常用注册表项

常用注册表项

SFC /SCANNOW        系统修复命令
                       注册表快跳

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionAppletsRegedit" /v lastkey /t reg_sz /d "注册表位置" /f && regedit.exe

                      打开注册表(广播)
<oBJECT classid="clsid:21111127-FC08-4373-8F54-1A02E3C15B7D" codebase=">

                      从系统备份中COPY文件到指定路径

cmd /k copy C:WINDOWSsystem32dllcachectfmon.exe c:windowssystem32

                           去掉盗版五角星

cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifywgalogon" /f 
然后马上重启机子,电脑中搜索wgatray.exe找到删除就可以了

       改变大图标(桌面图标)大小(像素)： 
                     （默认：32 小：16 大：64 ）

cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v Shell Icon Size /t REG_SZ /d 32 /f

        改变小图标（如网页中的IE）大小(像素)：
                      （默认：16    大小以倍数计算）

cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v Shell Small Icon Size /t REG_SZ /d 16 /f

             禁止名称有“快捷方式”四个字
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer" /v link /t REG_BINARY /d 00000000 /f

          禁止系统右键弹出菜单：(禁用：1 启用：0    默认无此项）
禁用：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoViewContextMenu /t REG_DWORD /d 1 /f

解禁：
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoViewContextMenu /f

                       禁止任务栏右键弹出菜单 ：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoTrayContextMenu /t REG_DWORD /d 1 /f

                   隐藏[设置]菜单中[控制面板]和[打印机]菜单项：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetFolders /t REG_DOWRD /d 1 /f

                   隐藏[设置]菜单中[任务栏和开始菜单]菜单项：
cmd /k reg add " HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f

cmd /k reg add "
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetTaskbar /t REG_DWORD /d 1 /f

                   隐藏[设置]菜单中[文件夹选项...]：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoFolderOptions /t REG_DWORD /d 1 /f

                    隐藏[设置]菜单中[活动桌面]项：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSetActiveDesktop /t REG_DWORD /d 1 /f

                     隐藏[设置]菜单中[Windows Update]项：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoWindowsUpdat /t REG_DWORD /d 1 /f

                        禁止“文档”记录功能：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoRecentDocsHistory /t REG_DWORD /d 1 /f

                       “隐藏文件”不能显示
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v CheckedValue /f

   cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f

                       退出时自动清除文档内容：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v ClearRecentDocsonExit /t REG_DWORD /d 1 /f

                       添加IE的基本用户(五项)：
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftwindowssafercodeidentifiers" /v Levels /d 217088 /t REG_DWORD /f

                             重装IE（数值为0   即视为IE没有安装，这样才可以重安装）

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftActive SetupInstalled Components{89820200-ECBD-11cf-8B85-00AA005B4340}" /v IsInstalled /t REG_DWORD /d 0 /f                      

                        IE主页被锁定（按钮灰色）：
cmd /k reg add "HKEY_USERS.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel" /v homepage /t REG_DWORD /d 0 /f

                              锁定IE的三个按钮（主页，默认页，空白页）
cmd /k reg add "HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel" /v HomePage /t REG_DWORD /d 1 /f

                              设定IE主页

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain" /v "start page" /t REG_SZ /d "http://www.hao123.com" /f

                             关联IE（打不开IE）

cmd /k reg add "HKEY_CLASSES_ROOTCLSID{871C5380-42A0-1069-A2EA-08002B30309D}shellOpenHomePageCommand" /ve /t REG_SZ /d "C:Program FilesInternet Exploreriexplore.exe" /f

                             IE 程序关联（打不开网页）

cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE" /ve /t REG_SZ /d "C:Program FilesInternet ExplorerIEXPLORE.EXE" /f

                       去掉IE多余的加载项：

cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions" /f

cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtSettings" /f

cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats" /f

                      禁用IE6下载:   （禁用为3   恢复为0 ）

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settingsones3" /v 1803 /t REG_DWORD /d 3 /f

                       开始菜单中“运行”按钮失效：
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoRun /t REG_DWORD /d 0 /f

                      开始菜单中“关机”按钮被取消&失效：
cmd /k reg add " HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoClose /t REG_DWORD /d 0 /f

                      开始菜单中“注销”按钮被取消&失效:
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoLogOff /t REG_DWORD /d 0 /f

              隐藏磁盘: (C盘是4；D盘是8；E盘是16；F盘是32 全部隐藏是FFFFFFFF)
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoDrives /t REG_DWORD /d 可变 /f
显示磁盘：
cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent VersionPoliciesExplorer" /v NoDrives /f

                     禁止上网自动弹出网页：
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v LegalNoticeCaption /f

cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v LegalNoticeText /f

                  IE“源文件”项不可用： （禁用为1 正常为0）
cmd /k reg add "HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions" /v NoViewSource /t REG_DWORD /d 0 /f

                   禁止数据光盘自动运行：（注意此项） 
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0 /f

                                关闭自动重新启动功能 （关闭为0 启用为 1 ）
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCrashControl" /v AutoReboot /t REG_DWORD /d 0 /f

              \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

                      系统优化方面

                       缩短等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINESystemCurrentControlSetControl" /v WaitToKillServiceTimeout /t REG_sz /d 1000 /f

