Impossible d'effacer worm\VB.BYE

le voila!!
ComboFix 08-05-15.3 - GILLIER Jérôme 2008-05-18 2:17:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2797 [GMT 2:00]
Endroit: C:\Documents and Settings\GILLIER Jérôme\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 01:04 . 2008-05-18 01:04 <REP> d-------- C:\Program Files\Trend Micro
2008-05-18 00:19 . 2008-05-18 02:16 1,024 --ah----- C:\WINDOWS\system32\config\systemprofi­le\NtUser.dat.LOG
2008-05-14 07:06 . 2008-05-18 01:21 <REP> d--h----- C:\$AVG8.VAULT$
2008-05-13 19:16 . 2008-05-13 19:16 <REP> d-------- C:\WINDOWS\Sun
2008-05-13 17:30 . 2008-05-17 00:14 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-13 17:30 . 2008-05-13 17:38 <REP> d-------- C:\Documents and Settings\GILLIER Jérôme\Application Data\AVGTOOLBAR
2008-05-13 17:30 . 2008-05-13 17:30 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.­sys
2008-05-13 17:30 . 2008-05-13 17:30 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-13 17:29 . 2008-05-13 17:29 <REP> d-------- C:\Program Files\AVG
2008-05-13 17:29 . 2008-05-13 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 22:08 . 2008-05-14 17:11 <REP> d-------- C:\Program Files\Winamp Remote
2008-05-11 22:08 . 2008-05-14 17:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-11 22:07 . 2008-05-11 22:13 <REP> d-------- C:\Program Files\Winamp
2008-05-11 22:07 . 2008-05-12 08:49 <REP> d-------- C:\Documents and Settings\GILLIER Jérôme\Application Data\Winamp
2008-05-11 01:25 . 2087-04-23 12:15 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-24 17:03 . 2008-04-24 17:03 <REP> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:52 8,708 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-16 15:59 --------- d-----w C:\Program Files\Arovax AntiSpyware
2008-05-15 05:27 --------- d-----w C:\Program Files\eMule
2008-05-11 14:20 --------- d-----w C:\Program Files\DivX
2008-05-11 14:19 --------- d-----w C:\Program Files\Canon
2008-04-25 15:18 --------- d-----w C:\Program Files\Google
2008-04-25 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 17:12 --------- d-----w C:\Program Files\LimeWire
2008-04-24 16:53 --------- d-----w C:\Documents and Settings\GILLIER Jérôme\Application Data\LimeWire
2008-04-14 19:07 --------- d-----w C:\Documents and Settings\GILLIER Jérôme\Application Data\U3
2008-04-12 12:52 --------- d-----w C:\Program Files\MSBuild
2008-04-12 12:52 --------- d-----w C:\Program Files\Microsoft Works
2008-04-12 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 01:30 --------- d-----w C:\Program Files\Sim AQUARIUM 2
2008-04-11 15:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-11 15:14 --------- d-----w C:\Program Files\Windows Live
2008-04-10 15:16 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-10 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 14:58 --------- d-----w C:\Program Files\Lavalys
2008-04-09 15:51 --------- d-----w C:\Program Files\Java
2008-04-08 18:41 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-04-08 14:53 --------- d-----w C:\Program Files\Sunbelt Software
2008-04-07 17:43 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsb­Filt_01005.Wdf
2008-04-07 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-07 17:40 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHid­Filt_01005.Wdf
2008-04-07 17:40 --------- d-----w C:\Program Files\Fichiers communs\Logishrd
2008-04-07 17:39 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-04-07 17:39 --------- d-----w C:\Documents and Settings\GILLIER Jérôme\Application Data\InstallShield
2008-04-07 17:07 107,134 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-04-07 16:56 --------- d-----w C:\Program Files\Free
2008-04-03 15:02 689,687 ----a-w C:\WINDOWS\unins000.exe
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionCh­ecker.exe
2008-03-23 10:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 19:29 --------- d-----w C:\Documents and Settings\GILLIER Jérôme\Application Data\Logitech
2008-03-20 19:27 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.e­xe
2008-03-20 19:27 --------- d-----w C:\Program Files\Logitech
2008-03-20 19:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Logitech
2008-03-20 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-03-20 19:26 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_0­1005_Coinstaller_Critical.Wdf
2008-03-20 19:26 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMou­Filt_01005.Wdf
2008-03-20 19:23 --------- d-----w C:\Program Files\WIDCOMM
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-24 16:29 22,328 ----a-w C:\Documents and Settings\GILLIER Jérôme\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-13 17:30 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-13 17:30 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e269­8e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-13 17:30 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e269­8e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe&­quot; [2004-08-04 00:54 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­" [2008-04-09 20:26 68856]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll&­quot; [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCh­eck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-21 20:59 185896]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 13:00 53248]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray­.dll" [2007-12-05 02:41 81920]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe­" [2008-05-13 17:30 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersi­on\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE&­quot; [2004-08-04 00:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 23:37:20 561213]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-20 21:27:28 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-07 19:39:54 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio­n\policies\explorer\run]
"Task"= C:\DOCUME~1\GILLIE~1\taskmgr.exe

[hkey_local_machine\software\microsoft\windows\currentversio­n\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 13:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoo­t\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\installations jeux\\crysis\\Bin32\\Crysis.exe"=
"D:\\installations jeux\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\dossier jeux\\Counter-Strike Source\\hl2.exe"=
"D:\\installations jeux\\command and conquer HEURE H\\game.dat"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe&qu­ot;=
"D:\\installations jeux\\halo\\halo.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-13 17:30]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 17:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{06f2ee42-d405-11dc-aa3c-0019660c2117­}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{d76805e2-fdce-11dc-aa87-0019660c2117­}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - G:\Boot.exe e

*Newly Created Service* - CATCHME
.
************************************************************­**************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 02:20:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

************************************************************­**************
.
Temps d'accomplissement: 2008-05-18 2:23:14
ComboFix-quarantined-files.txt 2008-05-18 00:23:00

Pre-Run: 117,287,133,184 octets libres
Post-Run: 117,281,730,560 octets libres

191 --- E O F --- 2008-04-10 18:20:48