Rapport Hijack suite virus cryptage rançon

Bonjour,





J'ai eu un virus qui crypte données et demande rançon et j'ai fais une désinfection par ESET en ligne.
J'ai toujours des problemes :
- Des fichiers image que je n'arrive plus à voir (cryptés j'imagine)
- Je n'arrive plus à ouvrir gestionnaire des taches par aucun moyen
- Je n'arrive plus à ouvrir la corbeille
- A l'ouverture de windows j'ai toujours un readme.bmp et .txt issu du rançonware que j'ai pourtant censé avoir viré...

Voici un rapport Hijack. Quelqu'un peut m'aider car c'est un peu du chinois pour moi !

Merci


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:38, on 18/08/2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\AVAST Software\Avast\AvastSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Google\Update\GoogleUpdate.exe
G:\WINDOWS\system32\agrsmsvc.exe
G:\WINDOWS\system32\FsUsbExService.Exe
G:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\ScsiCommandService2.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\hkcmd.exe
G:\WINDOWS\system32\igfxpers.exe
G:\WINDOWS\system32\igfxsrvc.exe
G:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
G:\Program Files\Synaptics\SynTP\SynTPEnh.exe
G:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
G:\Program Files\AVAST Software\Avast\AvastUI.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\HPQ\Shared\hpqwmi.exe
G:\WINDOWS\system32\wbem\unsecapp.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
G:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F3 - REG:win.ini: load=G:\DOCUME~1\ALLUSE~1\msntgrsbc.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - G:\Documents and Settings\Mehdy\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - G:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [HotKeysCmds] G:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] G:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] G:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] G:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] G:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "G:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] G:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "G:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - G:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_2_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: 0
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - G:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - G:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - G:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - G:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - G:\WINDOWS\system32\services.exe
O23 - Service: FsUsbExService - Teruten - G:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - G:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - G:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - G:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - G:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - G:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: kbasesrv - Unknown owner - G:\Program Files\kbasesrv\kbasesrv.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - G:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - G:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - G:\WINDOWS\system32\sessmgr.exe
O23 - Service: Reikuchreawopy Adapter (Rkcadpsrv) - Unknown owner - G:\Program Files\Reikuchreawopy\Rkcadpsrv.exe (file missing)
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - G:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SCSI command service (ScsiCommandService2) - Mobile Leader Co.,Ltd. - G:\WINDOWS\system32\ScsiCommandService2.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - G:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - G:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - G:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - G:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - G:\Program Files\Windows Media Player\WMPNetwk.exe