analyse log Hijackthis

Bonjour,

J'ai un souci sur un PC infecté par une tripotée de bestiaux... j'ai déjà
identifier Net Monitor, Command.exe et autres subtilités... Voici un log
HJT, je suis preneur de la procédure à suivre pour les éradiquer (j'ai
essayé de façon plus ou moins manuelle, mais ils reviennent toujours....)

Merci !

Log :

Logfile of HijackThis v1.99.1
Scan saved at 13:35:07, on 02/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\BODET\KELIO\bin32\TERMSVC.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\msiexec.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\BODET\KELIO\bin32\SCKTSRVC.EXE
C:\Program Files\TELBAC\svctbw.exe
C:\WINNT\winmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\BODET\KELIO\bin32\MIDASSRV.EXE
C:\PROGRA~1\BODET\KELIO\bin32\FCAUTSVC.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\tbaction.exe
C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\3M\PSN2Lite\PSNGive.exe
c:\dfndrff_e46.exe
c:\kybrdff_e46.exe
c:\windows.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\TGVibGFuYyBDaHJpc3RvcGhl\command.exe
C:\mtcompta\PErso\nettoyage\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} -
C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {50403523-7765-49A9-ACF9-C88017F7189A} - C:\Program
Files\Fichiers communs\mezok.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program
Files\Deskbar\deskbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost
2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program
Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TBAction] C:\Program Files\tbaction.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e46.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e46.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e46.exe
O4 - HKLM\..\RunServices: [Bodet-services] C:\bodet\KELIO\bin32\crp.exe -I
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program
Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 -
HKLM\System\CCS\Services\Tcpip\..\{42C3EE90-27AA-4249-995E-A409E62E0EFC}:
NameServer = 193.252.19.3,193.252.19.4
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program
Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program
Files\Network Associates\VirusScan\Avsynmgr.exe (file missing)
O23 - Service: Twiny Automatics Functions (btTwinyAutoFunction) - Bodet
S.A. - C:\PROGRA~1\BODET\KELIO\bin32\FCAUTSVC.EXE
O23 - Service: Twiny Midas Server (btTwinyMidas) - Bodet S.A. -
C:\PROGRA~1\BODET\KELIO\bin32\MIDASSRV.EXE
O23 - Service: Twiny Terminals Access (btTwinyTerminal) - Bodet S.A. -
C:\PROGRA~1\BODET\KELIO\bin32\TERMSVC.EXE
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINNT\TGVibGFuYyBDaHJpc3RvcGhl\command.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique
(dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program
Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program
Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network
Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates,
Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
Monitor\netmon.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINNT\System32\NMSSvc.exe
O23 - Service: Borland Socket Server (SocketService) - Unknown owner -
C:\PROGRA~1\BODET\KELIO\bin32\SCKTSRVC.EXE
O23 - Service: Telbac Configuration Service (TBW32CONFIGSERVICE) - SAGE
FRANCE - C:\Program Files\TELBAC\svctbw.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown
owner - C:\WINNT\winmgr.exe