Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-09-2015 Ran by USUARIO (2015-09-26 14:45:54) Running from C:\Documents and Settings\USUARIO\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2013-08-08 13:35:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1547161642-602162358-842925246-500 - Administrator - Enabled) Convidado (S-1-5-21-1547161642-602162358-842925246-501 - Limited - Enabled) HelpAssistant (S-1-5-21-1547161642-602162358-842925246-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1547161642-602162358-842925246-1002 - Limited - Disabled) USUARIO (S-1-5-21-1547161642-602162358-842925246-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\USUARIO ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\avast) (Version: 10.4.2233 - AVAST Software) CMS (HKLM\...\CMS) (Version: - ) Firebird 2.5.1.26351 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.1.26351 - Firebird Project) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) NetSurveillance (HKLM\...\NetSurveillance) (Version: - ) UNIPAF 4.12.12 (HKLM\...\8988-0436-8093-8847) (Version: 4.12.12 - Intelidata) VNC Free Edition 4.1.1 (HKLM\...\RealVNC_is1) (Version: 4.1.1 - RealVNC Ltd.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-06-2015 12:20:13 Ponto de verificação do sistema 30-06-2015 13:17:00 Ponto de verificação do sistema 01-07-2015 13:19:15 Ponto de verificação do sistema 02-07-2015 14:08:14 Ponto de verificação do sistema 03-07-2015 15:57:00 Ponto de verificação do sistema 05-07-2015 11:07:14 Ponto de verificação do sistema 06-07-2015 12:09:21 Ponto de verificação do sistema 07-07-2015 13:07:35 Ponto de verificação do sistema 08-07-2015 13:18:28 Ponto de verificação do sistema 09-07-2015 13:48:52 Ponto de verificação do sistema 10-07-2015 13:55:16 Ponto de verificação do sistema 11-07-2015 14:05:30 Ponto de verificação do sistema 13-07-2015 13:12:41 Ponto de verificação do sistema 14-07-2015 13:47:43 Ponto de verificação do sistema 15-07-2015 13:53:29 Ponto de verificação do sistema 16-07-2015 14:09:19 Ponto de verificação do sistema 17-07-2015 15:25:59 Ponto de verificação do sistema 20-07-2015 12:51:49 avast! antivirus system restore point 20-07-2015 12:54:42 Installed Windows XP Wdf01009. 21-07-2015 13:13:58 Ponto de verificação do sistema 22-07-2015 13:23:39 Ponto de verificação do sistema 23-07-2015 13:56:02 Ponto de verificação do sistema 24-07-2015 14:28:42 Ponto de verificação do sistema 28-07-2015 12:47:55 Ponto de verificação do sistema 29-07-2015 13:22:30 Ponto de verificação do sistema 30-07-2015 14:09:04 Ponto de verificação do sistema 31-07-2015 14:30:33 Ponto de verificação do sistema 01-08-2015 08:56:49 avast! antivirus system restore point 01-08-2015 08:59:39 Installed Windows XP Wdf01009. 03-08-2015 12:24:59 Ponto de verificação do sistema 04-08-2015 13:36:17 Ponto de verificação do sistema 06-08-2015 09:48:47 Removido Ask Shopping Toolbar 06-08-2015 09:51:49 Removido EPmfd3 06-08-2015 09:54:45 Removed Instalador Interven 07-08-2015 13:15:57 Ponto de verificação do sistema 08-08-2015 10:54:20 Installed Norton Ghost. 11-08-2015 14:47:44 Ponto de verificação do sistema 13-08-2015 13:18:05 Ponto de verificação do sistema 14-08-2015 13:26:26 Ponto de verificação do sistema 15-08-2015 14:04:01 Ponto de verificação do sistema 17-08-2015 13:32:24 Ponto de verificação do sistema 19-08-2015 08:54:16 Ponto de verificação do sistema 20-08-2015 13:28:30 Ponto de verificação do sistema 21-08-2015 13:48:16 Ponto de verificação do sistema 22-08-2015 13:51:06 Ponto de verificação do sistema 23-08-2015 15:44:56 Ponto de verificação do sistema 25-08-2015 13:13:34 Ponto de verificação do sistema 26-08-2015 14:01:18 Ponto de verificação do sistema 27-08-2015 14:36:56 Ponto de verificação do sistema 28-08-2015 14:49:44 Ponto de verificação do sistema 31-08-2015 10:17:51 Installed HitLeap Viewer 2.8 31-08-2015 18:39:52 ZHPFix Restore System Point 01-09-2015 17:42:39 Removed Norton Ghost. 01-09-2015 17:47:15 Removed HitLeap Viewer 2.8 02-09-2015 20:22:40 Ponto de verificação do sistema 04-09-2015 13:37:01 Ponto de verificação do sistema 05-09-2015 13:42:09 Ponto de verificação do sistema 07-09-2015 13:21:47 Ponto de verificação do sistema 08-09-2015 14:02:56 Ponto de verificação do sistema 09-09-2015 14:08:46 Ponto de verificação do sistema 10-09-2015 14:09:32 Ponto de verificação do sistema 11-09-2015 14:16:33 Ponto de verificação do sistema 12-09-2015 15:08:35 Ponto de verificação do sistema 14-09-2015 13:28:50 Ponto de verificação do sistema 15-09-2015 14:19:37 Ponto de verificação do sistema 16-09-2015 14:36:52 Ponto de verificação do sistema 17-09-2015 14:47:20 Ponto de verificação do sistema 19-09-2015 08:58:09 Ponto de verificação do sistema 21-09-2015 08:44:36 avast! antivirus system restore point 21-09-2015 08:48:03 Installed Windows XP Wdf01009. 22-09-2015 13:18:49 Ponto de verificação do sistema 23-09-2015 13:22:28 Ponto de verificação do sistema 24-09-2015 14:07:52 Ponto de verificação do sistema 25-09-2015 14:51:09 Ponto de verificação do sistema ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 14:30 - 2015-03-01 08:55 - 00000774 ____N C:\WINDOWS.0\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS.0\Tasks\avast! Emergency Update.job => C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-17 08:07 - 2015-09-21 08:45 - 00103376 _____ () C:\Arquivos de programas\AVAST Software\Avast\log.dll 2015-03-17 08:07 - 2015-09-21 08:45 - 00123976 _____ () C:\Arquivos de programas\AVAST Software\Avast\JsonRpcServer.dll 2015-09-25 19:48 - 2015-09-25 19:48 - 02966016 _____ () C:\Arquivos de programas\AVAST Software\Avast\defs\15092501\algo.dll 2015-09-26 09:10 - 2015-09-26 09:10 - 02966016 _____ () C:\Arquivos de programas\AVAST Software\Avast\defs\15092600\algo.dll 2015-03-14 08:07 - 2015-09-21 08:45 - 40539648 _____ () C:\Arquivos de programas\AVAST Software\Avast\libcef.dll 2013-08-09 10:00 - 2012-08-16 07:25 - 00172032 _____ () C:\UNICO\pg\bin\LIBPQ.dll 2013-08-09 10:00 - 2012-08-14 10:19 - 00999424 _____ () C:\UNICO\pg\bin\libxml2.dll 2008-04-14 14:30 - 2008-04-14 14:30 - 00014336 _____ () C:\WINDOWS.0\system32\msdmo.dll 2015-09-23 19:50 - 2015-09-19 02:43 - 16487752 _____ () C:\Arquivos de programas\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Arquivos de programas\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\Arquivos de programas\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== AlternateDataStreams: C:\WINDOWS.0\system32:C1450E19_Bb.gbp AlternateDataStreams: C:\WINDOWS.0\system32\drivers:GbpKmAp.lst AlternateDataStreams: C:\WINDOWS.0\system32\drivers:IncompleteBoot.cnt ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1547161642-602162358-842925246-1003\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1547161642-602162358-842925246-1003\...\bb.com.br -> hxxps://seg.bb.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1547161642-602162358-842925246-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: MSMSGS => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Arquivos de programas\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Faulty Device Manager Devices ============= Name: Controlador de áudio de multimídia Description: Controlador de áudio de multimídia Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2015 09:09:41 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/25/2015 11:46:27 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/25/2015 09:59:48 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/25/2015 09:18:34 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/25/2015 09:02:14 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/24/2015 07:37:10 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/24/2015 05:02:11 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/23/2015 04:01:57 PM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/23/2015 11:18:59 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando Error: (09/23/2015 11:18:57 AM) (Source: PostgreSQL) (EventID: 0) (User: ) Description: FATAL: o sistema de banco de dados está iniciando System errors: ============= Error: (09/26/2015 09:09:16 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/25/2015 01:20:50 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\Harddisk0\D Error: (09/25/2015 01:18:17 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\Harddisk0\D Error: (09/25/2015 11:46:03 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/25/2015 09:59:25 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/25/2015 09:18:06 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/25/2015 09:01:50 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/24/2015 07:36:46 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/24/2015 05:01:46 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/24/2015 09:03:46 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000001HarddiskVolume1 ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 2.13GHz Percentage of memory in use: 83% Total physical RAM: 991.3 MB Available physical RAM: 159.53 MB Total Virtual: 2005.77 MB Available Virtual: 949 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:44.73 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 74.5 GB) (Disk ID: F824F824) Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================