Re: Headers Already Sent.
Solved.
MG, no need to destroy everything...
I just found the bad scripts and eliminated them. Then I cleared /includes folder's infected files replacing them with original ones.
I took a look at that login.php I talked you about... the script was a phishing one, composed of 2 files: 1 html clone login page and 1 php mail script that generated the phishing mail. The HTML line in every file I don't know, maybe another spam added after the first attack, I don't think is linked to the phishing script.
For those of you who wanna see the bad script, just ask.
Just a question,
MG or whoever can answer: the attack put two new files in my root... so as far as I can think with my few acknoledgements: that is not an XS security hole, but is hosting's security's fault, right? Should I get angry with 'em?