CreareRestorePoint: 
HKU\S-1-5-21-1108279874-2773190112-526637328-1000\...\MountPoints2: {70810565-0fad-11e7-9b05-806e6f6e6963} - E:\UI.exe
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88s_Gv-3FpuvP3kI6PtibLH4Uk8XtmTtIPHH_khxJ5wtF63wL9ekXIqQC0bOL-oOkYuBGX4Tx2U0FINfdYfuZ8TuyZOuag2NQCHaQoHdNXqlT9hvBl0eteLeLrheP46QxlhOQkSxD4J56oU
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
CHR HKU\S-1-5-21-1108279874-2773190112-526637328-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {87976582-260A-4FF7-B823-92FCCE719F1B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-03-20] ()
Task: {886D33A8-0891-415D-907B-624BA456FA7C} - System32\Tasks\{D099EA21-3874-4564-90EC-E12B866FDA08} => pcalua.exe -a "C:\Users\HelenK\Documents\云之思三轴调参软件与驱动 (1)\云之思三轴调参软件与驱动\驱动\驱动\USB-驱动\USB驱动程序\VCP_V1.3.1_Setup_x64.exe" -d "C:\Users\HelenK\Documents\云之思三轴调参软件与驱动 (1)\云之思三轴调参软件与驱动\驱动\驱动\USB-驱动\USB驱动程序"
Task: {F8D88A72-5946-4E87-855C-1037869C13B8} - System32\Tasks\{6D05EE9A-00D9-4BDC-925D-765227250D01} => pcalua.exe -a "C:\Users\HelenK\Documents\云之思三轴调参软件与驱动 (1)\云之思三轴调参软件与驱动\驱动\驱动\USB-驱动\USB驱动程序\VCP_V1.3.1_Setup.exe" -d "C:\Users\HelenK\Documents\云之思三轴调参软件与驱动 (1)\云之思三轴调参软件与驱动\驱动\驱动\USB-驱动\USB驱动程序"
C:\Users\HelenK\Documents\云之思三轴调参软件与驱动 (1)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\System32\Tasks\AutoKMS
c:\users\helenk\appdata\local\growtopia\game\crack.rttex
c:\users\helenk\appdata\local\growtopia\tmpnobeta\game\crack.rttex
c:\users\helenk\desktop\shortcuts\sid.meiers.civilization.vi.proper-reloaded\crack\base\binaries\win64steam\civilizationvi.exe
c:\users\helenk\desktop\shortcuts\sid.meiers.civilization.vi.proper-reloaded\crack\base\binaries\win64steam\steam000.wow
c:\users\helenk\desktop\shortcuts\sid.meiers.civilization.vi.proper-reloaded\crack\base\binaries\win64steam\steam001.wow
c:\users\helenk\desktop\shortcuts\sid.meiers.civilization.vi.proper-reloaded\crack\base\binaries\win64steam\steam_api.ini
c:\users\helenk\desktop\shortcuts\sid.meiers.civilization.vi.proper-reloaded\crack\base\binaries\win64steam\steam_api64.dll
c:\windows\autokms\autokms.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp: