Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

media pass ??

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

media pass ??

Postdi lumen6 » 09/03/05 00:53

Sapete cos'è questo media pass??? l'ho trovato in programfiles viene caricato ogni volta.
Non si disinstalla e non si elimina con i soliti prg.

Ho cercato su internet ma in italiano non trovo niente.
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Sponsor
 

Postdi Dylan666 » 09/03/05 00:57

nelle proprietà c'è qualche info in più? Tipo il nome dei produttori o roba simile?
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Postdi piercing » 09/03/05 00:57

viene caricato dove?

eventualmente postaci un log di hijack...
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi lumen6 » 09/03/05 01:02

Logfile of HijackThis v1.99.0
Scan saved at 1.02.03, on 09/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\PROGRAMMI\SAMSUNG MULTIMEDIA KEYBOARD\MMKBD.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAMMI\CREATIVE\SBLIVE\PROGRAM\CTAVTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\USB DRIVE\SHWICON.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\MEDIA PASS\MEDIAPASS.EXE
C:\PROGRAM FILES\MEDIA PASS\MEDIAPASSK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\COUNTDOWN\COUNTDOWN.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\POPUP HUNTER\POPUPHUNTER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.virgilio.it/alice01.home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://gw.virgilio.it/alice01.home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da VirgilioTin
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMMI\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Multimedia Keyboard] "C:\Programmi\Samsung Multimedia Keyboard\MMKBD.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\PROGRAMMI\CREATIVE\SBLIVE\LAUNCHER\CTLAUNCHER.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAVTray] C:\PROGRAMMI\CREATIVE\SBLIVE\PROGRAM\CTAvTray.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [hpppta] C:\Programmi\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Drive Series Driver v1.19r025] "C:\Programmi\USB Drive\shwicon.exe" -t"The Company\USB Drive Series Driver v1.19r025"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRAMMI\FLASHGET\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRAMMI\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FLASHGET.EXE
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/alice01.home
O16 - DPF: {713AE1D4-897C-11D2-B2A0-00C04F94B4D5} (WUCorpSuppControl Class) - http://corporate.windowsupdate.microsof ... corpct.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {2057E707-FA09-451B-972F-9CFBA9F2423C} (Tiscali702) - http://www.tiscali.it/cabs/Tiscali702.cab
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Postdi lumen6 » 09/03/05 01:05

nella cartella media pass ho trovato un file info.txt ma io non l'ho mai installato.
What is Media Pass?
---------------------
Media Pass is free ad delivery software which provides targeted advertising offers.


How did Media Pass get installed on your computer?
----------------------------------------------------
You downloaded Media Pass from a Website that is able to offer its content for free because
it shows the Media Pass ActiveX popup. The Media Pass program is installed only once the user
has agreed on it by clicking on “yes”. Through the ActiveX, the user can review the license terms
and privacy policy before installing the software. Each and every distributor is carefully reviewed
to make sure that their distribution techniques abide by a strict code of conduct.

If you do not remember having seen an ActiveX prompt, you might have downloaded Media Pass from a
popular free software product (screensavers, games, file sharing software, etc.). Users always will
have to opt-in before installing the Media Pass software.


Removal instructions:
---------------------
Media Pass supports many free software products through its advertising relevancy technology.
If you remove Media Pass from your system, certain free software that you installed may no longer
function properly and you may have to reinstall them from a backup.

If you are sure that you want to remove Media Pass from your computer just follow these two easy steps:

1) Click Start -> Control Panel -> Add/Remove Programs

2) Scroll to Media Pass and click Remove


End User License Agreement:
---------------------------
Please find an up to date copy of Media Pass's End User License Agreement at
http://www.windupdates.com/license.html
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Postdi Dylan666 » 09/03/05 01:13

lumen6 ha scritto:Media Pass is free ad delivery software which provides targeted advertising offers.


Ok, è chiaramente uno spyware ;)
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Postdi piercing » 09/03/05 12:37

If you are sure that you want to remove Media Pass from your computer just follow these two easy steps:

1) Click Start -> Control Panel -> Add/Remove Programs

2) Scroll to Media Pass and click Remove


e questa è la procedura di rimozione...

poi cancella la cartella del programma e il suo contenuto, e fai un controllo delle chiavi di registro orfane (anche con spybot nel menù avanzato)
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi lumen6 » 09/03/05 16:17

La procedura descritta non mi è servita a niente.

Se era uno spyware, xchè sia adaware che spybot non lo hanno rilevato???

Lo cancellato manualmente e disinstallato il file con regcleaner dalla lista degli startup, ma tutto questo in modalità provvisoria, ed anche qui i 2 prg. di prima hanno fallito.

Con regcleanernella lista startup trovo il file LicCtrl ---runservice.exe che cos'è ???
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Postdi Dylan666 » 09/03/05 16:23

I file non è che li sappiamo tutti a memoria e allora cerchiamo su Google, cosa potresti fare pure da solo ;)

http://www.google.it/search?q=LicCtrl

Part of the eLicense Copy Protection scheme employed by some software and games.
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Postdi lumen6 » 09/03/05 18:56

Si vi ringrazio ma non ho capito cosa sia. :?:
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Postdi lumen6 » 09/03/05 18:56

forse è uno spyware
lumen6
Utente Senior
 
Post: 546
Iscritto il: 23/08/01 01:00
Località: Messina

Postdi Dylan666 » 10/03/05 08:58

Eppure te l'ho trascritto cosa è... e pure se non sai l'inglese una traduzione automatica (questa è quella di Google) direi che toglie ogni dubbio:

Parte dello schema di protezione di copia del eLicense impiegato da alcuni software e giochi.
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46


Torna a Sicurezza e Privacy


Topic correlati a "media pass ??":


Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti