Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Spyware et mail piraté

greysmoke

Par greysmoke
dans Analyses et éradication malwares

 Partager

Messages recommandés

greysmoke Junior Member

greysmoke

Posté(e)
Posté(e)

Bonjour,

 

J'ai une amie dont le compte mail est détourné et visiblement espionné par une tierce personne.

 

En jetant un coup d'oeil rapide à sa machine, par le biais d'un scan spybot, j'obtiens ceci :

 

Search results from Spybot - Search & Destroy

 

27/11/2012 11:47:40

Scan took 00:13:51.

66 items found.

 

SweetIM: [sBI $51CF2A45] Settings (Registry Value, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\SweetIM\simapp_id

 

SweetIM: [sBI $3C0145EF] Settings (Registry Value, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM\simapp_id

 

SweetIM: [sBI $3179D0FA] IE toolbar (Registry Value, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847}

 

SweetIM: [sBI $85B9B48E] Settings (Registry Value, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{EEE6C35D-6118-11DC-9C72-001320C79847}

 

SweetIM: [sBI $8F9F899A] IE toolbar (Registry Value, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}

 

Macromedia.FlashPlayer.Cookies: [sBI $6AA61750] Text file (File, nothing done)

C:\Users\Lucie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UCLRDHY7\s.ytimg.com\videostats.sol

Properties.size=104

Properties.md5=B25C63A5ECE1B487098AB15622512C06

Properties.filedate=1341847381

Properties.filedatetext=2012-07-09 16:23:00

 

Macromedia.FlashPlayer.Cookies: [sBI $1EF45977] Text file (File, nothing done)

C:\Users\Lucie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UCLRDHY7\p.iivt.com\iivt.swf\iivt.sol

Properties.size=40

Properties.md5=BFFABC3474A262DFBB9F5F758B42830B

Properties.filedate=1342873598

Properties.filedatetext=2012-07-21 13:26:38

 

Macromedia.FlashPlayer.Cookies: [sBI $5555F3D7] Text file (File, nothing done)

C:\Users\Lucie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UCLRDHY7\heias.com\x\heias_sc.swf\heias.sol

Properties.size=63

Properties.md5=B5CCCFED4BD6C0AF7A392477AB5B92D4

Properties.filedate=1341846527

Properties.filedatetext=2012-07-09 16:08:46

 

Macromedia.FlashPlayer.Cookies: [sBI $5555F3D7] Text file (File, nothing done)

C:\Users\Lucie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UCLRDHY7\studio.freshlook.com.fr\makeover\index.swf\TestMovie_Config_Info.sol

Properties.size=341

Properties.md5=BF789E25C85AA3A0621A8C653BC448E5

Properties.filedate=1341846495

Properties.filedatetext=2012-07-09 16:08:15

 

DoubleClick: [sBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Lucie) (Browser: Cookie, nothing done)

 

 

DoubleClick: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

Tradedoubler: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

Tradedoubler: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

FastClick: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

Tradedoubler: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

Tradedoubler: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

DoubleClick: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

CasaleMedia: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

MediaPlex: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

MediaPlex: [sBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)

 

 

Log: [sBI $8E73A7FB] Activity: ntbtlog.txt (File, nothing done)

C:\Windows\ntbtlog.txt

Properties.size=289482

Properties.md5=7EA35A327A7F54132665A4834CC59E84

Properties.filedate=1354013257

Properties.filedatetext=2012-11-27 11:47:36

 

Log: [sBI $8E73A7FB] Install: Directx.log (File, nothing done)

C:\Windows\Directx.log

Properties.size=27679

Properties.md5=1B13F8F9D5581244025C083B250B081F

Properties.filedate=1211427744

Properties.filedatetext=2008-05-22 04:42:23

 

Log: [sBI $8E73A7FB] Install: setupact.log (File, nothing done)

C:\Windows\setupact.log

Properties.size=124596

Properties.md5=368EC9E02BFC1BF3DE46F84647C0104D

Properties.filedate=1354012094

Properties.filedatetext=2012-11-27 11:28:13

 

Log: [sBI $8E73A7FB] Install: setupapi.log (File, nothing done)

C:\Windows\setupapi.log

Properties.size=94

Properties.md5=7DCF473391ED652447DF2C62BE835551

Properties.filedate=1162471672

Properties.filedatetext=2006-11-02 13:47:52

 

Log: [sBI $8E73A7FB] Install: DtcInstall.log (File, nothing done)

C:\Windows\DtcInstall.log

Properties.size=4257

Properties.md5=C844FB145BADF57B791199AD6936E0D0

Properties.filedate=1341008246

Properties.filedatetext=2012-06-29 23:17:26

 

Log: [sBI $8E73A7FB] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)

C:\Windows\System32\wbem\logs\wmiprov.log

Properties.size=39766

Properties.md5=FEFC075D04A141E78A6A62F9CD6DCFF5

Properties.filedate=1354012607

Properties.filedatetext=2012-11-27 11:36:46

 

Internet Explorer: [sBI $1E8157BE] Typed URL list (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Internet Explorer\TypedURLs

 

Internet Explorer: [sBI $0BC7B918] User agent (Registry Change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Registry Change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Registry Change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Registry Change, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

Internet Explorer: [sBI $0BC7B918] User agent (Registry Change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

 

MS Management Console: [sBI $ECD50EAD] Recent command list (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Microsoft Management Console\Recent File List

 

MS Media Player: [sBI $E48560B4] Recent file list (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList

 

MS Direct3D: [sBI $7FB7B83F] Most recent application (Registry Change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

 

MS Direct3D: [sBI $C2A44980] Most recent application (Registry Change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

 

MS Direct3D: [sBI $C2A44980] Most recent application (Registry Change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

 

MS Direct3D: [sBI $C2A44980] Most recent application (Registry Change, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

 

MS Direct3D: [sBI $C2A44980] Most recent application (Registry Change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

 

MS DirectDraw: [sBI $EB49D5AF] Most recent application (Registry Change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

 

Windows: [sBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

 

Windows.OpenWith: [sBI $C92C6763] Open with list - .BUP extension (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList

 

Windows Explorer: [sBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

 

Windows Explorer: [sBI $6107D172] User Assistant history files (Registry Key, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Registry Change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Registry Change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Registry Change, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $37AAEDE6] Computer name (Registry Change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Registry Change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Registry Change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Registry Change, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $CAA58B6E] Unique ID (Registry Change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

 

Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Registry Value, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Registry Value, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Registry Value, nothing done)

HKEY_USERS\S-1-5-21-815178926-3297228620-212556211-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Windows Media SDK: [sBI $BACCD0DA] Volume serial number (Registry Value, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Cookie: [sBI $49804B54] Browser: Cookie (13) (Browser: Cookie, nothing done)

 

 

Cache: [sBI $49804B54] Browser: Cache (335) (Browser: Cache, nothing done)

 

 

History: [sBI $49804B54] Browser: History (57) (Browser: History, nothing done)

 

 

Cookie: [sBI $49804B54] Browser: Cookie (450) (Browser: Cookie, nothing done)

 

 

History: [sBI $49804B54] Browser: History (1120) (Browser: History, nothing done)

 

 

 

--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

 

2012-11-13 blindman.exe (2.0.12.151)

2012-11-13 explorer.exe (2.0.12.173)

2012-11-13 SDBootCD.exe (2.0.12.109)

2012-11-13 SDCleaner.exe (2.0.12.110)

2012-11-13 SDDelFile.exe (2.0.12.94)

2012-11-13 SDFiles.exe (2.0.12.135)

2012-11-13 SDFileScanHelper.exe (2.0.12.1)

2012-11-13 SDFSSvc.exe (2.0.12.205)

2012-11-13 SDImmunize.exe (2.0.12.130)

2012-11-13 SDLogReport.exe (2.0.12.107)

2012-11-13 SDPESetup.exe (2.0.12.3)

2012-11-13 SDPEStart.exe (2.0.12.86)

2012-11-13 SDPhoneScan.exe (2.0.12.27)

2012-11-13 SDPRE.exe (2.0.12.13)

2012-11-13 SDPrepPos.exe (2.0.12.10)

2012-11-13 SDQuarantine.exe (2.0.12.103)

2012-11-13 SDRootAlyzer.exe (2.0.12.116)

2012-11-13 SDSBIEdit.exe (2.0.12.39)

2012-11-13 SDScan.exe (2.0.12.173)

2012-11-13 SDScript.exe (2.0.12.53)

2012-11-13 SDSettings.exe (2.0.12.130)

2012-11-13 SDShred.exe (2.0.12.105)

2012-11-13 SDSysRepair.exe (2.0.12.101)

2012-11-13 SDTools.exe (2.0.12.150)

2012-11-13 SDTray.exe (2.0.12.127)

2012-11-13 SDUpdate.exe (2.0.12.89)

2012-11-13 SDUpdSvc.exe (2.0.12.76)

2012-11-13 SDWelcome.exe (2.0.12.126)

2012-11-13 SDWSCSvc.exe (2.0.12.2)

2012-11-27 unins000.exe (51.1052.0.0)

1999-12-02 xcacls.exe

2012-08-23 borlndmm.dll (10.0.2288.42451)

2012-09-05 DelZip190.dll (1.9.0.107)

2012-09-10 libeay32.dll (1.0.0.4)

2012-09-10 libssl32.dll (1.0.0.4)

2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)

2012-11-13 SDECon32.dll (2.0.12.113)

2012-11-13 SDEvents.dll (2.0.12.2)

2012-11-13 SDFileScanLibrary.dll (2.0.12.9)

2012-11-13 SDHelper.dll (2.0.12.88)

2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)

2012-11-13 SDLists.dll (2.0.12.4)

2012-11-13 SDResources.dll (2.0.12.7)

2012-11-13 SDScanLibrary.dll (2.0.12.131)

2012-11-13 SDTasks.dll (2.0.12.15)

2012-11-13 SDWinLogon.dll (2.0.12.0)

2012-08-23 sqlite3.dll

2012-09-10 ssleay32.dll (1.0.0.4)

2012-11-13 Tools.dll (2.0.12.36)

2012-11-13 UninsSrv.dll (2.0.12.52)

2012-11-14 Includes\Adware.sbi (*)

2012-11-14 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2012-11-14 Includes\Dialer.sbi (*)

2012-11-14 Includes\DialerC.sbi (*)

2012-11-14 Includes\HeavyDuty.sbi (*)

2012-11-14 Includes\Hijackers.sbi (*)

2012-11-14 Includes\HijackersC.sbi (*)

2012-11-14 Includes\iPhone.sbi (*)

2012-11-14 Includes\Keyloggers.sbi (*)

2012-11-14 Includes\KeyloggersC.sbi (*)

2012-11-14 Includes\Malware.sbi (*)

2012-11-14 Includes\MalwareC.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2012-11-14 Includes\PUPSC.sbi (*)

2012-11-14 Includes\Security.sbi (*)

2012-11-14 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2012-11-14 Includes\Spyware.sbi (*)

2012-11-14 Includes\SpywareC.sbi (*)

2011-06-07 Includes\Tracks.sbi (*)

2005-02-17 Includes\Tracks.uti (*)

2012-11-14 Includes\Trojans.sbi (*)

2012-11-14 Includes\TrojansC-02.sbi (*)

2012-11-14 Includes\TrojansC-03.sbi (*)

2012-11-14 Includes\TrojansC-04.sbi (*)

2012-11-14 Includes\TrojansC-05.sbi (*)

2012-11-14 Includes\TrojansC.sbi (*)

 

 

Comment savoir si l'une des infections trouvées peut être une application ayant permi le piratage ou l'espionnage d'un compte mail ?

 

Merci d'avance...

 

Grey'

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...