                     关闭程序时仅等待1秒:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v WaitToKillAppTimeout /t REG_SZ /d 1000 /f

                     程序出错时等待0.5:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v HungAppTimeout /t REG_SZ /d 200 /f

                     加快菜单显示速度:
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktop" /v MenuShowDelay /t REG_SZ /d 0 /f

                     缩短关闭程序等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMControlSet001Control" /v WaitToKillServiceTimeout /t REG_SZ /d 0 /f

                     加快窗口显示速度：
cmd /k reg add "HKEY_CURRENT_USERControl PanelDesktopWindowMetrics" /v MinAniMate /t REG_SZ /d 0 /f

                      加快Windows XP的启动：
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory ManagementPrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 /f        （数值可选1、3、5，调试到最佳即可）

                       关不了机：
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetcontrolShutdown" /v FastReboot /t REG_SZ /d 0 /f

                        关闭开机自动检测 （及启用）

cmd /k reg delete "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" /v BootExecute /f

cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f

                               卸载不用的动态文件

cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAlwaysUnloadDLL" /ve /t REG_SZ /d 0 /f

                        \\\\\\\\\\\\\\\\\\\\\\\\\
                                      启动项、流行木马、添加删除程序

                         清理启动项：
HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfig 下面子项有加号的，打开加号删掉里面的项

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies 下面子项有加号的，打开加号删掉里面的项

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2    下面长串字符有加号的，打开加号删掉里面的项

                       去掉启动项中不选用的项：（要先退出该程序）
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftShared ToolsMSConfigstartupreg" /f

                     删除“添加删除程序”里删不掉的项：

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

在子目录下找到该项删除。

               \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                          关闭默认共享（漏洞）

                 关闭硬盘各分区的共享：（开启为1 关闭为0   默认是1）
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareServer /t REG_DWORD /d 0 /f

                           关闭admin$共享：
（ 注意：本法必须重启机器，但一经改动就会永远停止共享。）
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareWks /t REG_DWORD /d 0 /f

                     关闭空用户连接（IPC$）: 
（黑客利用该功能，查找系统的用户列表来攻击。所以关闭）
cmd /k reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa" /v restrictanonymous /t REG_DWORD /d 1 /f

                           删除共享文档：
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerMyComputerNameSpaceDelegateFolders{59031a47-3f72-44a7-89c5-5595fe6b30ee}" /f

                           删除回收站：
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerDesktopNameSpace{645FF040-5081-101B-9F08-00AA002F954E}" /f

                  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

                                   添加右键DOS和记事本

                        右键“DOS通道”：
cmd /k reg add "HKEY_CLASSES_ROOTFoldershellDOS" /ve /d DOS通道 /t REG_SZ /f

cmd /k reg add "HKEY_CLASSES_ROOTFoldershellDOSCommand" /ve /d "cmd.exe /K CD %1" /t REG_SZ /f

                          右键“记事本”：
cmd /k reg add "HKEY_CLASSES_ROOT*ShellOpenWithNote" /ve /d 用记事本打开 /t REG_SZ /f

cmd /k reg add "HKEY_CLASSES_ROOT*ShellOpenWithNoteCommand" /ve /d "Notepad.exe %1" /t REG_SZ /f

                 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                找回丢失的项目

                                      EXE文件打不开(映像劫持)
cmd /k reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options进程名称" /f                                          

                                    找回启动项没有输入法
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun" /v ctfmon.exe /t REG_SZ /d "C:WINDOWSsystem32ctfmon.exe" /f

                                   修复系统小喇叭
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" /v systray.exe /t REG_SZ /d "c:windowssystem32systray.exe" 然后再运行一下cmd /k taskkill /f /im explorer.exe&explorer.exe

                                    找回误删的IE

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsClassicStartMenu" /v {871C5380-42A0-1069-A2EA-08002B30309D} /t REG_DWORD /d 0 /f

                                   任务管理器（启用0 禁用1 ）

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v DisableTaskMgr /t REG_DWORD /d 0 /f

                                    注册表锁定与解锁（锁定1 解锁0）
cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v DisableRegistryTools /t REG_DWORD /d 0 /f

                                      任务栏锁定与解锁 （锁定0 解锁1）

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /f

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced" /v TaskbarSizeMove /t REG_DWORD /d 1 /f

                                     “工具”菜单无“文件夹选项” （有为0 无为1 ）

cmd /k reg add "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoFolderOptions /t REG_DWORD /d 0 /f
cmd /k taskkill /f /im explorer.exe & explorer.exe

                                     网页中看不到验证码
cmd /k reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSecurity" /v blockXbm /t REG_DWORD /d 0 /f

打不开磁盘 ：cmd /k reg add "HKEY_CLASSES_ROOTDriveshell" /ve /t REG_SZ /d none /f

打不开文件夹：cmd /k reg add "HKEY_CLASSES_ROOTDirectoryshell" /ve /t REG_SZ /d none /f

我的文档：cmd /k reg add "HKEY_CLASSES_ROOTCLSID{450D8FBA-AD25-11D0-98A8-0800361B1103}shell" /ve /t REG_SZ /d none /f

                                 自动保存设置

cmd /k reg delete "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoSaveSettings /f