Trojan Vundo/Virtumonde

Bonjour,
Depuis environ 2 jours j'ai cette infection... après avoir effectué toutes les manipulations que j'ai pu trouver sur ce site et d'autres, je n'ai toujours pas réussi à m'en débarrasser, c'est une horreur (j'dois en être à une quinzaine d'heures d'analyses/suppressions, re-analyses, rapport hi-jack, redémarrage en mode sans échec et rebelote).
Bref, voici mon rapport combofix :

"ComboFix 09-04-23.A3 - Compaq_Propriétaire 23/04/2009 23:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.524 [GMT 2:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Mes documents\Téléchargements\ComboFix.exe
AV: Securitoo AntiVirus Firewall 8.00 *On-access scanning disabled* (Updated)
FW: Securitoo AntiVirus Firewall 8.00 *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Propri‚taire\F9370C88E3C7CFF0\F9370C88E3C7CFF0
c:\documents and settings\Compaq_Propriétaire\F9370C88E3C7CFF0\
c:\documents and settings\Compaq_Propriétaire\F9370C88E3C7CFF0\F9370C88E3C7CFF0
C:\install.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))
.

2009-04-23 20:52 . 2009-04-23 20:52 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-04-23 16:07 . 2009-04-23 20:33 -------- d-----w C:\VundoFix Backups
2009-04-23 09:05 . 2009-04-23 09:05 -------- d-----w c:\program files\Trend Micro
2009-04-23 00:24 . 2009-04-23 00:24 -------- d-----w c:\documents and settings\Administrateur\Application Data\DivX
2009-04-23 00:24 . 2009-04-23 00:24 -------- d-----w c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-04-23 00:22 . 2009-04-23 00:22 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-04-22 23:43 . 2009-04-22 23:43 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2009-04-22 23:43 . 2009-04-22 23:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-22 23:38 . 2009-04-22 23:38 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\yjhhjfwq
2009-04-22 23:38 . 2009-04-22 23:38 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\yjhhjfwq
2009-04-22 23:38 . 2009-04-22 23:38 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\yjhhjfwq
2009-04-22 23:38 . 2009-04-22 23:38 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\yjhhjfwq
2009-04-22 23:14 . 2009-04-22 23:14 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Yahoo!
2009-04-22 23:13 . 2009-04-23 00:05 -------- d-----w c:\program files\Yahoo!
2009-04-22 21:31 . 2009-04-22 21:31 213120 ----a-w c:\windows\system32\dllcache\ndis.sys
2009-04-22 21:30 . 2009-04-23 21:49 103036 ----a-w c:\windows\system32\drivers\f7baeb1.sys
2009-04-22 21:28 . 2009-04-22 21:29 2 ----a-w C:\-126392741
2009-04-22 08:56 . 2009-04-23 08:52 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 08:56 . 2009-04-22 21:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-22 08:41 . 2009-04-22 08:56 -------- d-----w c:\program files\Fichiers communs\PC Tools
2009-04-22 08:41 . 2009-04-22 08:56 -------- d-----w c:\program files\Spyware Doctor
2009-04-09 14:02 . 2009-04-09 14:02 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\AdobeUM
2009-04-04 12:40 . 2009-04-04 12:40 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Sonic
2009-04-04 12:40 . 2009-04-04 12:40 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Leadertech
2009-04-01 07:03 . 2009-04-01 07:03 -------- d-----w C:\temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 21:39 . 2009-01-10 18:33 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-04-23 17:51 . 2009-04-23 16:07 1008 ----a-w C:\VundoFix.txt
2009-04-23 17:05 . 2009-04-23 17:00 2766 ----a-w C:\rapport.txt
2009-04-22 23:35 . 2004-08-05 04:00 -------- d-----w c:\program files\Fichiers communs\Mozilla Shared
2009-04-22 23:06 . 2009-01-10 22:55 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\BitTorrent
2009-04-22 21:37 . 2009-01-10 19:00 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\DNA
2009-04-22 21:31 . 2004-08-05 11:00 213120 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-22 21:30 . 2009-01-10 19:05 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Skype
2009-04-22 21:27 . 2009-01-10 19:07 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\skypePM
2009-04-22 21:26 . 2009-01-10 19:00 -------- d-----w c:\program files\DNA
2009-04-22 08:56 . 2009-02-16 23:01 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-21 21:06 . 2009-01-21 21:06 50688 --sha-w c:\windows\system32\tajopava.exe
2009-04-15 15:32 . 2009-01-11 17:42 -------- d-----w c:\program files\World of Warcraft
2009-04-14 18:43 . 2009-03-16 13:19 -------- d-----w c:\program files\DivX
2009-04-14 07:22 . 2009-02-23 22:20 -------- d-----w c:\program files\Sony
2009-04-14 07:17 . 2009-02-23 21:44 -------- d-----w c:\program files\Game Cam V2
2009-04-09 22:20 . 2009-02-18 15:01 480 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2009-04-02 15:33 . 2009-01-23 13:51 4043 ----a-w C:\hpfr3425.log
2009-04-02 15:31 . 2009-01-23 13:51 525 ----a-w C:\hpfr3420.xml
2009-03-29 12:17 . 2004-11-23 14:26 87400 ----a-w c:\windows\system32\perfc00C.dat
2009-03-29 12:17 . 2004-11-23 14:26 513588 ----a-w c:\windows\system32\perfh00C.dat
2009-03-19 14:35 . 2009-03-16 13:20 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\DivX
2009-03-16 13:19 . 2009-03-16 13:19 -------- d-----w c:\program files\Fichiers communs\DivX Shared
2009-03-02 14:48 . 2009-03-02 14:48 33408 ----a-w c:\windows\system32\drivers\fsbts.sys
2009-03-02 14:35 . 2009-03-02 14:35 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\F-Secure
2009-03-02 14:28 . 2009-03-02 14:26 -------- d-----w c:\documents and settings\All Users\Application Data\f-secure
2009-03-02 14:27 . 2009-03-02 14:26 -------- d-----w c:\documents and settings\All Users\Application Data\fssg
2009-03-02 13:32 . 2009-01-10 18:47 -------- d-----w c:\program files\Securitoo
2009-02-28 16:37 . 2009-02-24 15:03 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\LimeWire
2009-02-24 12:50 . 2009-02-24 12:50 -------- d-----w c:\program files\Modules VST
2009-02-24 12:50 . 2009-02-24 12:50 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Publish Providers
2009-02-24 12:50 . 2009-02-24 12:50 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Sony
2009-02-24 10:49 . 2009-02-24 10:49 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\ArcSoft
2009-02-24 10:48 . 2009-02-24 10:48 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-24 10:48 . 2009-02-24 10:48 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-24 10:48 . 2009-01-10 19:03 -------- d-----w c:\program files\ArcSoft
2009-02-24 10:47 . 2006-03-20 22:33 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 09:22 . 2009-01-10 18:06 43488 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-24 09:22 . 2009-01-10 18:06 43488 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-24 09:22 . 2009-01-10 18:06 43488 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 22:18 . 2009-02-23 22:18 -------- d-----w c:\program files\MSBuild
2009-02-23 22:18 . 2009-02-23 22:18 110752 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-23 22:12 . 2009-02-23 22:12 -------- d-----w c:\program files\Reference Assemblies
2009-02-23 21:53 . 2009-02-23 21:53 -------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Sony Setup
2009-02-23 21:53 . 2009-02-23 21:53 -------- d-----w c:\program files\Sony Setup
2009-02-07 19:28 . 2009-02-07 19:28 1244214 ----a-w C:\[u]0/u207-202840-5.bmp
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-27 01:34 . 2009-01-27 01:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-01-27 01:34 . 2009-01-27 01:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-01-27 01:34 . 2009-01-27 01:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-01-27 01:34 . 2009-01-27 01:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-01-27 01:34 . 2009-01-27 01:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-01-10 18:09 . 2009-01-10 18:06 142 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\fusioncache.dat
2009-01-10 18:09 . 2009-01-10 18:06 142 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\fusioncache.dat
2009-01-10 18:09 . 2009-01-10 18:06 142 ----a-w c:\documents and settings\Compaq_Propriétaire\Local Settings\Application Data\fusioncache.dat
2006-03-20 22:48 . 2009-04-23 00:18 42128 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-20 22:19 . 2009-04-23 00:18 135 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-01-21 21:00 . 2009-01-21 21:00 48640 --sha-w c:\windows\system32\govegomu.dll.tmp
2009-01-21 21:00 . 2009-01-21 21:00 48640 --sha-w c:\windows\system32\mulanaha.dll.tmp
2009-01-21 21:00 . 2009-01-21 21:00 48640 --sha-w c:\windows\system32\najihate.dll.tmp
2009-01-20 20:11 . 2009-01-20 20:11 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009010520090112\index.dat
2009-01-20 20:11 . 2009-01-20 20:11 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012009012020090121\index.dat
.

------- Sigcheck -------

[7] 2004-08-05 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2009-04-22 21:31 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-22 21:31 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07ef55a0-a500-49df-a5e9-d0d9a8f0716b}]
2004-08-05 04:00 103424 ----a-w c:\windows\system32\ycbsadw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-21 27136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2009-2-22 721408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nhzlzjhg]
2004-08-05 04:00 103424 ----a-w c:\windows\system32\ycbsadw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\fuckingmich\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Securitoo\\av_fw\\Anti-Virus\\fssm32.exe"=
"c:\\Program Files\\Securitoo\\av_fw\\Anti-Virus\\fsgk32.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-06-25 79904]
R3 DTVFW;DVB-T USB adapter firmware;c:\windows\system32\DRIVERS\dtvfw.sys [2006-03-24 22016]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-12-18 101120]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2008-06-25 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2008-06-25 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-03-02 33408]
S0 hgycytxi;hgycytxi;c:\windows\system32\drivers\hgycytxi.sys [2004-08-05 23424]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Securitoo\av_fw\HIPS\drivers\fshs.sys [2008-06-25 66720]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2009-03-23 84608]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Securitoo\av_fw\ORSP Client\fsorsp.exe [2008-06-25 55904]
S3 usbdtv;DVB-T TV Tuner;c:\windows\system32\Drivers\usbdtv.sys [2006-03-24 31232]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hcdvukdg
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8232718499.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2009-03-25 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8235571817.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Securitoo\av_fw\FSPS\program\FSLSP.DLL
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\1xdjzavp.default\
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\npbittorrent.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 23:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f7baeb1]
"ImagePath"="\SystemRoot\System32\drivers\f7baeb1.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(716)
c:\program files\Securitoo\av_fw\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(4308)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
c:\program files\Securitoo\av_fw\Common\FSMA32.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Securitoo\av_fw\Common\FSMB32.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Securitoo\av_fw\Common\FCH32.EXE
c:\program files\Securitoo\av_fw\Anti-Virus\fsqh.exe
c:\program files\Securitoo\av_fw\Common\FAMEH32.EXE
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fssm32.exe
c:\program files\Securitoo\av_fw\FSAUA\program\fsaua.exe
c:\program files\HP\Digital Imaging\bin\hposts08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Securitoo\av_fw\FSAUA\program\fsus.exe
c:\program files\Securitoo\av_fw\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Heure de fin: 2009-04-23 23:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-23 21:51

Avant-CF: 9 551 343 616 octets libres
Après-CF: 9 544 978 432 octets libres

282 --- E O F --- 2009-02-15 01:40"

Et le rapport HijackThis :

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:09, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07ef55a0-a500-49df-a5e9-d0d9a8f0716b} - c:\windows\system32\ycbsadw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\ycbsadw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe