常用注册表项
SFC /SCANNOW 系统修复命令
注册表快跳
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" /v lastkey /t reg_sz /d "注册表位置" /f && regedit.exe
打开注册表(广播)
<oBJECT classid="clsid:21111127-FC08-4373-8F54-1A02E3C15B7D" codebase=">
从系统备份中COPY文件到指定路径
cmd /k copy C:\WINDOWS\system32\dllcache\ctfmon.exe c:\windows\system32
去掉盗版五角星
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wgalogon" /f
然后马上重启机子,电脑中搜索wgatray.exe找到删除就可以了
改变大图标(桌面图标)大小(像素):
(默认:32 小:16 大:64 )
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v Shell Icon Size /t REG_SZ /d 32 /f
改变小图标(如网页中的IE)大小(像素):
(默认:16 大小以倍数计算)
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v Shell Small Icon Size /t REG_SZ /d 16 /f
禁止名称有“快捷方式”四个字
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v link /t REG_BINARY /d 00000000 /f
禁止系统右键弹出菜单:(禁用:1 启用:0 默认无此项)
禁用:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewContextMenu /t REG_DWORD /d 1 /f
解禁:
cmd /k reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewContextMenu /f
禁止任务栏右键弹出菜单 :
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoTrayContextMenu /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[控制面板]和[打印机]菜单项:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DOWRD /d 1 /f
隐藏[设置]菜单中[任务栏和开始菜单]菜单项:
cmd /k reg add " HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
cmd /k reg add "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetTaskbar /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[文件夹选项...]:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[活动桌面]项:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetActiveDesktop /t REG_DWORD /d 1 /f
隐藏[设置]菜单中[Windows Update]项:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoWindowsUpdat /t REG_DWORD /d 1 /f
禁止“文档”记录功能:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_DWORD /d 1 /f
“隐藏文件”不能显示
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /f
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f
退出时自动清除文档内容:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v ClearRecentDocsonExit /t REG_DWORD /d 1 /f
添加IE的基本用户(五项):
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\safer\codeidentifiers" /v Levels /d 217088 /t REG_DWORD /f
重装IE(数值为0 即视为IE没有安装,这样才可以重安装)
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}" /v IsInstalled /t REG_DWORD /d 0 /f
IE主页被锁定(按钮灰色):
cmd /k reg add "HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v homepage /t REG_DWORD /d 0 /f
锁定IE的三个按钮(主页,默认页,空白页)
cmd /k reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 1 /f
设定IE主页
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "start page" /t REG_SZ /d "http://www.hao123.com" /f
关联IE(打不开IE)
cmd /k reg add "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command" /ve /t REG_SZ /d "C:\Program Files\Internet Explorer\iexplore.exe" /f
IE 程序关联(打不开网页)
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE" /ve /t REG_SZ /d "C:\Program Files\Internet Explorer\IEXPLORE.EXE" /f
去掉IE多余的加载项:
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions" /f
cmd /k reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings" /f
cmd /k reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats" /f
禁用IE6下载: (禁用为3 恢复为0 )
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /v 1803 /t REG_DWORD /d 3 /f
开始菜单中“运行”按钮失效:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f
开始菜单中“关机”按钮被取消&失效:
cmd /k reg add " HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" /v NoClose /t REG_DWORD /d 0 /f
开始菜单中“注销”按钮被取消&失效:
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" /v NoLogOff /t REG_DWORD /d 0 /f
隐藏磁盘: (C盘是4;D盘是8;E盘是16;F盘是32 全部隐藏是FFFFFFFF)
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" /v NoDrives /t REG_DWORD /d 可变 /f
显示磁盘:
cmd /k reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" /v NoDrives /f
禁止上网自动弹出网页:
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /f
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /f
IE“源文件”项不可用: (禁用为1 正常为0)
cmd /k reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoViewSource /t REG_DWORD /d 0 /f
禁止数据光盘自动运行:(注意此项)
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0 /f
关闭自动重新启动功能 (关闭为0 启用为 1 )
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v AutoReboot /t REG_DWORD /d 0 /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
系统优化方面
缩短等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_sz /d 1000 /f
关闭程序时仅等待1秒:
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v WaitToKillAppTimeout /t REG_SZ /d 1000 /f
程序出错时等待0.5:
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v HungAppTimeout /t REG_SZ /d 200 /f
加快菜单显示速度:
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v MenuShowDelay /t REG_SZ /d 0 /f
缩短关闭程序等待时间:
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 0 /f
加快窗口显示速度:
cmd /k reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v MinAniMate /t REG_SZ /d 0 /f
加快Windows XP的启动:
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 /f (数值可选1、3、5,调试到最佳即可)
关不了机:
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\control\Shutdown" /v FastReboot /t REG_SZ /d 0 /f
关闭开机自动检测 (及启用)
cmd /k reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /f
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f
卸载不用的动态文件
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL" /ve /t REG_SZ /d 0 /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
启动项、流行木马、添加删除程序
清理启动项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig 下面子项有加号的,打开加号删掉里面的项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies 下面子项有加号的,打开加号删掉里面的项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 下面长串字符有加号的,打开加号删掉里面的项
去掉启动项中不选用的项:(要先退出该程序)
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
删除“添加删除程序”里删不掉的项:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
在子目录下找到该项删除。
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
关闭默认共享(漏洞)
关闭硬盘各分区的共享:(开启为1 关闭为0 默认是1)
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareServer /t REG_DWORD /d 0 /f
关闭admin$共享:
( 注意:本法必须重启机器,但一经改动就会永远停止共享。)
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareWks /t REG_DWORD /d 0 /f
关闭空用户连接(IPC$):
(黑客利用该功能,查找系统的用户列表来攻击。所以关闭)
cmd /k reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d 1 /f
删除共享文档:
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{59031a47-3f72-44a7-89c5-5595fe6b30ee}" /f
删除回收站:
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}" /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
添加右键DOS和记事本
右键“DOS通道”:
cmd /k reg add "HKEY_CLASSES_ROOT\Folder\shell\DOS" /ve /d DOS通道 /t REG_SZ /f
cmd /k reg add "HKEY_CLASSES_ROOT\Folder\shell\DOS\Command" /ve /d "cmd.exe /K CD %1" /t REG_SZ /f
右键“记事本”:
cmd /k reg add "HKEY_CLASSES_ROOT\*\Shell\OpenWithNote" /ve /d 用记事本打开 /t REG_SZ /f
cmd /k reg add "HKEY_CLASSES_ROOT\*\Shell\OpenWithNote\Command" /ve /d "Notepad.exe %1" /t REG_SZ /f
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
找回丢失的项目
EXE文件打不开(映像劫持)
cmd /k reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\进程名称" /f
找回启动项没有输入法
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v ctfmon.exe /t REG_SZ /d "C:\WINDOWS\system32\ctfmon.exe" /f
修复系统小喇叭
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v systray.exe /t REG_SZ /d "c:\windows\system32\systray.exe" 然后再运行一下cmd /k taskkill /f /im explorer.exe&explorer.exe
找回误删的IE
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" /v {871C5380-42A0-1069-A2EA-08002B30309D} /t REG_DWORD /d 0 /f
任务管理器(启用0 禁用1 )
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 0 /f
注册表锁定与解锁(锁定1 解锁0)
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f
任务栏锁定与解锁 (锁定0 解锁1)
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 0 /f
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v TaskbarSizeMove /t REG_DWORD /d 1 /f
“工具”菜单无“文件夹选项” (有为0 无为1 )
cmd /k reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f
cmd /k taskkill /f /im explorer.exe & explorer.exe
网页中看不到验证码
cmd /k reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security" /v blockXbm /t REG_DWORD /d 0 /f
打不开磁盘 :cmd /k reg add "HKEY_CLASSES_ROOT\Drive\shell" /ve /t REG_SZ /d none /f
打不开文件夹:cmd /k reg add "HKEY_CLASSES_ROOT\Directory\shell" /ve /t REG_SZ /d none /f
我的文档:cmd /k reg add "HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell" /ve /t REG_SZ /d none /f
自动保存设置
cmd /k reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSaveSettings /f
