How to clean your computer from traces of flash drives. How to delete data about USB flash drives in the Windows registry. How to remove traces of a flash drive in Windows

Good afternoon, dear readers of the blog site, today I want to tell you how to delete data about USB flash drives in the Windows registry. This article is a continuation of the article. All information about any USB media ever connected to a computer is stored in system registry. If you connect a lot of flash drives to your computer different models and manufacturers, then over time a lot of garbage accumulates in the registry. As a result, the process of identifying and connecting a new device begins to take considerable time and slows down the system.

There is only one way out. You need to periodically clean the registry sections that store data about connected flash drives and other USB drives. Clearing these partitions will speed up your connection. new USB devices and the operation of the system as a whole.

Cleaning must be done using system program Regedit. It starts like this.
Start - Run - Regedit

Registry sections that store data about any USB drive ever connected to a PC - Flash drives, external hard drives, as well as cameras, phones, flash players and other devices that were recognized as an external USB drive when connected to a PC. Here you can delete all subsections with the Disc prefix.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USBSTOR

From the screenshots it is clear that hubs and HDD were also connected through the hub

If you don’t want to clean it manually, there is also free software, for example USB Oblivion. Launch the utility

Check the box Perform real cleaning

We see that everything is complete and many entries have been deleted from the registry. Let's check the registry. Please note that there is no USBSTOR folder.

Well, lastly, let’s look at the USBDeview program, everything is clean too.

Here, dear readers, is where data about your flash drives is stored, so if you need to delete something, then start.

Now there was a discussion in the forum about how to determine which account We mounted USB, but I have the opposite problem. It is necessary, without having administrator rights, as a user with limited rights, to remove information about connected USB devices from Windows OS.

The task is complicated because there are no rights to change the registry. It is also not possible to solve the problem by loading a LiveCD.

Irina will “thank you very much” after the users to whom she “drew attention” use these tips.

To be honest, we got ahead of ourselves, I myself wanted to continue the topic in this direction)))

I think the initial data is enough, but nevertheless I will give the details.

Let me make a reservation right away, we are not talking about a certified object and not about security information security confidential information (in a sense). The question was “purely for myself.” For example, I don’t want to have data about connected, personal, USB devices in the system, on my work computer.

God protects those who are careful and it is unknown how these data may affect them in the future. You never know who in management would want to find a scapegoat for leaking non-confidential but working data. Or hold them responsible for the spread of a virus on a corporate network. In short, you can come up with a lot of things.

In a word, we will consider my question from the point of view of an attacker who wants to delete compromising information.)))

We consider the experimental computer as: an ordinary working computer included in the corporate network of the organization; Windows XP OS; authorization via Active Directory, physical access available; there is access to the BIOS; limited user rights; Loading from any media is possible (for example, from LiveCD).

How to clear data about USB flash drives in the Windows registry.

Comments and reviews: 9

1. Ilya 19.05.2011
>>>Attention! These sections also contain information about the hard drives installed on the computer. Do not delete this information.

Question: If I mistakenly delete data about hard drives along with information about flash drives, what then? Kaput system?

Answer:
Yes you are right. Sometimes, even with established rights on full access, it is not possible to delete the specified keys. But there is a way out. You need to run the registry editor with system rights.

I will write below how to do this under Windows XP. I haven't tried it on Vista or Windows 7.

So. In order to run a program in Windows XP with system rights, you need to run it through the “Task Scheduler”. Make sure you have this service enabled:

Control Panel - Administration - Services - Task Scheduler.

If everything is in order, we make up BAT file the following content:
at 21:01 /interactive regedit.exe

21:01 is the time (you will have your own value) to start the task. If your system clock shows the time 20:59, then the registry editor (regedit.exe) will be launched at 21:01, in 2 minutes.

Then run the BAT file.
At 21:01 we admire the registry editor running under system rights.

Now you can edit any data in the registry.

8. Afanasy 08.07.2013
Reply to reply to comment #3
“I’ll write below how to do this under Windows XP. I haven’t tried it on Vista or Windows 7.”

I tried it in Windows 7, but this method no longer works. The Registry Editor starts and is visible in processes, but the system does not open its windows for security reasons. What is reported when you try to create a task in the task scheduler.

How to remove old USB device drivers from Windows?

Almost every user connects a phone, tablet, reader, flash drives and external HDDs. When working with these devices, Windows installs their drivers. At the end of use, they are not deleted from the computer (that is, they gradually accumulate) and, just like temporary files, unnecessary registry entries clutter the system.

In addition to this, if devices are disconnected from USB port incorrectly (they are pulled out without software shutdown using the “Extract” function), then the installed drivers not only remain in the system, but also continue to function. Which is why they often become the cause software conflict while connecting another USB device (the system “does not see” the device, gives errors, freezes).

This article will help you avoid all these troubles: it will tell you how to completely remove the driver of an unused USB drive or gadget from the operating system, and how to automatically uninstall all USB drivers.

Removal using standard means

Surface cleaning

1. Open the Start menu.

2. Click right click mouse in the “Computer” panel that appears. From the list of commands, select “Properties”.

3. In the left column, click “Device Manager”.

4. In the dispatcher window, in horizontal menu, open the View section and click Show hidden devices».

5. Open the “USB Controllers” directory.

6. Remove an old or unused driver: right-click on its name → click “Delete”.

Deep cleaning

1. Hold down the Win key and press the Pause/Break key. Or open: Start → right-click Computer → Properties.

2. In the window that opens, in the left panel, click “ Extra options systems."

3. On the Advanced tab, click the Environment Variables button.

4. In the top block, click “Create”.

5. In the New User Variable window:

  • in the “Variable name” line, enter - devmgr_show_nonpresent_devices;
  • in “Variable value” - 1.

    • 6. Click OK in the Variable panel and in the Environment Variables window.

    7. Return to the system properties window (Win+Break) and click “Device Manager”.

    8. In the manager, open: View → Show hidden…

    9. Click the “Update configuration...” button (the last one in the panel).

    10. Icons of unused drivers in the manager are grayed out (that is, you can remove this driver). Open the following directories one by one and remove unnecessary elements (right-click on the name → Delete):

    Non-plug and play device drivers

    Advice! In this directory you can also remove old drivers, installed by programs that have already been uninstalled from Windows (for example, the Comodo firewall package).

    USB controllers

    Disk devices

    This device section displays installed drivers for flash drives, readers, and hard drives. Transparent object icons indicate that they are not in use (not connected). This means you can safely get rid of them.

    11. Once cleaning is complete, restart your PC.

    Automatic removal by USBDeview utility

    1. Copy to address bar browser this link - http://www.nirsoft.net/utils/usb_devices_view.html#DownloadLinks (official website of the utility). And then press "ENTER".

    2. On the page that opens:

    • if you have a 32-bit system, click the first link “Download USBDeview”;
    • if 64-x, the second - “... for x64 systems”.

      • 3. Unpack the downloaded archive: right-click on it → select “Extract all...” → in the “Extract...” window, click “Extract”.

      4. Open the unzipped folder. Run with administrator rights executable file USBDeview.

      5. The utility window displays a list of all drivers installed in the system. Disabled elements are marked with red “chips”.

      To remove a driver from Windows, select it with a mouse click, and then click the “Trash” icon in the USBDeview panel. Or right-click on it and select in context menu"Uninstall Selected Devices".

      Note. In addition to the removal function, USBDeview allows the user to disable/enable the driver and view its properties.

      Removing all USB device drivers

      Global driver cleaning can be performed using the DriveCleanup utility (download link - http://uwe-sieber.de/files/drivecleanup.zip).

      1. Unpack the archive downloaded to your computer.

      2. If you have 32-bit Windows, open the “Win32” folder; if you have 64-bit, open the “x64” folder.

      3. Run the “DriveCleanup” file as administrator.

      After launch, the utility will automatically perform cleaning. When the procedure is complete (when the message “Press any key” appears in the console window), press any key.

      Good luck in setting up the system!


      izbavsa.ru

      Let's cover our tracks. How to make Windows delete history, logs, caches and forget everything

      Lists of open files and devices connected via USB, browser history, DNS cache - all this helps to find out what the user was doing. We have compiled step by step instructions how to remove traces of your activities in different versions Windows, Office and popular browsers. At the end of the article you will find several scripts that will help you automatically keep your machine clean.

      1. Clear lists of recent places and programs

      Let's start cleaning with lists of recent places and programs. The list of recent (in Windows 10 - frequently used) programs is in the main menu, and the list of recent places is in Explorer.

      How to turn off this disgrace? In Windows 7, right-click on the “Start” button, select “Properties” and in the window that appears, uncheck both boxes in the “Privacy” section.

      Disable storage of the list of recent programs in Windows 7

      To clear the list of recent places and documents, you need to delete the contents of the %appdata%\Microsoft\Windows\Recent directory. To do this, open command line and run two commands:

      It also wouldn't hurt to delete the contents of the %appdata%\microsoft\windows\recent\automaticdestinations\ directory. It stores the latest files that appear in the jump list:

      To ensure that recent files are cleared automatically when you exit, you must enable the "Clear the history of recently opened documents on exit" policy, which is located in the "User Configuration\Administrative Templates\Start Menu and Taskbar" section.

      Now let's move on to Windows 10. You can disable the list of recently added and frequently used applications through the Settings window. Open it and go to the “Personalization” section, “Start”. Turn off everything that is there.

      Disabling program list storage in Windows 10

      It seems that the problem has been solved, but this, alas, is not entirely true. If you enable these parameters again, then all lists with the same composition will appear again. Therefore, you will have to disable this feature through Group Policy. Open gpedit.msc and go to User Configuration\Administrative Templates\Start Menu and Taskbar. Enable the following policies:

      • “Clearing the list of recently used programs for new users”;
      • “Clear history of recently opened documents on exit”;
      • “Clear notification log on tile when exiting”;
      • “Remove the list of programs pinned to the Start menu.”

      Group Policy

      Clearing recent places in Windows 10 is easier than in Windows 7. Open File Explorer, go to the View tab and click the Options button. In the window that appears, disable the “Show recently used files in the Quick Access Toolbar” and “Show frequently used folders in the Quick Access Toolbar” options. Don't forget to click the "Clear" button.

      Options Windows folders 10

      As you can see, such a simple task as cleaning up the last objects has a rather complicated solution. Without editing group policies - nowhere.

      2. Clear the list of USB drives

      At some sensitive facilities, only flash drives registered in the log are allowed to be connected to the computer. Moreover, as usual, the magazine is the most ordinary one - paper. That is, the computer itself does not in any way restrict the connection of unregistered drives. It doesn’t limit, but it records! And if during the check it is discovered that the user connected unregistered drives, he will have problems.

      We under no circumstances advise you to try to steal military secrets, but the ability to clear the list of recently connected drives can be useful in other life situations. To do this, look at the following registry keys:

      Here they are - all the drives that you connected to your computer.

      Registry section with drive connection history

      It would seem that you just need to take it and clean everything. But it was not there! Firstly, the permissions for these registry branches are set in such a way that you cannot delete anything even in “seven”, not to mention “ten”.

      Secondly, assigning rights and permissions manually takes a long time, especially if there are many drives. Thirdly, administrator rights will not help. The screenshot above was created when I performed the delete operation with admin rights. Fourthly, in addition to these two sections, you need to clean a long list of sections. Moreover, they need not just to be deleted, but to be edited correctly.

      If for some reason you need to do everything manually, then look for keywords MountPoints, MountedDevices DeviceClasses and RemovableMedia. But it's much easier to use ready-made program who will do everything for you. Some forums recommend USBDeview for this. However, I tested it and declare that it does not clear information from all the necessary sections. USBSTOR And USB continue to contain information about connected media.

      I can recommend USB program Oblivion. Run it, check the “Perform real cleaning” checkbox. You can turn on the “Save .reg cancel file” option or not, but if the goal is not to test the program, but to prepare for an upcoming computer inspection, then it’s better to turn it off.

      USB Oblivion

      The program not only cleans the registry, but also displays a detailed log of its actions (see below). When it finishes, there will be no mention of connecting drives to the computer.

      USB Oblivion in action

      3. Clear cache and browser history

      The third point in our tutu is clearing the cache and browser history. There are no difficulties here - each browser allows you to reset the list of recently visited sites.

      Continuation is available only to subscribers

      Option 1. Subscribe to Hacker to read all materials on the site

      Subscription will allow you to read ALL paid materials on the site within the specified period. We accept payment bank cards, electronic money and transfers from accounts mobile operators. More about subscription

      Option 2. Buy one material

      Interested in information, but can't pay for a subscription? Then this option is for you! Please note: this purchase method is only available for content published more than two months ago.

      How to remove traces of a flash drive in Windows?

      How to remove traces of a flash drive in Windows

      Flash drive – uses flash memory. Convenient and quite common among users of individual computers. In individual cases, there is a need to work with a flash drive, but the traces left on the computer are not needed. This is possible in the case where the employer prohibits the use of any unregistered storage medium. Or in order to maintain the confidentiality of the presence of a flash drive on someone else’s computer, in order to avoid leakage of valuable information, theft intellectual property, trade secrets, maintaining high level information security or infection computer networks malicious computer software, viruses, computer worms. This causes not only material damage, but also damage to the company's image. There is an option to prohibit off-duty use computer equipment And software employer. Flash drives differ in the amount of information they can hold, their manufacturing companies, their design, and their sizes, but the principle of storing information about them in the computer’s memory is the same.

      There are several options for removing traces of a flash drive. Let's look at options for removing traces of a flash drive from Windows memory using specific examples:

  1. Removing traces of a flash drive manually. After finishing working with the flash drive and disconnecting it from the computer, do the following:
    • Press start
    • Select the Execute line,
    • Type REGedit and click ok.

    2. From the registry branches that appear, select HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\
    WINDOWS\setupapi.log

    It is in them that the history of connecting flash drives is saved.

  2. In each folder, by right-clicking and selecting “delete”, we erase the information about the flash drive.

This option is only possible if you log into WINDOWS as an administrator. Under the name user or user, you will not be able to remove traces of the flash drive manually, you need to change the user.

To change your username: Click Start, select Settings menu bar, Control Panel, go to Administrative Tools, select Computer Management, and change the name from User to Administrator. In individual cases this cannot be done due to the simplicity installed version for users. Then, we advise you to use the second option.

As a result of manual cleaning, invalid links may appear in the registry, so some specialists do not encourage its use.

2. Removing traces of a flash drive using utility programs. This method is faster and better quality. The downloaded programs will repeatedly come to your aid in matters related to cleaning registries. The algorithm of actions in this case is as follows. Let's look at it using a specific example:

  • The work with the flash drive is finished. Get her out.
  • Download the USBDeview program from the Internet to your desktop. This is a utility that displays a list of all previously connected to your personal computer: mobile phone, flash drive, etc. Not only the time of the last connection is indicated, but also serial numbers device, its description. You can download the program for free. Designed for Windows 2000/XP/Vista/Server 2003/Seven ( OS) on English language. Developed - in 2006, Latest updates— in October 2010.
  • In the folder copied to your desktop, select the compressed zip folder – USBDeview, and extract all the files from it.
  • Open the newly created folder on your desktop and run the utility program by clicking

    • Our flash drive was identified as second on the list. Copy the program USBOblivion utility to your desktop from the Internet. This free program, designed to remove traces of connections from CD-ROMs and USB drives. Removes Windows 2000, Windows XP, Windows 2003 from the registry, Windows Vista, Windows 7. There are both 32 and 64 versions.

    The USB Oblivion utility is designed to erase traces of connecting USB drives and CD-ROMs from Windows memory 7, Windows 2000, Windows 2003, Windows XP, Windows Vista, both 32 and 64 bit versions. There are 4 versions of the program, 1.3.0.0. is the latest and most updated, automatic disk shutdown has been added. The program is fully automated, more automated, its plus is that it can clean USB Sidi-roms.

    Disable everything USB devices from the computer. The program does not erase anything by default, do not forget to check the appropriate box. Reg file is created in the Documents folder and is created with a detailed report.

    ·In the folder copied to your desktop, select USB Oblivion 32 (compressed Zip folder), extract all files from it. They will be copied to a separate folder, which you will find on your desktop.

    Open the usboblivion folder, open USBOblivion32.exe (cleanup utility).

    Select the checkbox: perform real cleaning and click the cleaning button.

    Check the result using the USBDeview program..

    Here's what happened in our case:

    Traces of our flash drive in Windows have been deleted. We wish you successful work too. It is convenient to deal with this program, it is reliable, and, most importantly, it is free to download.

    We looked at an example of deleting information about a flash drive using the example specific program. Today the Internet offers a large selection of programs from different manufacturers. It is possible to use a flash drive so that there is no information left about it at all and then you don’t have to delete it. To do this, install a Russian tweaker on a flash drive that works without installation. After launching it, in the settings, indicate not saving the document history, search history, etc. Select the item: “Clear paging file”. Don't forget to disable the Recycle Bin before turning off or restarting your computer. Before removing the flash drive, you must close the edited or simply open files. Otherwise, there will be a lot of temporary files left. A good option would be to create a default temporary folder in Word and empty it from time to time. Review Word settings, document history: click deny. Right-click on My Computer, select Manage, then Device Manager. Turn on View menu, select: show hidden devices. Remove pale gray devices, i.e. missing in the “Storage Volumes” and “Universal Serial Controllers” sections. USB bus." Experiment, choose the option that suits you.

    Sometimes it becomes necessary to disable USB ports on a computer or laptop in order to limit access by connecting flash drives, hard drives and other USB devices. Disabling USB ports will help prevent the connection of any drives that could be used for theft important information or cause your computer to become infected with a virus and spread malicious software through local network.

    Restricting access to USB ports

    Let's consider 7 ways, with which you can block USB ports:

    1. Disabling USB through BIOS settings
    2. Changing registry settings for USB devices
    3. Disabling USB ports in Device Manager
    4. Uninstalling USB controller drivers
    5. Using Microsoft Fix It 50061
    6. Using additional programs
    7. Physical disabling USB ports

    1. Disabling USB ports through BIOS settings

    1. Sign in BIOS settings.
    2. Disable all items related to the USB controller (for example, USB Controller or Legacy USB Support).
    3. After you have made these changes, you need to save the settings and exit the BIOS. This is usually done using the key F10.
    4. Restart your computer and make sure the USB ports are disabled.

    2. Enable and Disable USB Drives Using Registry Editor

    If disabling via BIOS does not suit you, you can block access directly in the Windows OS itself using the registry.

    The instructions below allow you to block access to various USB drives (for example flash drives), but other devices such as keyboards, mice, printers, scanners will still work.

    1. Open the Start menu -> Run, enter the command " regedit" and click OK to open the Registry Editor.
    2. Continue to next section

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

    3. On the right side of the window, find the item “ Start” and double-click on it to edit. Enter value " 4 » to block access to USB storage devices. Accordingly, if you enter the value again “ 3 ", access will be reopened.

    Click OK, close Registry Editor, and restart your computer.

    The above method only works when installed driver USB controller. If for security reasons the driver has not been installed, the "Start" parameter value may be automatically reset to "3" when the user connects USB drive and Windows will install the driver.

