This may help - it's not tested.
@echo off
reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\CCM\Security" >nul 2>&1 || goto not_64bit
reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\CCM\Security" /v AllowedRootCAHashCode /t REG_SZ |find "00 00 00 09 1A" >nul
if errorlevel 1 Reg Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\CCM\Security" /v AllowedRootCAHashCode /f
goto :EOF
:not_64bit
reg query "HKLM\SOFTWARE\Microsoft\CCM\Security" /v AllowedRootCAHashCode /t REG_SZ |find "00 00 00 09 1A" >nul 2>&1 && goto :EOF
Reg Delete "HKLM\SOFTWARE\Microsoft\CCM\Security" /v AllowedRootCAHashCode /f