eccolo qua
---------------------------
Search Navipromo version 3.6.5 began on 01/10/2008 at 12.35.20,60

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "Tipografia Etrusca"

Updated on 22.08.2008 at 17h30 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : FAT32

Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Tipografia Etrusca\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Tipografia Etrusca\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Tipografia Etrusca\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

Hidden file(s) :

C:\Documents and Settings\Tipografia Etrusca\Impostazioni locali\Dati applicazioni\qoeyi.exe 278528 bytes
C:\Documents and Settings\Tipografia Etrusca\Impostazioni locali\Dati applicazioni\qoeyi.dat 16384 bytes
C:\Documents and Settings\Tipografia Etrusca\Impostazioni locali\Dati applicazioni\qoeyi_nav.dat 163840 bytes
C:\Documents and Settings\Tipografia Etrusca\Impostazioni locali\Dati applicazioni\qoeyi_navps.dat 16384 bytes


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Tipografia Etrusca\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***


C:\WINDOWS\system32\nvs2.inf found !

*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Tipografia Etrusca\impost~1\datiap~1" :


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 01/10/2008 at 12.39.42,76 ***