SOS Autorun.inf

Bonjour,
voici le problème, j'ai téléchargé la mise à jour de Kaspersky à installer sur une machine qui n'est pas connecté à Internet, lorsque j'ai décompressé le fichier, je l'ai fait par mégarde sur le bureau. j'ai bien sur déplacé ces fichiers dans le dossier kespersky (programme files) mais à chaque démarrage de la machine, ils s'affichent. alors j'ai désinstallé kaspersky & l'ai complètement supprimé, même du registre, remplacé par Avast qui a détecté et supprimé ce Trojan lors d'un scan au démarrage, cependant le problème persiste.
j'ai donc lancé Combo Fix et Mbam en mode sans échec, je vous copie les rapport pour toute fin utile:
Rapport Combofix:
ComboFix 09-04-20.05 - Administrateur 20/04/2009 18:29.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.1014.844 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 080915-0] *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-20 16:42 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 16:42 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 16:42 . 2009-04-20 16:42 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 22:02 . 2009-04-19 22:02 -------- d-----w c:\documents and settings\All Users\Application Data\1.0.0.0
2009-04-09 19:29 . 2009-04-09 19:29 0 ----a-w c:\windows\odbcddp.ini
2009-04-09 16:40 . 2009-04-09 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-09 16:31 . 2009-04-09 16:31 878080 ----a-w c:\windows\system32\iconv.dll
2009-04-09 16:31 . 2009-04-09 16:31 192 ----a-w c:\windows\system32\libsyslic1.ls
2009-04-09 16:31 . 2009-04-09 16:31 170432 ----a-w c:\windows\system32\libsyslic1.pd
2009-04-09 16:31 . 2009-04-09 16:31 150016 ----a-w c:\windows\system32\libxslt.dll
2009-04-09 16:31 . 2009-04-09 16:31 721920 ----a-w c:\windows\system32\libxml2.dll
2009-04-09 16:31 . 2009-04-09 16:31 51200 ----a-w c:\windows\system32\libexslt.dll
2009-04-09 16:29 . 2009-04-09 16:30 -------- d-----w c:\windows\system32\URTTemp
2009-04-09 16:28 . 2007-03-24 10:45 57344 ------r c:\windows\system32\libsyslic1.dll
2009-04-09 16:28 . 2007-03-13 23:57 144896 ------r c:\windows\system32\libsyslic1.original.dll
2009-04-09 07:57 . 2009-04-09 19:29 97 ----a-w c:\windows\dragon.ini
2009-04-09 07:56 . 2009-04-09 19:29 227 ----a-w c:\windows\ODBC.INI
2009-04-09 07:56 . 2009-04-09 07:56 240 ----a-w c:\windows\WININIT.INI
2009-04-09 07:56 . 2009-04-09 07:56 123 ----a-w c:\windows\TMPCPYIS.BAT
2009-04-09 07:56 . 2009-04-09 07:56 122 ----a-w c:\windows\TMPDELIS.BAT
2009-04-09 07:56 . 2009-04-09 07:56 26 ----a-w c:\windows\WINSTART.BAT
2009-04-07 18:32 . 1998-10-29 15:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-07 17:52 . 2004-08-03 22:08 25600 -c--a-w c:\windows\system32\dllcache\usbser.sys
2009-04-07 17:52 . 2004-08-03 22:08 25600 ----a-w c:\windows\system32\drivers\usbser.sys
2009-04-07 17:52 . 2009-04-07 17:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-07 17:52 . 2009-04-07 17:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-07 17:38 . 2004-12-14 18:16 53248 ----a-r c:\windows\system32\InstMed.exe
2009-04-07 17:19 . 2009-04-07 17:19 -------- d-----w c:\documents and settings\Invité\Application Data\PC Suite
2009-04-07 17:14 . 2009-04-07 17:40 -------- d-----w c:\windows\SxsCaPendDel
2009-04-07 17:09 . 2009-04-10 13:47 120 ----a-w c:\windows\d4s.hst
2009-04-07 17:08 . 2009-04-07 17:08 -------- d--h--w c:\windows\$hf_mig$
2009-04-07 17:07 . 2009-04-07 17:10 -------- d-----w C:\9e2bfdf63a90492524e1abb9b548c7
2009-04-07 16:56 . 2009-04-07 17:52 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-07 16:51 . 2007-09-17 14:53 21632 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-07 16:50 . 2008-05-07 06:38 8064 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-04-07 16:50 . 2008-06-06 08:24 8064 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-04-07 16:50 . 2008-05-07 06:38 20864 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-04-07 16:50 . 2008-05-07 06:39 1419232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll
2009-04-07 16:50 . 2008-05-07 06:38 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-04-07 16:50 . 2008-05-07 06:38 17536 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-04-07 16:50 . 2008-05-07 06:38 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-07 16:50 . 2009-04-07 16:50 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-07 05:24 . 2007-09-13 03:45 -------- d--h--w c:\documents and settings\Invité\Voisinage réseau
