?
Solved

German words on my windows program files.

Posted on 2005-03-31
9
Medium Priority
?
342 Views
Last Modified: 2010-04-11
I have a bunch of German words on my c drive program files.  Is that normal or bugs?
These files have German names in Hijak this.  Also, the "smss.exe" file could be a trojan horse.  

C:\WINDOWS\system32\spoolsv.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe



Logfile of HijackThis v1.99.1
Scan saved at 4:34:25 PM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\spoolsv.C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CW4\cw4.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\david\My Documents\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093308777255
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

0
Comment
Question by:saintsfanpk3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 

Author Comment

by:saintsfanpk3
ID: 13677196
this is what I mean

 C:\WINDOWS\System32\smss.exe  
Safe.   running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.  
 
  C:\WINDOWS\system32\winlogon.exe  
Safe.   running process. (winlogon.exe)
Systemprozess - Windows Login Routine  
 
  C:\WINDOWS\system32\services.exe  
Safe.   running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.  
 
  C:\WINDOWS\system32\lsass.exe  
Safe.   running process. (lsass.exe)
Systemprozess  
 
  C:\WINDOWS\system32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\System32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\system32\spoolsv.exe  
Safe.   running process. (spoolsv.exe)
Systemprozess  
 
  C:\WINDOWS\Explorer.EXE  
Safe.   running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13677441
What are your region language settings? Sometimes co-workers can play tricks on one-another, this is a common "trick" they do. Also, hijackthis is a written by a programmer in the Netherlands (not that that means anything... but it's available to DL in 5 languages... maybe you DL'd the German version?
-rich
0
 

Author Comment

by:saintsfanpk3
ID: 13677513
This ismy home computer and the settings are in english.  I am concerned that the German may mean the items are bugs.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 13677713
Then it sounds like you have a German version... is this the only program giving you output in German? Perhaps the incorrect language was selected when setup?
-rich
0
 

Author Comment

by:saintsfanpk3
ID: 13677850
No output in German.  Only some of the windows proccesses are in named in German.  Just the ones I listed with the German.  The rest of the windows proccesses are in english and that is why I am concerned.  I do not have a German version and Dell did the instalation at the factory in English, that is also adding to my concern that now there are German words.  I do not have any problems or faulty output, I am just worrying about the act that there could be trojan horses or other bugs that I unaware of and the only indication of which could be the German words in the names.  I unbderstand that some hackers disguise there worms and soforth with legitimate names but different or in a wrong place.  
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 13679354
if you did not install any additional software, then it might be a trojan installed somehow
0
 
LVL 4

Assisted Solution

by:graemeboro
graemeboro earned 400 total points
ID: 13679460
If you are conecerned about Trojans virus run the following :-

Ad Adware:- www.lavasoft.com
SpyBot:-http://www.safer-networking.org/en/mirrors/
Microsoft Anti Spyware tool :- http://www.microsoft.com/athome/security/spyware/software/default.mspx

You should look at some good anit virus scans  you can get AVG for free :-

http://www.grisoft.com/doc/40/lng/ww

or if you have the budget look at Kaperky www.kapersky.com

And if you have broadband or a decent speed internet connection use Trend Micro's online virusscan :-
http://housecall.trendmicro.com/

Hopefully if there is anything wrong this should help to pick up the issues.

Good luck
Graeme  
0
 
LVL 12

Assisted Solution

by:rossfingal
rossfingal earned 400 total points
ID: 13681181
Hi!

What you're seeing is output from the HijackThis Automatic analysis site -
the German language section.

Try running your log through this:
http://www.hijackthis.de/en

RF
0
 
LVL 4

Accepted Solution

by:
FalconHawk earned 400 total points
ID: 13684123
C:\WINDOWS\system32\spoolsv.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

All these files are perfectly legal. They are all part of your windows insatllations, and are in no case a virus, worm or trojan horse.

Now you may ask what if they are legal NAMES, but other files uploaded by a hacker or website?
Windows has a technologie called windows file protection. This technologie scanns the windows files on your system at shutdown time to see if they are in any way altered(this is why shutting down takes so long). If the files are altered, it will replace them with the origional windows files. Since you most probally turned of your computer between posting, and the files are there, they are legal. Even if you DIDNT turn it of, dont worry to much. i think you just got a german version of windows, or a few files that origionally belonged to a German system. Anyway, your safe. dont worry about that

Greetz, Falcon
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question