start::
closeprocesses:
createrestorepoint:
GroupPolicy: Restriction ? <==== ATTENTION 
SearchScopes: HKU\S-1-5-21-1648903517-3408026618-479412824-1001 -> DefaultScope {B239CEA9-89A2-4711-B19A-BE23E04CFE1E} URL =
SearchScopes: HKU\S-1-5-21-1648903517-3408026618-479412824-1001 -> {53DB2055-962F-4D06-B0AB-062C2EE81343} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1648903517-3408026618-479412824-1001 -> {B239CEA9-89A2-4711-B19A-BE23E04CFE1E} URL = 
2018-07-19 21:21 - 2018-07-19 21:21 - 000003588 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2018-07-19 21:21 - 2018-07-19 21:21 - 000003576 _____ C:\Windows\System32\Tasks\ASUS Live Update2 
2018-07-07 23:02 - 2018-07-08 21:39 - 000000000 ____D C:\Users\Ismail\AppData\Roaming\NCH Software
2018-07-07 23:02 - 2018-07-08 12:44 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software 
2018-07-20 15:52 - 2018-06-14 00:32 - 000000000 ____D C:\ProgramData\KMSAuto 
Task: {010AD2EA-0561-4D1D-9F75-144A4D1AE3FB} - System32\Tasks\ASUS Live Update1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" apdrive.win 
Task: {52610C8F-C9D5-4575-B6D5-A36DF6F9C823} - System32\Tasks\ASUS Live Update2 => "C:\Program Files\Google\Chrome\Application\chrome.exe" apdrive.win 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" 
FirewallRules: [{FE20D5C9-9FC9-4056-9B26-5BA2A4CD4CF1}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{1543CD43-E382-42E6-B83B-02D079213944}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe 
hosts:
cmd: ipconfig /flushdns
emptytemp:
end::