?
Solved

German words on my windows program files.

Posted on 2005-03-31
9
Medium Priority
?
345 Views
Last Modified: 2010-04-11
I have a bunch of German words on my c drive program files.  Is that normal or bugs?
These files have German names in Hijak this.  Also, the "smss.exe" file could be a trojan horse.  

C:\WINDOWS\system32\spoolsv.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe



Logfile of HijackThis v1.99.1
Scan saved at 4:34:25 PM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\spoolsv.C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CW4\cw4.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\david\My Documents\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093308777255
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

0
Comment
Question by:saintsfanpk3
9 Comments
 

Author Comment

by:saintsfanpk3
ID: 13677196
this is what I mean

 C:\WINDOWS\System32\smss.exe  
Safe.   running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.  
 
  C:\WINDOWS\system32\winlogon.exe  
Safe.   running process. (winlogon.exe)
Systemprozess - Windows Login Routine  
 
  C:\WINDOWS\system32\services.exe  
Safe.   running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.  
 
  C:\WINDOWS\system32\lsass.exe  
Safe.   running process. (lsass.exe)
Systemprozess  
 
  C:\WINDOWS\system32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\System32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\system32\spoolsv.exe  
Safe.   running process. (spoolsv.exe)
Systemprozess  
 
  C:\WINDOWS\Explorer.EXE  
Safe.   running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13677441
What are your region language settings? Sometimes co-workers can play tricks on one-another, this is a common "trick" they do. Also, hijackthis is a written by a programmer in the Netherlands (not that that means anything... but it's available to DL in 5 languages... maybe you DL'd the German version?
-rich
0
 

Author Comment

by:saintsfanpk3
ID: 13677513
This ismy home computer and the settings are in english.  I am concerned that the German may mean the items are bugs.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 13677713
Then it sounds like you have a German version... is this the only program giving you output in German? Perhaps the incorrect language was selected when setup?
-rich
0
 

Author Comment

by:saintsfanpk3
ID: 13677850
No output in German.  Only some of the windows proccesses are in named in German.  Just the ones I listed with the German.  The rest of the windows proccesses are in english and that is why I am concerned.  I do not have a German version and Dell did the instalation at the factory in English, that is also adding to my concern that now there are German words.  I do not have any problems or faulty output, I am just worrying about the act that there could be trojan horses or other bugs that I unaware of and the only indication of which could be the German words in the names.  I unbderstand that some hackers disguise there worms and soforth with legitimate names but different or in a wrong place.  
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 13679354
if you did not install any additional software, then it might be a trojan installed somehow
0
 
LVL 4

Assisted Solution

by:graemeboro
graemeboro earned 400 total points
ID: 13679460
If you are conecerned about Trojans virus run the following :-

Ad Adware:- www.lavasoft.com
SpyBot:-http://www.safer-networking.org/en/mirrors/
Microsoft Anti Spyware tool :- http://www.microsoft.com/athome/security/spyware/software/default.mspx

You should look at some good anit virus scans  you can get AVG for free :-

http://www.grisoft.com/doc/40/lng/ww

or if you have the budget look at Kaperky www.kapersky.com

And if you have broadband or a decent speed internet connection use Trend Micro's online virusscan :-
http://housecall.trendmicro.com/

Hopefully if there is anything wrong this should help to pick up the issues.

Good luck
Graeme  
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 400 total points
ID: 13681181
Hi!

What you're seeing is output from the HijackThis Automatic analysis site -
the German language section.

Try running your log through this:
http://www.hijackthis.de/en

RF
0
 
LVL 4

Accepted Solution

by:
FalconHawk earned 400 total points
ID: 13684123
C:\WINDOWS\system32\spoolsv.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

All these files are perfectly legal. They are all part of your windows insatllations, and are in no case a virus, worm or trojan horse.

Now you may ask what if they are legal NAMES, but other files uploaded by a hacker or website?
Windows has a technologie called windows file protection. This technologie scanns the windows files on your system at shutdown time to see if they are in any way altered(this is why shutting down takes so long). If the files are altered, it will replace them with the origional windows files. Since you most probally turned of your computer between posting, and the files are there, they are legal. Even if you DIDNT turn it of, dont worry to much. i think you just got a german version of windows, or a few files that origionally belonged to a German system. Anyway, your safe. dont worry about that

Greetz, Falcon
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question