    3. Disable USB ports in Device Manager

    1. Right-click on the " Computer" and select the "Properties" item in the context menu. A window will open on the left side of which you need to click on the link “ device Manager».
    2. In the device manager tree, find the item " USB controllers" and open it.
    3. Disable controllers by right-clicking and selecting the "Disable" menu item.

    This method doesn't always work. In the example shown in the figure above, disabling the controllers (the first 2 points) did not lead to the desired result. Disabling the 3rd option (USB Mass Storage Device) worked, but this only allows you to disable a single instance of the USB storage device.

    4. Removing USB controller drivers

    Alternatively, to disable ports, you can simply uninstall USB driver controller. But the disadvantage of this method is that when the user connects a USB drive, Windows will check for drivers and, if they are missing, will offer to install the driver. This in turn will allow access to the USB device.

    5. Prevent users from connecting USB storage devices using a Microsoft application

    Another way to deny access to USB drives is to use Microsoft Fix It 50061(http://support.microsoft.com/kb/823732/ru - the link may open near the mituta). The essence of this method is that 2 conditions for solving the problem are considered:

    • The USB drive has not yet been installed on the computer
    • The USB device is already connected to the computer

    Within the scope of this article, we will not consider this method in detail, especially since you can study it in detail on the Microsoft website using the link given above.

    It should also be noted that this method is not suitable for all versions of Windows OS.

    6. Using programs to disable/enable access to USB storage devices

    There are many programs for setting access restrictions USB ports. Let's consider one of them - the program USB Drive Disabler.

    The program has a simple set of settings that allow you to deny/allow access to certain drives. USB Drive Disabler also allows you to configure alerts and access levels.

    7. Disconnecting USB from the motherboard

    Although physically disconnecting USB ports on motherboard is an almost impossible task, you can disable the ports located on the front or top of the computer case by disconnecting the cable going to the motherboard. This method will not completely block access to USB ports, but will reduce the likelihood of using drives by inexperienced users and those who are simply too lazy to connect devices to the back of the system unit.

    ! Addition

    Denying access to removable media through the Group Policy Editor

    In modern Windows versions it is possible to restrict access to removable storage devices (including USB drives) using the local editor group policy.

    1. Run gpedit.msc through the Run window (Win + R).
    2. Go to the next branch " Computer Configuration -> Administrative Templates -> System -> Access to Removable Storage Devices»
    3. On the right side of the screen, find the “Removable drives: Deny read” option.
    4. Activate this option ("Enable" position).

    This section of Local Group Policy allows you to configure read, write, and execute access for different classes of removable media.

    And so let's get straight to the point.

    Briefly about methods for cleaning traces of USB connections

    1. Cleaning the registry- most affordable way, but for an inexperienced user it may be too difficult to implement since it will be necessary to go into the registry (in the heart of Windows) and delete traces there. For administrators, this method is acceptable if there are not many computers.
    2. Cleaning with DriveCleanup and USBDeview programs- the simplest and most convenient way, just run these two utilities and these little programs will do their job. Why did I indicate two programs, because I noticed that separately, each of them does not completely clean, and after processing with two, traces cannot be detected.
    3. H cleaning using fepstools and cleaning utilitiesthis method suitable for cleaning marks UBS all computers on the enterprise network. This method uses special program fepstools which allows you to run other programs in hidden mode, i.e. cleaning utilities.

    Let's consider the first method. Cleaning the registry

    Opening Start -> Pull it out or in search bar team regedit. If you have Windows 8.1, the easiest way is to create special shortcut for launching console commands . To do this, on the desktop screen, right-click and select create shortcut, and in the label we write cmd On the created shortcut cmd right-click and run as administrator. In the screen that opens, enter the command we need in our case regedit

    Information about connected devices is located in the following path

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UsbEStub

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR

    An example record like VID_058F&PID_6366 shows what kind of device was connected. The VID parameter is the serial number of the device, and the full record of the serial number can be seen by opening the folder VID_058F&PID_6366, then we will see this number 058F63666438, this is the serial number of our device.