退出时自动清除文档内容:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v ClearRecentDocsonExit /t REG_DWORD /d 1 /f
添加IE的基本用户(五项):
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftwindowssafercodeidentifiers" /v Levels /d 217088 /t REG_DWORD /f
重装IE(数值为0 即视为IE没有安装,这样才可以重安装)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4340}" /v IsInstalled /t REG_DWORD /d 0 /f
IE主页被锁定(按钮灰色):
cmd /k reg add "HKEY_USERS.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel" /v homepage /t REG_DWORD /d 0 /f
锁定IE的三个按钮(主页,默认页,空白页)
cmd /k reg add "HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel" /v HomePage /t REG_DWORD /d 1 /f
设定IE主页
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain" /v "start page" /t REG_SZ /d "http://www.hao123.com" /f
关联IE(打不开IE)
cmd /k reg add "HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand" /ve /t REG_SZ /d "C:Program FilesInternet Exploreriexplore.exe" /f
IE 程序关联(打不开网页)
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE" /ve /t REG_SZ /d "C:Program FilesInternet ExplorerIEXPLORE.EXE" /f
去掉IE多余的加载项:
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions" /f
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtSettings" /f
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats" /f
禁用IE6下载: (禁用为3 恢复为0 )
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settingsones3" /v 1803 /t REG_DWORD /d 3 /f
开始菜单中“运行”按钮失效:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoRun /t REG_DWORD /d 0 /f
开始菜单中“关机”按钮被取消&失效:
cmd /k reg add " HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoClose /t REG_DWORD /d 0 /f
开始菜单中“注销”按钮被取消&失效:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoLogOff /t REG_DWORD /d 0 /f
隐藏磁盘: (C盘是4;D盘是8;E盘是16;F盘是32 全部隐藏是FFFFFFFF)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoDrives /t REG_DWORD /d 可变 /f
显示磁盘:
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoDrives /f
禁止上网自动弹出网页:
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v LegalNoticeCaption /f
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v LegalNoticeText /f
IE“源文件”项不可用: (禁用为1 正常为0)
cmd /k reg add "HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions" /v NoViewSource /t REG_DWORD /d 0 /f
禁止数据光盘自动运行:(注意此项)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0 /f
关闭自动重新启动功能 (关闭为0 启用为 1 )
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCrashControl" /v AutoReboot /t REG_DWORD /d 0 /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
系统优化方面
缩短等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINESystemCurrentControlSetControl" /v WaitToKillServiceTimeout /t REG_sz /d 1000 /f
关闭程序时仅等待1秒:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v WaitToKillAppTimeout /t REG_SZ /d 1000 /f
程序出错时等待0.5:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v HungAppTimeout /t REG_SZ /d 200 /f
加快菜单显示速度:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v MenuShowDelay /t REG_SZ /d 0 /f
缩短关闭程序等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMControlSet001Control" /v WaitToKillServiceTimeout /t REG_SZ /d 0 /f
加快窗口显示速度:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v MinAniMate /t REG_SZ /d 0 /f
加快Windows XP的启动:
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory ManagementPrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 /f (数值可选1、3、5,调试到最佳即可)
关不了机:
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetcontrolShutdown" /v FastReboot /t REG_SZ /d 0 /f
关闭开机自动检测 (及启用)
cmd /k reg delete "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" /v BootExecute /f
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f
卸载不用的动态文件
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAlwaysUnloadDLL" /ve /t REG_SZ /d 0 /f
\\\\\\\\\\\\\\\\\\\\\\\\\
启动项、流行木马、添加删除程序
清理启动项:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfig 下面子项有加号的,打开加号删掉里面的项
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies 下面子项有加号的,打开加号删掉里面的项
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2 下面长串字符有加号的,打开加号删掉里面的项
去掉启动项中不选用的项:(要先退出该程序)
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupreg" /f
删除“添加删除程序”里删不掉的项:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
在子目录下找到该项删除。
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
关闭默认共享(漏洞)
关闭硬盘各分区的共享:(开启为1 关闭为0 默认是1)
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareServer /t REG_DWORD /d 0 /f
关闭admin$共享:
( 注意:本法必须重启机器,但一经改动就会永远停止共享。)
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareWks /t REG_DWORD /d 0 /f
关闭空用户连接(IPC$):
(黑客利用该功能,查找系统的用户列表来攻击。所以关闭)
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa" /v restrictanonymous /t REG_DWORD /d 1 /f
删除共享文档:
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerMyComputerNameSpaceDelegateFolders{59031a47-3f72-44a7-89c5-5595fe6b30ee}" /f
删除回收站:
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerDesktopNameSpace{645FF040-5081-101B-9F08-00AA002F954E}" /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
添加右键DOS和记事本
右键“DOS通道”:
cmd /k reg add "HKEY_CLASSES_ROOTFoldershellDOS" /ve /d DOS通道 /t REG_SZ /f
cmd /k reg add "HKEY_CLASSES_ROOTFoldershellDOSCommand" /ve /d "cmd.exe /K CD %1" /t REG_SZ /f
右键“记事本”:
cmd /k reg add "HKEY_CLASSES_ROOT*ShellOpenWithNote" /ve /d 用记事本打开 /t REG_SZ /f
cmd /k reg add "HKEY_CLASSES_ROOT*ShellOpenWithNoteCommand" /ve /d "Notepad.exe %1" /t REG_SZ /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
找回丢失的项目
EXE文件打不开(映像劫持)
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options进程名称" /f
找回启动项没有输入法
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun" /v ctfmon.exe /t REG_SZ /d "C:WINDOWSsystem32ctfmon.exe" /f
修复系统小喇叭
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" /v systray.exe /t REG_SZ /d "c:windowssystem32systray.exe" 然后再运行一下cmd /k taskkill /f /im explorer.exe&explorer.exe
找回误删的IE
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsClassicStartMenu" /v {871C5380-42A0-1069-A2EA-08002B30309D} /t REG_DWORD /d 0 /f
任务管理器(启用0 禁用1 )
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v DisableTaskMgr /t REG_DWORD /d 0 /f
注册表锁定与解锁(锁定1 解锁0)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v DisableRegistryTools /t REG_DWORD /d 0 /f
任务栏锁定与解锁 (锁定0 解锁1)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /f
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v TaskbarSizeMove /t REG_DWORD /d 1 /f
“工具”菜单无“文件夹选项” (有为0 无为1 )
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoFolderOptions /t REG_DWORD /d 0 /f
cmd /k taskkill /f /im explorer.exe & explorer.exe
网页中看不到验证码
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSecurity" /v blockXbm /t REG_DWORD /d 0 /f
打不开磁盘 :cmd /k reg add "HKEY_CLASSES_ROOTDriveshell" /ve /t REG_SZ /d none /f
打不开文件夹:cmd /k reg add "HKEY_CLASSES_ROOTDirectoryshell" /ve /t REG_SZ /d none /f
我的文档:cmd /k reg add "HKEY_CLASSES_ROOTCLSID{450D8FBA-AD25-11D0-98A8-0800361B1103}shell" /ve /t REG_SZ /d none /f
自动保存设置
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSaveSettings /f