Fehler 42056 // Archiv sei kennwortgeschützt

Non-English Boards Deutsch
1

Hallo Forum,

ich bin erst seit kurzem bei Windows und habe aber seit Anfang an Avast.
Vor kurzem habe ich mir anscheinend einen Videoplayer runtergeladen, bei dem dann aber die ganze Zeit etwas aufpoppte und avast mir Warnungen schickte.

Alles deinstalliert, avast ständig am Diskette untersuchen. Aber seitdem tauchen Dateien auf, die nicht gelöscht werden können.

Ich zitiere: “Fehler: Archiv ist kennwortgeschützt. (42056)”

Was hat es damit auf sich?

Und kann mir jemand sagen, wie ich herausfinden kann, ob mein System wirklich in Ordnung ist?
Ich bin gerade etwas paranoid und mir scheint, als funktionieren ein paar Dinge nicht mehr so einwandfrei, wie sie eigentlich sollten.

Vielen lieben Dank schon mal.

Roberto

2

Hallo und Willkommen im Forum! :slight_smile:

Das bedeutet genau das was da steht: Das Archiv ist passwortgeschützt und kann deshalb nicht entpackt und geprüft werden. Das kommt öfters bei temporären Adobe-Dateien vor. Kannst du vielleicht einen Screenshot der Meldung posten?

DJBone

3

Wow, danke für die rasche Antwort.
Hätte erst morgen mit etwas gerechnet, deswegen habe ich nicht sofort nachgesehen.

Einen Screenshot hänge ich hier an.

4

Danke für den Screenshot. Um zu überprüfen ob eine Malware-Infektion vorliegt, folge bitte diesen Anweisungen: http://forum.avast.com/index.php?topic=102616.msg821671#msg821671 Ein Malware-Spezialist wird sich dann darum kümmern.

DJBone

PS: Du solltest deine Email verstecken um dich vor Spam zu schützen: http://forum.avast.com/index.php?topic=81777.msg680473#msg680473

5

Email-Adresse sollte nun versteckt sein. Danke für den Rat.

Hier der Report:

AdwCleaner v3.006 - Bericht erstellt am 05/10/2013 um 23:50:00

Updated 01/10/2013 von Xplode

Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

Benutzername : rw - RW-THINKS

Gestartet von : C:\Users\rw\Desktop\adwcleaner.exe

Option : Suchen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\rw\AppData\Roaming\Mozilla\Firefox\Profiles\gp8b212g.default\foxydeal.sqlite
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden C:\Program Files (x86)\BonanzaDealsLive
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\ProgramData\BonanzaDealsLive
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\Users\rw\AppData\Local\BonanzaDealsLive
Ordner Gefunden C:\Users\rw\AppData\Roaming\Mozilla\Firefox\Profiles\gp8b212g.default\jetpack
Ordner Gefunden C:\Users\rw\AppData\Roaming\OpenCandy
Ordner Gefunden C:\Users\rw\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\smartbar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\smartbar
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\quickshare_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browser ] *****

-\ Internet Explorer v10.0.9200.16686

-\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\rw\AppData\Roaming\Mozilla\Firefox\Profiles\gp8b212g.default\prefs.js ]

Zeile gefunden : user_pref(“extensions.helperbar.DockingPositionDown”, false);
Zeile gefunden : user_pref(“extensions.helperbar.SmartbarDisabled”, false);
Zeile gefunden : user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false);
Zeile gefunden : user_pref(“extensions.helperbar.Visibility”, false);
Zeile gefunden : user_pref(“extensions.helperbar.countryiso”, “de”);
Zeile gefunden : user_pref(“extensions.helperbar.downloadprovider”, “quickobrw”);
Zeile gefunden : user_pref(“extensions.helperbar.installationid”, “fa20ede3-856b-c4c1-c33a-3d2c88f9acf7”);
Zeile gefunden : user_pref(“extensions.helperbar.installdate”, “19/09/2013”);
Zeile gefunden : user_pref(“extensions.helperbar.publisher”, “quickobrw”);

-\ Google Chrome v

[ Datei : C:\Users\rw\AppData\Local\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R0].txt - [4383 octets] - [05/10/2013 23:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4443 octets] ##########

6

Jetzt bitte noch die restlichen Logs als Anhang posten (MBAM, OTL und aswMBR). essexboy (Malware-Spezialist) wurde von mir informiert. Es kann aber bis morgen dauern bis er sich (auf englisch) meldet.

DJBone

7

the otl-report

8

kann ich die programme eigentlich schließen. oder soll ich nach den reports irgendetwas machen. die dateien löschen oder sowas?

9

Du kannst die Programme schliessen aber noch nicht löschen.

DJBone

10

Danke für deine Hilfe.

Hier die malwarebyte-Log

11

Bitte noch einmal scannen und in den Ergebnissen alles auswählen und auf entferne Auswahl klicken.

12

Bei MBAM reicht der Quick-Scan aus. Die gefundenen Objekte kannst du löschen lassen.

DJBone

13

Guten Morgen, könnte lassen Sie mich wissen, ob die Warnungen angehalten

Good morning, could you let me know if this stops the alerts

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1%20%26%26%20url.indexOf('.png')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
[2013.09.18 20:19:54 | 000,377,153 | ---- | M] () (No name found) -- C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.08.16 09:55:44 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2013.08.23 11:02:04 | 000,185,254 | ---- | M] () (No name found) -- C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi
O2 - BHO: (Citavi Picker) - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3457439120-252626499-411125736-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [ColdTurkey_notify] C:\Program Files\ColdTurkey\ct_notify.exe File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
[2013.10.03 12:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2013.10.03 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013.10.03 12:16:34 | 000,000,000 | ---D | C] -- C:\Users\rw\AppData\Local\BonanzaDealsLive
[2013.10.03 12:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013.10.03 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013.10.03 12:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

14

Good morning,

I followed all steps and restarted my computer. what should I do know?

a txt-file popped up and said this:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20’http%3A%2F%2Fwww.crunchyroll.com*‘)%20%7C%7C%20url.indexOf(‘discoverymedia.com’)%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fdsc.discovery.com%2F*’)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fsongza.com*‘)%20%7C%7C%20host%20%3D%3D%20’s.hulu.com’%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fplay.spotify.com*‘)%20%7C%7C%20shExpMatch(url%2C%20’https%3A%2F%2Fplay.spotify.com*’)%20%7C%7C%20shExpMatch(url%2C%20’https%3A%2F%2Fwww.spotify.com*‘)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fwww.spotify.com*’)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fgrooveshark.com*‘)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fretro.grooveshark.com*’)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fhtml5.grooveshark.com*‘)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Flisten.grooveshark.com*’)%20%7C%7C%20shExpMatch(url%2C%20’http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMat removed from network.proxy.autoconfig_url
C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi moved successfully.
C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi moved successfully.
C:\Users\rw\AppData\Roaming\mozilla\firefox\profiles\gp8b212g.default\extensions{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{609D670F-B735-4da7-AC6D-F3BD358E325E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{609D670F-B735-4da7-AC6D-F3BD358E325E}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3457439120-252626499-411125736-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpywareTerminatorUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ColdTurkey_notify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DivXMediaServer deleted successfully.
C:\Program Files (x86)\File Type Assistant folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\Users\rw\AppData\Local\BonanzaDealsLive\CrashReports folder moved successfully.
C:\Users\rw\AppData\Local\BonanzaDealsLive folder moved successfully.
C:\ProgramData\BonanzaDealsLive\Update\Log folder moved successfully.
C:\ProgramData\BonanzaDealsLive\Update folder moved successfully.
C:\ProgramData\BonanzaDealsLive folder moved successfully.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports folder moved successfully.
C:\Program Files (x86)\BonanzaDealsLive folder moved successfully.
C:\Program Files (x86)\BonanzaDeals folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: rw
->Temp folder emptied: 1154109245 bytes
->Temporary Internet Files folder emptied: 278439427 bytes
->Java cache emptied: 1734830 bytes
->FireFox cache emptied: 390485783 bytes
->Google Chrome cache emptied: 8381192 bytes
->Flash cache emptied: 98977 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161677184 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.903,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10062013_120737

Files\Folders moved on Reboot…
C:\Users\rw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\rw\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\FireFly(20131006092503C14).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131006092503C14).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131006092503C14).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

15

Is the computer behaving normally now or are you getting Avast alerts ?

Verhält der Computer normalerweise jetzt oder bekommen Sie Avast Warnungen?

16

thanks for your help.
but nothing has changed.

shall I reuse OTL and the adwccleaner again?

17

Those are just warnings and can be safely ignored.

The files that are indicated have a password protection and Avast does not know it and so cannot access the file.

They are files placed on the hard drive by your computer manufacturer

http://forums.lenovo.com/t5/X-Series-ThinkPad-Laptops/Is-there-anything-in-SWTOOLS-that-I-actually-need-to-keep/td-p/578431