Fix result of Farbar Recovery Scan Tool (x64) Version: 30-09-2019
Ran by Ri (01-10-2019 14:15:04) Run:2
Running from C:\Users\Ri\Desktop
Loaded Profiles: Ri (Available Profiles: Ri & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Hosts:
2019-10-01 10:32 - 2019-10-01 10:32 - 000113664 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_ctypes.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000173568 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_elementtree.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001800192 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_hashlib.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000032256 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_multiprocessing.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000046080 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_psutil_windows.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000047616 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_socket.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 002230784 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_ssl.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000026112 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\_yappi.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000080896 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\bz2.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 006277632 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\cello.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000014848 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\common.time34.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000007680 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\hashobjs_ext.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000301568 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\PIL._imaging.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000169472 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\pyexpat.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001084416 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\pysqlite2._sqlite.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000548864 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\pythoncom27.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 000137728 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\pywintypes27.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 000010752 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\select.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000020992 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\thumbnails_ext.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000689664 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\unicodedata.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000118784 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\usb_ext.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000128512 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32api.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000438784 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32com.shell.shell.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000011776 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32crypt.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000023040 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32event.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000149504 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32file.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000223232 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32gui.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000048128 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32inet.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000029696 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32pdh.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000027648 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32pipe.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000044032 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32process.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000020480 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32profile.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000136192 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32security.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000026624 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32ts.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000034304 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.conditional.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000038400 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.connectivity.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000073216 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.device_monitor.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000110592 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.volumes.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000020480 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.winwrap.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001325056 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._controls_.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001489408 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._core_.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001007104 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._gdi_.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000103424 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._html2.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000916992 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._misc_.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 001039872 ____C () [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._windows_.pyd
2019-10-01 10:32 - 2019-10-01 10:32 - 000202240 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxbase30u_net_vc90_x64.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 002831872 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxbase30u_vc90_x64.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 001654784 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_adv_vc90_x64.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 006542336 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_core_vc90_x64.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 000773632 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_html_vc90_x64.dll
2019-10-01 10:32 - 2019-10-01 10:32 - 000137216 ____C (wxWidgets development team) [File not signed] C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_webview_vc90_x64.dll
CHR NewTab: Default -> Active:"chrome-extension://gibkoahgjfhphbmeiphbcnhehbfdlcgo/iframe.html", Active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR HKU\S-1-5-21-3322024640-609274597-3985363230-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
Task: {C97E9864-2165-4AED-BC2E-53DDFBECAA6D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
HKU\S-1-5-21-3322024640-609274597-3985363230-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [4040008 2019-08-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
EmptyTemp:
cmd: ipconfig /flushdns

*****************

Restore point was successfully created.
Processes closed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_ctypes.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_elementtree.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_hashlib.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_multiprocessing.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_psutil_windows.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_socket.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_ssl.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\_yappi.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\bz2.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\cello.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\common.time34.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\hashobjs_ext.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\PIL._imaging.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\pyexpat.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\pysqlite2._sqlite.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\pythoncom27.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\pywintypes27.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\select.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\thumbnails_ext.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\unicodedata.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\usb_ext.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32api.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32com.shell.shell.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32crypt.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32event.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32file.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32gui.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32inet.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32pdh.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32pipe.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32process.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32profile.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32security.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\win32ts.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.conditional.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.connectivity.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.device_monitor.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.volumes.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\windows.winwrap.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._controls_.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._core_.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._gdi_.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._html2.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._misc_.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wx._windows_.pyd => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxbase30u_net_vc90_x64.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxbase30u_vc90_x64.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_adv_vc90_x64.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_core_vc90_x64.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_html_vc90_x64.dll => moved successfully
C:\Users\Ri\AppData\Local\Temp\_MEI87922\wxmsw30u_webview_vc90_x64.dll => moved successfully
"Chrome NewTab" => removed successfully
HKU\S-1-5-21-3322024640-609274597-3985363230-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C97E9864-2165-4AED-BC2E-53DDFBECAA6D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C97E9864-2165-4AED-BC2E-53DDFBECAA6D}" => removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => removed successfully
"HKU\S-1-5-21-3322024640-609274597-3985363230-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully

========= ipconfig /flushdns =========


Configuration IP de Windows

Cache de r‚solution DNS vid‚.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29722740 B
Java, Flash, Steam htmlcache => 27838232 B
Windows/system/drivers => 562163 B
Edge => 0 B
Chrome => 230603208 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 908 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Ri => 180089455 B
DefaultAppPool => 0 B

RecycleBin => 2889990 B
EmptyTemp: => 460.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-10-2019 14:16:51)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 14:16:51 ====