Link to home
Start Free TrialLog in
Avatar of saintsfanpk3
saintsfanpk3

asked on

German words on my windows program files.

I have a bunch of German words on my c drive program files.  Is that normal or bugs?
These files have German names in Hijak this.  Also, the "smss.exe" file could be a trojan horse.  

C:\WINDOWS\system32\spoolsv.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe



Logfile of HijackThis v1.99.1
Scan saved at 4:34:25 PM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\spoolsv.C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CW4\cw4.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\david\My Documents\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093308777255
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Avatar of saintsfanpk3
saintsfanpk3

ASKER

this is what I mean

 C:\WINDOWS\System32\smss.exe  
Safe.   running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.  
 
  C:\WINDOWS\system32\winlogon.exe  
Safe.   running process. (winlogon.exe)
Systemprozess - Windows Login Routine  
 
  C:\WINDOWS\system32\services.exe  
Safe.   running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.  
 
  C:\WINDOWS\system32\lsass.exe  
Safe.   running process. (lsass.exe)
Systemprozess  
 
  C:\WINDOWS\system32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\System32\svchost.exe  
Safe.   running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.  
 
  C:\WINDOWS\system32\spoolsv.exe  
Safe.   running process. (spoolsv.exe)
Systemprozess  
 
  C:\WINDOWS\Explorer.EXE  
Safe.   running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image
What are your region language settings? Sometimes co-workers can play tricks on one-another, this is a common "trick" they do. Also, hijackthis is a written by a programmer in the Netherlands (not that that means anything... but it's available to DL in 5 languages... maybe you DL'd the German version?
-rich
Avatar of saintsfanpk3
saintsfanpk3

ASKER

This ismy home computer and the settings are in english.  I am concerned that the German may mean the items are bugs.
SOLUTION
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of saintsfanpk3
saintsfanpk3

ASKER

No output in German.  Only some of the windows proccesses are in named in German.  Just the ones I listed with the German.  The rest of the windows proccesses are in english and that is why I am concerned.  I do not have a German version and Dell did the instalation at the factory in English, that is also adding to my concern that now there are German words.  I do not have any problems or faulty output, I am just worrying about the act that there could be trojan horses or other bugs that I unaware of and the only indication of which could be the German words in the names.  I unbderstand that some hackers disguise there worms and soforth with legitimate names but different or in a wrong place.  
SOLUTION
Avatar of ahoffmann
ahoffmann
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of graemeboro
graemeboro
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of rossfingal
rossfingal
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of FalconHawk
FalconHawk
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial