[CCleaner can't delete all traces ?]

Google Translater #63 - some things are strange for me in this translation - hope you'll understand - so please don't laugh.

 

CCleaner is a very good, powerful (and free) program that will detect as his equal. My compliments to the developers who have accomplished something.

 

Windows is a data collector, but I do not primarily to spy on users, but it is easy to make them (think of the Unix times, at the command prompt, etc.). This "Just Do" poses many dangers, however, and many programs leave traces and are not designed to the computer so they leave as they found him when they are uninstalled.

 

I was amazed how many residues or residues were found after I had used CCleaner. The small program by Nir Sofer, however, showed traces of which I thought they should not really be there, I had the options in the start menu / deselected Policy. Now, however, they were there - and even by non-affiliated removable media! This was the reason to sign me in this professional forum - I wanted to help and support - and of course I tried to find a solution.

 

So I looked for the place where the information was stored - initially unsuccessful. I conducted telephone calls with software developers, found so few in the net and learned over the course of this search. Here is a guess, there is a reference or a new concept. I did not stop, however, was initially on the wrong track, namely forensics. I now sought a program that was able to delete file-Slack (Slack & Ram Drive Slack) and MTF-Slack, or to overwrite. Looking for it, I found the way the program by Juergen Haage - and the entries were gone with one click.

 

Nir Sofer has not responded to the request (he is too busy to be) where the program has the information displayed and it was coming to a roundabout way behind. The information was there, and also in the registry, it's not made in plain text. I was looking for a program that was able to show changes in the registry and on. So I came up with this and their sub keys that have been deleted.

HKU \ S-1-5-21 / ̴ ̴ ̴/--1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1

These were modified

HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ NodeSlots
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ NodeSlots
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 ... \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ AllFolders \ Shell \ WinPos
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ AllFolders \ Shell \ WinPos ...

If all informations are written to HKEY_CURRENT_USER from HKEY_USERS when a user logs in, emptying the HKCU-BagMRUs uses nothing at, because they are on every systemstart again re-read.

 

But even without the program by Juergen Haage it goes. A snapshot before you one or more new folder (s) applies (in this example, only one), then after. When comparing you see the new entries in the registry.

 

Keys added: 12

HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ {5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ {5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}

Values added: 40

HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ NodeSlot: 0x00000A1E
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ MRUListEx: FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 41 FA 5E BE 1B 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000004
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x41200001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local "{137E7700-3573-11CF-AE69-08002B2E1262}"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000004
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000010
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 10 01 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0E 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 04 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0C 00 00 00 50 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 01 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000000
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local "{00000000-0000-0000-0000-000000000000}"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000000
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local 0x00000001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ KnownFolderDerivedFolderType: "{50000098-004F-4462-BB63 -71042380B109} "
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ SniffedFolderType: "Generic"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ NodeSlot: 0x00000A1E
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ MRUListEx: FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 41 FA 5E BE 1B 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000004
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x41200001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local "{137E7700-3573-11CF-AE69-08002B2E1262}"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000004
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000010
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 10 01 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0E 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 04 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0C 00 00 00 50 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 01 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000000
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local "{00000000-0000-0000-0000-000000000000}"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000000
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local 0x00000001
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ KnownFolderDerivedFolderType: "{50000098-004F-4462-BB63-71042380B109}"
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590 \ Shell \ SniffedFolderType: "Generic"

 

After cleaning with the program by Juergen Haage it looked like this

 

Keys deleted: 6

HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0

Values deleted: 12

HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ NodeSlot: 0x00000A1E
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ MRUListEx: FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 41 FA 5E BE 1B 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ NodeSlot: 0x00000A1E
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0 \ MRUListEx: FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ 0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 41 FA 5E BE 1B 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ MRUListEx: 00 00 00 00 FF FF FF FF
HKU \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ BagMRU \ 1 \ 0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

WARNING - I have replaced some pairs of numbers such as A5, F1, etc. by 00!

 

 

Another program by Nir Sofer "ShellBagsView" helped me then these bags-locations for this folder to find (2590)

HKEY_CLASSES_ROOT \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKEY_CURRENT_USER \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKEY_USERS \ S-1-5-21 / ̴ ̴ ̴/-1000 \ Software \ Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKEY_USERS \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590
HKEY_USERS \ S-1-5-21 / ̴ ̴ ̴/-1000_Classes \ Local Settings \ Software \ Microsoft \ Windows \ Shell \ Bags \ 2590

- Amazing here is that the entries in the bags when deleting but apparently play no role and continue to be found in the registry.

 

Finally - I do not blame you CCleaner - he (still) not being able to eliminate these signs - and have never done! Communication difficulties, there are in my native language - they multiply, however, when you are in the foreign language is not fit to resort to cumbersome and a dictionary and what they have learned from days gone by have.

 

But one thing remains - there is a feeling, a feeling for what people are doing to each other - and this is not been a good one.

[CCleaner can't delete all traces ?]

Statement

 

I write in my native language, because then I know exactly what I'm saying and I don't want to be misunderstood. Maybe someone can translate it. I think Google cannot do it alone. All the bad mood, all the ignorance - a pity.

 

CCleaner ist ein sehr gutes, mächtiges (auch kostenloses) Programm, das so seinesgleichen sucht. Meine Hochachtung den Entwicklern, die so etwas zustande gebracht haben.

 

Windows ist ein Datensammler, doch ich glaube nicht primär um Benutzer auszuspionieren, sondern um es ihnen einfach zu machen (man denke an die Unix-Zeiten, an die Eingabeaufforderung,etc.). Dieses „Einfach Machen“ birgt allerdings viele Gefahren in sich und viele Programme hinterlassen Spuren und sind nicht so entwickelt, dass sie den Computer so verlassen wie sie ihn vorgefunden haben, wenn man sie deinstalliert.

 

Ich war erstaunt wie viele Rückstände bzw. Reste zu finden waren, nachdem ich CCleaner angewendet hatte. Das kleine Programm von Nir Sofer zeigte allerdings Spuren, von denen ich meinte, sie dürften eigentlich nicht da sein, hatte ich doch die Optionen im Startmenü / Datenschutz abgewählt. Nun sie waren aber da - und sogar von nichtangeschlossenen Wechselmedien! Dies war der Grund mich in diesem Fachforum anzumelden - ich wollte Hilfe und Unterstützung - und natürlich bemühte ich mich auch eine Lösung zu finden.

 

So suchte ich den Ort wo diese Informationen gespeichert waren - zunächst jedoch erfolglos. Ich führte Telefonate mit Softwareentwicklern, fand so einiges im Netz und lernte im Laufe der Suche dazu. Hier eine Vermutung, dort ein Verweis oder ein neuer Begriff. Ich hörte nicht auf, war allerdings zunächst auf der falschen Fährte, nämlich der Forensik. Ich suchte nun ein Program, das in Lage war File-Slack (Ram-Slack & Drive-Slack) und MTF-Slack zu löschen, bzw. zu überschreiben. Auf der Suche danach fand ich nebenbei das Programm von Jürgen Haage - und die Einträge waren mit einem Klick verschwunden.

 

Nir Sofer hat nicht auf die Anfrage geantwortet (er wird zu sehr beschäftigt sein) von wo sein Programm die angezeigten Informationen hat und so galt es über Umwege dahinter zu kommen. Die Informationen waren da und auch in der Registry, doch eben nicht in Klartext. Ich suchte ein Programm, das Veränderungen in der Registry an- und aufzeigen konnte. So kam ich auf diese und deren Unterschlüssel, die gelöscht wurden.

 

HKU\S-1-5-21-/ ̴  ̴  ̴/--1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1

 

Modifiziert wurden diese

 

HKU\S-1-5-21-/  ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos…
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos…

 

Wenn nun alle Informationen in HKEY_USERS bei der Anmeldung eines Benutzers in HKEY_CURRENT_USER geschrieben werden, nutzt das Leeren der BagMRUs dort (HKCU) nichts, da sie bei jedem Systemstart wieder neu eingelesen werden.

 

Aber auch ohne das Programm von Jürgen Haage geht es. Eine Momentaufnahme bevor man einen oder mehrere neue(n) Ordner anlegt (in diesem Beispiel nur einer), dann eine danach. Beim Vergleich sieht man dann die neuen Einträge in der Registry.

 

Keys added:12

											
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}

 

Values added:40

										
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot: 0x00000A1E
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx: FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 BE 1B 41 FA 5E 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx: 00 00 00 00 FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev: 0x00000004
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 10 01 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0E 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 04 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0C 00 00 00 50 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 01 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\KnownFolderDerivedFolderType: "{50000098-004F-4462-BB63-71042380B109}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\SniffedFolderType: "Generic"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot: 0x00000A1E
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx: FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 BE 1B 41 FA 5E 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx: 00 00 00 00 FF FF FF FF
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev: 0x00000004
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 10 01 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0E 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 04 00 00 00 00 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 0C 00 00 00 50 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 00 25 00 00 00 00 10 00 00 02 60 00 00 00 00 00 00 00 00 01 00 00 00
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\KnownFolderDerivedFolderType: "{50000098-004F-4462-BB63-71042380B109}"
			HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590\Shell\SniffedFolderType: "Generic"				

 

Nach der Reinigung mit dem Programm von Jürgen Haage sah es dann so aus [

Keys deleted:6

																														
HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0									

 

Values deleted:12

														

HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot: 0x00000A1E
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx: FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 BE 1B 41 FA 5E 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx: 00 00 00 00 FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot: 0x00000A1E
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx: FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0: 50 00 31 00 00 00 00 00 1B 41 65 00 10 00 00 61 72 00 69 00 00 00 3A 00 08 00 04 00 00 BE 1B 41 FA 5E 1B 41 65 00 2A 00 00 00 17 24 01 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 72 00 00 00 69 00 00 00 00 00 16 00 00 00
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx: 00 00 00 00 FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx: 00 00 00 00 FF FF FF FF
							HKU\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0: 19 00 2F 43 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

ACHTUNG - Ich habe einige Zahlenpaare wie A5, F1, usw. durch 00 ersetzt!

 

 

 

Ein anderes Programm von Nir Sofer „ShellBagsView“ half mir dann weiter diese Bags-Orte für diesen einen Ordner (2590) zu finden

HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
HKEY_USERS\S-1-5-21-/ ̴  ̴  ̴/-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
HKEY_USERS\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590
HKEY_USERS\S-1-5-21-/ ̴  ̴  ̴/-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2590

- erstaunlich ist hierbei, dass die Eintragungen in den Bags beim Löschen aber anscheinend keine Rolle spielen und weiterhin in der Registry zu finden sind.

 

Zu guter Letzt - ich mache CCleaner keinen Vorwurf, das er (noch) nicht in der Lage ist diese Spuren zu beseitigen - und habe es niemals getan! Kommunikationsschwierigkeiten gibt es auch in meiner Muttersprache - sie potenzieren sich allerdings, wenn man in der jeweiligen Fremdsprache nicht fit ist und sich mühselig auf ein Wörterbuch und das Gelernte aus längst vergangenen Tagen zurückgreifen muss.

 

Aber eines bleibt - es gibt ein Gespür, ein Gefühl für das, was sich Menschen einander antun - und das ist hier kein gutes gewesen.

[CCleaner can't delete all traces ?]

Many Shell bags, including all five you show in are recreated by windows during startup because shellbags are created as things are accessed by the computer

why do you write this to me???

didn't you read this!?

• HKEY_USERS http://de.wikipedia....ssel_HKEY_USERS
  This master key contains the user-specific configuration information of all users who are currently logged on to the system. Only when the user logs in - the configuration data will copied from HKEY_USERS in the user-specific key HKEY_CURRENT_USER
  

in #31 you see all the deleted keys and values - tested on my mashine - and it works! You wrote CCleaner only cleans for the current user. I wrote all changes happen in HKEY_Users - read the lines above again.

The second two are a user of that machine (and if it's the current user then entry one and two are the exact same entry

We can meet us in "The Red Lion" - may be you mean the one in London and I the one in Würzburg. There is no match

 

Have you understand what I wrote - never! All the things in the screenshots happened. The only nebulous things here are your - sorry - stupid thoughts!

Wake up!

You should do what do you ask me for - my system works - I’m not interested in any winapp2.ini or CCleaner. I was astonished that CCleaner can’t do what I and many friends have had expected.

First I've had only a question, then I found answers and then a greenhorn like you wants ready answers and tested solutions that are themselves not yet found by the developers - what a joke!

[CCleaner can't delete all traces ?]

• grmml developer nrrgh cleaner bla bla bla privacy
  
• Words are flowing out like endless rain into a paper cup
  they slither while they pass, they slip away across the universe…
  no direct contact to developers - mmmh
  Jai guru deva om
  
• #42
  

[CCleaner can't delete all traces ?]

• The Nir Sofer-utility ShellBagsView http://www.nirsoft.n..._bags_view.html shows me for example number 2531(folder etc)
  
• In the registry I found this number 2531 (folder etc) four times
  
• HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\2531\Shell…
  HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2531\Shell…
  HKEY_USERS\S-1-5-21-//-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2531\Shell…
  HKEY_USERS\S-1-5-21-//-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2531\Shell…
  
• all changes when going into the folders (screenshot #42) or cleaning it (screenshot #31) were in HKEY_USERS-//-
  
• @radonflex - If you have deleted everything on your way, it stays that way when you restart the Computer?
  

[CCleaner can't delete all traces ?]

• HKEY_USERS http://de.wikipedia....ssel_HKEY_USERS
  This master key contains the user-specific configuration information of all users who are currently logged on to the system. Only when the user logs in - the configuration data will copied from HKEY_USERS in the user-specific key HKEY_CURRENT_USER
  
• reverse
  
• I cleaned the registry
  
• made a “regshot”
  
• opend this path c:\windows\system32\drivers\etc
  
• second “regshot” and compared
  
• (my) windows 7 x64bit made no changes in HKEY_CURRENT_USER but in HKEY_USERS
  

[CCleaner can't delete all traces ?]

I have tried the third party plugins (Winapp2.ini) with all options checked and still it fails to remove this history.

After downloading the latest WinApp2.ini file into my 3.24 version of CCleaner on my 32 Bit 7, I found that even after checking all extra items & running CCleaner, it still showed things that had run in the past.

 

 

HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU

 

...compare this entries in Winapp2.ini and the screenshot above - look and see!

We can meet us in "The Red Lion" - may be you mean the one in London and I the one in Würzburg. There is no match

Do you tried LastActivityView. Does your Winapp2.ini work?

[CCleaner can't delete all traces ?]

• @ CCman
  

Something of our own: I don’t understand ironic comments or idioms, because it's the

meaning that is meant - not the direct translation of words. A german example: "Da brat mir

einer ‘nen Storch* " -> "Fry me a stork" <- does it make sence to you?

• *It’s an expression of great astonishment.
  What is meant is that there is something so amazing, unusual, such as frying a stork would be.
  You'll may say it if anybody tells you the world is a cube.
  

[CCleaner can't delete all traces ?]

• A backup is still required!
  
• Perhaps it is a little help to study the comments of the VBS script from http://www.jhouseconsulting.com.
  However, it is for XP. Look here: SetExplorerViews.vbs (link in #31)
  

[CCleaner can't delete all traces ?]

• “There must be some kind of way out of here, there's too much confusion, I can't get no relief - but may be now!” - modified text of Jimi Hendrixs all along the watchtower
  
• Most of the NirSoft utilities were developed in C++
  
• I tried to decompile LastActivitiesView - no success
  
• I've been thinking hard about everything again to find a solution - and...
  
• I watched the registry activities before and after running the tool of Jürgen Haag - success
  
• <sarcasm>aim is not to compare {edit}, but find a solution </sarcasm>
  
• 
  
• my system - win7 64bit
  
• may be the following link is helpfully for the developers
  
• http://www.jhouseconsulting.com/2009/05/09/mastering-the-default-explorer-views-for-windows-xp-and-2003-280
  

[CCleaner can't delete all traces ?]

facts - I tell / told you - for a better CCleaner

• Nir Sofer developes a tool that shows entries made by windows (works on any version of Windows, starting from Windows 2000 and up to Windows 8 - 32bit & 64bit systems are supported).
  
• the tool from Jürgen Haage deletes this entries
  
• it seems that there exactly two people*^#35 know in this world, where these information’s are stored - Nir Sofer and Jürgen Haage
  
• I wish CCleaner may remove these things also
  
• I have a solution for the symptoms, and you should find the cause
  
• whose interface looked cribbed from ccleaner - what an ugly and wrong information
  
• we can change the world, when we love our enemies
  
• recognize help when it is given
  
• In Germany there are bulbs that can burn 5000 hours, but no normal person can buy it. They are only for traffic lights so they do not often need to be serviced. Ordinary consumers must change every 1000 hours - isn’t it a pity? Think about it!
  
• 
  
• do it
  

[CCleaner can't delete all traces ?]

Hi

{HEAVILY EDITTED BY NERGAL}While the user was able to learn what it was that needed cleaning through a second cleaning software, they did not report what extra needed cleaning. Regrettably I had to change this post as it did not follow forum rules and standards{END EDIT}

 

Hi

• my list from LastActivityView is clean - wow
  
• There is no answer from Nir Sofer (I didn't know that this is his name )
  
• I've learned many about File-Slacks http://de.wikipedia....wiki/File-Slack - they are not the cause of the entries
  
• no forensic-cleaner is needed
  
• I tried a 15 days testversion from Jürgen Haage (there is an english version too).
  
• just one short click there (Gespeicherte Explorer-Ansicht-Einstellungen) - and aaaahh nodocodon
  
• never long lists again
  

[CCleaner can't delete all traces ?]

Thank you all - thank you hazelnut

 

The informations are not from the registry, any (prefetch-)cache or (event-)logs.

Tools like CCleaner-Enhancer, TuneUp, Glary, Tweakme and Seven Clean 2013 have no effect.

 

Please - is here anybody who can talk/write with the NirSoft-developer to ask where the informations come from?

I’m sitting here with my „Langenscheidt - Großes Schulwörterbuch Deutsch - Englisch | Englisch - Deutsch“ and I have problems to find the suitable words and sentence constructions - it’s so hard.

Feedback-Nirsoft

If you have any problem, suggestion, comment, or you found a bug in my utility, you can send a message to nirsofer@yahoo.com

[CCleaner can't delete all traces ?]

Thank you for your answer Alan_B

I found out, that NirSoft detects only the first time you open a folder. I renamed one and I got a new entry - then I renamed it again (back to the old name).

==================================================

Handlungszeitpunkt: 28.10.2012 13:05:10

Beschreibung : Ordner im Explorer betrachtet

Dateiname : +CCleaner test

Pfad : D:\+CCleaner test

Zusatzinformationen:

================================================this folder didn’t exist anymore but I have the information in NirSoft - LastActivityView

 

==================================================

Handlungszeitpunkt: 28.10.2012 13:04:16

Beschreibung : Ordner im Explorer betrachtet

Dateiname : CCleaner test

Pfad : D:\CCleaner test

Zusatzinformationen:

==================================================I opend this folder after renaming again ->no other timestamp

 

NirSoft - LastActivityView detects the folders and pathes from extern HDDs and USB-Sticks as well. So where is the memory of all these not existing files and folders?

[CCleaner can't delete all traces ?]

Hello

I thought CCleaner can delete all traces of activity - that seems not true.

I found a long list of all visited files and folders after! running CCleaner since I bought my PC in june up today.

 

A sample:

==================================================

Handlungszeitpunkt: 04.06.2012 06:29:20

Beschreibung : Ordner im Explorer betrachtet

Dateiname : +Java+

Pfad : V:\TWEAKs\+Java+

Zusatzinformationen:

==================================================

 

I used this new tool from NirSoft - LastActivityView

http://www.nirsoft.n...ivity_view.html

to display all those entries.

• Open file or folder: The user opened the specified filename from Windows Explorer or from another software.
  
• View Folder in Explorer: The user viewed the specified folder in Windows Explorer.
  

How can I delete all this traces - please help - I have no idea where the informations came from - oh and it’s not Rot13-coded

 

P.S. sorry - my English is not the best