start 
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\Vnoafbnar\1.0.4.1\sloelaha.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5110192 2012-10-24] (INCA Internet Co., Ltd.)
S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-FR\GameGuard\dump_wmimmc.sys [X]
S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]
2015-07-12 20:47 - 2015-07-13 04:47 - 00003462 _____ C:\Windows\System32\Tasks\Vnoafbnar
2015-07-10 23:46 - 2015-07-10 23:46 - 00000000 ____D C:\ProgramData\Vnoafbnar
C:\Windows\System32\Tasks\Vnoafbnar
C:\ProgramData\Vnoafbnar
2015-07-09 00:05 - 2015-03-07 03:12 - 00000000 __SHD C:\Users\Nicolas\AppData\Local\EmieBrowserModeList
2013-12-21 20:25 - 2014-10-22 20:00 - 0000155 _____ () C:\Users\Nicolas\AppData\Roaming\WB.CFG
Task: {75F2374A-3DA2-4A8D-BFF5-D04D175624A5} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION
Task: {A62CF9D6-6829-44FB-A531-CA118919E1BE} - System32\Tasks\Vnoafbnar => C:\ProgramData\Vnoafbnar\1.0.4.1\sloelaha.exe [2015-07-10] ()
2015-07-10 23:46 - 2015-07-10 23:46 - 00157184 _____ () C:\ProgramData\Vnoafbnar\1.0.4.1\sloelaha.exe
C:\Program Files (x86)\Protected Search\ProtectedSearch.exe

EmptyTemp:
end