Virus Comine.exe et autres

Bonjour,
ca fait une paye que mon ordi rame de plus en plus (j'utilise vista). J'utlisais l'anti virus N32 et ca se passait tres tres bien au debut jusqu'a il y a quelques temps (depuis une mise a jour de windows), l'anti virus bloque plein de logiciels au demarrage de windows. Il reconnait comme virus des sections meme de ce meme anti virus. J'ai essaye de changer et passer a AVG antivirus + firewall et pareil.
je cherchais donc dans mes processus les noms qui me paraissent inhabituels et louchent. Il y en a plusieurs, l'un d'entre eux est COMINE.exe.

Une des fenetres qui a commence a pparaitre avec les problemes est egalement en relation avec TUST.exe et MTVNE.exe

En cherchant sur le web je suis tombe sur ce forum et suis en train de faire ce qui a ete conseille sous ce lien :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version frl

E etant a l'etape de AVG spyware, voici le rapport AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:36:02 14/02/2008

+ Résultat de l'analyse:



C:\WINDOWS\System32\awvusqp.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\efcbaaa.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\fccdaax.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\jkklljh.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\opnnolk.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\wvwwx.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\WINDOWS\System32\xxwtu.dll -> Downloader.Small.hme : Aucune action entreprise.
C:\Program Files\Common Files\Real\Update_OB\realsched .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\PowerDVD\Language\Language .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\Shared files\brs .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\CyberLink\Shared files\brs.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\ICQ6\ICQ.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Java\jre1.6.0\bin\jusched .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Spyware Doctor\pctsTray.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\WINDOWS\System32\cbawv.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\WINDOWS\VM305_STI.EXE -> Dropper.Agent.dgo : Aucune action entreprise.
C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs -> Not-A-Virus.BadJoke.JS.RJump : Aucune action entreprise.
:mozilla.25:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.26:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.36:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.6:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.9:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.34:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.35:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.40:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.41:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.27:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.28:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.30:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.31:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.32:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.33:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.38:C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9lb2t0o6.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Program Files\ESET\nod32fix.reg -> Trojan.Hack.Vg : Aucune action entreprise.


Fin du rapport

******************************************
BitDefender Online Scanner







Scan report generated at: Fri, Feb 15, 2008 - 02:41:26









Scan path: C:\;D:\;E:\;















Statistics

Time


01:38:01

Files


392302

Folders


17095

Boot Sectors


3

Archives


2480

Packed Files


31580







Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


980846

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c094a48\Report.cab=>tusts.dll.xor=>(Quarantine-PE)


Infected with: Trojan.Vundo.DWK

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c094a48\Report.cab=>tusts.dll.xor=>(Quarantine-PE)


Deleted

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0c094a48\Report.cab


Update failed


****************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:03, on 15/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Windows\system32\tusts.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2B32A919-478B-4F72-815A-17B04DB909D3} - C:\Windows\system32\tusts.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7b791283-6a47-42e5-9538-7627a036f9d2} - C:\Windows\system32\dqaorxeh.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe