saintsfanpk3
asked on
German words on my windows program files.
I have a bunch of German words on my c drive program files. Is that normal or bugs?
These files have German names in Hijak this. Also, the "smss.exe" file could be a trojan horse.
C:\WINDOWS\system32\spools v.
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
Logfile of HijackThis v1.99.1
Scan saved at 4:34:25 PM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\system32\spools v.C:\WINDO WS\System3 2\smss.exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb05.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\CW4\cw4.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService .exe
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\david\My Documents\hijackthis_199\H ijackThis. exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B 2026E4C7ED F} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B 2697FA7D77 E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT PEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093308777255
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2 2031317559 2} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-0 0C04F72DAE B} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr vc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLog on.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\Rtvscan.exe
These files have German names in Hijak this. Also, the "smss.exe" file could be a trojan horse.
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
Logfile of HijackThis v1.99.1
Scan saved at 4:34:25 PM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Synaptics\SynTP\SynT
C:\Program Files\Synaptics\SynTP\SynT
C:\WINDOWS\System32\spool\
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\CW4\cw4.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\Symantec_Client_Secu
C:\Program Files\Symantec_Client_Secu
C:\Program Files\iPod\bin\iPodService
C:\PROGRA~1\AIM95\aim.exe
C:\Documents and Settings\david\My Documents\hijackthis_199\H
R0 - HKCU\Software\Microsoft\In
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O16 - DPF: {C3DFA998-A486-11D4-AA25-0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLog
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Secu
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Secu
What are your region language settings? Sometimes co-workers can play tricks on one-another, this is a common "trick" they do. Also, hijackthis is a written by a programmer in the Netherlands (not that that means anything... but it's available to DL in 5 languages... maybe you DL'd the German version?
-rich
-rich
ASKER
This ismy home computer and the settings are in english. I am concerned that the German may mean the items are bugs.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No output in German. Only some of the windows proccesses are in named in German. Just the ones I listed with the German. The rest of the windows proccesses are in english and that is why I am concerned. I do not have a German version and Dell did the instalation at the factory in English, that is also adding to my concern that now there are German words. I do not have any problems or faulty output, I am just worrying about the act that there could be trojan horses or other bugs that I unaware of and the only indication of which could be the German words in the names. I unbderstand that some hackers disguise there worms and soforth with legitimate names but different or in a wrong place.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
C:\WINDOWS\System32\smss.e
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und löschen.
C:\WINDOWS\system32\winlog
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINDOWS\system32\servic
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchos
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\System32\svchos
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.
C:\WINDOWS\system32\spools
Safe. running process. (spoolsv.exe)
Systemprozess
C:\WINDOWS\Explorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess für Desktop und Taskleiste