2009-04-02 16:19 . 2007-12-19 03:10 159744 ----a-r c:\windows\system32\igfxres.dll
2009-04-02 16:17 . 2007-12-19 03:40 147456 ----a-r c:\windows\system32\igfxCoIn_v4906.dll
2009-04-02 16:16 . 2007-12-19 03:11 176128 ----a-r c:\windows\system32\igfxrsky.lrc
2009-04-02 16:16 . 2007-12-19 03:11 172032 ----a-r c:\windows\system32\igfxrslv.lrc
2009-04-02 16:16 . 2007-12-19 03:32 1670144 ----a-r c:\windows\system32\igxpdv32.dll
2009-04-02 16:16 . 2007-12-19 03:32 2643456 ----a-r c:\windows\system32\igxpdx32.dll
2009-04-02 16:16 . 2007-12-19 03:32 5854688 ----a-r c:\windows\system32\drivers\igxpmp32.sys
2009-04-02 16:16 . 2007-12-19 03:32 57344 ----a-r c:\windows\system32\igxprd32.dll
2009-04-02 16:16 . 2007-12-19 03:32 151040 ----a-r c:\windows\system32\igxpgd32.dll
2009-04-02 16:16 . 2009-04-07 16:51 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-02 16:16 . 2007-12-31 01:21 920088 ----a-r c:\windows\system32\igxpun.exe
2009-04-02 16:16 . 2009-04-02 16:16 -------- d-----w C:\Intel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 16:45 . 2009-04-20 16:45 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-04-20 16:42 . 2009-04-20 16:42 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 22:07 . 2009-04-19 22:07 -------- d-----w c:\program files\Trend Micro
2009-04-19 22:06 . 2009-04-19 22:06 -------- d-----w c:\program files\Alwil Software
2009-04-19 21:55 . 2009-04-19 21:56 13902 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2009-04-18 20:01 . 2007-09-13 02:10 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-11 20:38 . 2007-09-13 02:19 -------- d-----w c:\program files\Microsoft Works
2009-04-11 20:37 . 2009-04-11 20:37 -------- d-----w c:\program files\MSBuild
2009-04-11 20:26 . 2008-09-16 16:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 16:31 . 2009-04-09 16:31 -------- d-----w c:\program files\SYSTRAN
2009-04-09 16:31 . 2008-09-16 16:31 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-04-09 16:30 . 2002-09-07 00:00 69004 ----a-w c:\windows\system32\perfc00C.dat
2009-04-09 16:30 . 2002-09-07 00:00 501194 ----a-w c:\windows\system32\perfh00C.dat
2009-04-07 18:31 . 2009-04-07 18:31 -------- d-----w c:\program files\directx
2009-04-07 17:38 . 2009-04-07 17:38 -------- d-----w c:\program files\Fichiers communs\Logitech
2009-04-07 17:37 . 2009-04-07 17:37 -------- d-----w c:\program files\Logitech
2009-04-07 17:36 . 2009-04-07 17:36 90 ----a-w C:\LogiSetup.log
2009-04-07 17:22 . 2009-04-07 17:22 -------- d-----w c:\program files\Conjugaison
2009-04-07 17:16 . 2009-04-07 17:16 -------- d-----w c:\program files\Fichiers communs\Adobe AIR
2009-04-07 17:14 . 2008-09-15 12:49 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-07 17:14 . 2009-04-07 17:14 -------- d-----w c:\program files\MSECache
2009-04-07 16:51 . 2009-04-07 16:51 -------- d-----w c:\program files\Fichiers communs\PCSuite
2009-04-07 16:51 . 2009-04-07 16:51 -------- d-----w c:\program files\Fichiers communs\Nokia
2009-04-07 16:51 . 2009-04-07 16:50 -------- d-----w c:\program files\Nokia
2009-04-07 16:51 . 2009-04-07 16:51 -------- d-----w c:\program files\DIFX
2009-04-07 16:50 . 2009-04-07 16:50 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-07 05:16 . 2008-09-16 07:56 13030 ----a-w C:\PDOXUSRS.NET
2009-02-26 09:12 . 2009-02-26 09:05 -------- d-----w c:\program files\VIA
2009-02-26 09:08 . 2009-02-26 09:08 -------- d-----w c:\program files\S3
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 180269]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-21 29753344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 FXDrv32;FXDrv32; [x]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-01-02 215936]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 18:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-20 18:33
ComboFix-quarantined-files.txt 2009-04-20 17:33
Pre-Run: 37 439 705 088 octets libres
Post-Run: 37 437 906 944 octets libres
152
Rapport Mbam:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
20/04/2009 18:26:09
mbam-log-2009-04-20 (18-26-09).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 124926
Time elapsed: 23 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
c'est du chinois pour moi, alors si quelqu'un pouvait m'aider....
Merci pour votre attention et votre temps :)