Search Navipromo version 3.7.1 began on 18/01/2009 at 19.07.41,56

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 02.01.2009 at 19h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Processore Intel Pentium II )
BIOS : Ver 1.00PARTTBL
USER : renzini ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090117-0] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:71 Go (Free:35 Go)
D:\ (Local Disk) - FAT32 - Total:71 Go (Free:68 Go)
E:\ (CD or DVD)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\renzini\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\renzini\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\renzini\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

Hidden file(s) :

C:\Documents and Settings\renzini\Impostazioni locali\Dati applicazioni\wayyg.dat
C:\Documents and Settings\renzini\Impostazioni locali\Dati applicazioni\wayyg.exe
C:\Documents and Settings\renzini\Impostazioni locali\Dati applicazioni\wayyg_nav.dat
C:\Documents and Settings\renzini\Impostazioni locali\Dati applicazioni\wayyg_navps.dat


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\renzini\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"wayyg"="\"c:\\documents and settings\\renzini\\impostazioni locali\\dati applicazioni\\wayyg.exe\" wayyg"


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\renzini\impost~1\datiap~1" :


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 18/01/2009 at 19.10.37,29 ***