Sujet Précédent Sujet Suivant

Tentative d'intrusion type injection de code

Fermé
bagheraax Messages postés 4 Date d'inscription dimanche 6 mai 2007 Statut Membre Dernière intervention 6 mai 2007 - 6 mai 2007 à 15:40
 AbsO - 28 juin 2007 à 09:56
Bonjour à tous!
je m'excuse d'avance si je ne suis pas très claire ds mes explications ms je n'y connais vraimt rien en informatique.
Voilà je viens de telecharger le pare feu Kerio et j'ai bcp de tentatives d'intrusion de type injection de codes à chaque fois que j'ouvre une application.
Le message est le suivant (seule l'application cible change) :

Application injectrice : C:\windows\system32\ajliigzyt.exe(new line)
Description : ajliigzyt(new line)
Version du fichier : (new line)
Produit : (new line)
Version du produit : (new line)
Créé le : 2007/4/28, 19:10:48(new line)
Modifié le : 2007/4/28, 19:10:48(new line)
Dernier accès le : 2007/5/6, 11:47:34

Application cible : C:\WINDOWS\system32\wuauclt.exe(new line)
Description : Mises à jour automatiques(new line)
Version du fichier : 5.8.0.2469 built by: lab01_n(wmbla)(new line)
Produit : Système d'exploitation Microsoft® Windows®(new line)
Version du produit : 5.8.0.2469(new line)
Créé le : 2006/8/5, 17:24:23(new line)
Modifié le : 2005/5/26, 02:16:30(new line)
Dernier accès le : 2007/5/6, 11:48:37

Adresse de l'injection : 0x023F0000

J'utilise avast et le scan est clean.
Par contre j'ai remarqué que je ne pouvais plus faire de nettoyage de disque et dps peu, lorsque je suis sur internet des nouvelles pages de sites s'affichent de façon intempestive.

J'aimerais donc savoir s'il y a un pb, virus... et ce que je dois faire?
Merci d'avance.
A voir également:

6 réponses

Réponse 1 / 6
fiddy Messages postés 11069 Date d'inscription samedi 5 mai 2007 Statut Contributeur Dernière intervention 23 avril 2022 1 835
6 mai 2007 à 15:46
Oui tu as un virus. C:\windows\system32\ajliigzyt.exe
J'ai cherché sur internet des informations sur ce fichier, et j'ai rien trouvé. Je te conseille d'envoyer ce fichier à un centre d'antivirus pour qu'ils t'en disent plus. Tu peux par exemple sur le site de Panda Antivirus. Mais il y en a pleins d'autres. => google ;)
0
bagheraax Messages postés 4 Date d'inscription dimanche 6 mai 2007 Statut Membre Dernière intervention 6 mai 2007
6 mai 2007 à 17:38
merci pr l'info mais ds ce cas, je ne comprends pas pourquoi avast ne détecte rien...?
0
bagheraax Messages postés 4 Date d'inscription dimanche 6 mai 2007 Statut Membre Dernière intervention 6 mai 2007
6 mai 2007 à 18:29
je viens de faire une analyse en ligne avec housecall et il semblerait que je sois infectée par un grayware...
ça se précise...
Alors que faire pour le supprimer??
0
bagheraax Messages postés 4 Date d'inscription dimanche 6 mai 2007 Statut Membre Dernière intervention 6 mai 2007
6 mai 2007 à 19:22
si qqun comprend qqchose, voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:47:39, on 06/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\fnacVOD\fnacVOD.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Aurore\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fnacVOD] C:\Program Files\fnacVOD\fnacVOD.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f7de8e11ece44ddb9bdf3286ca929450
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f7de8e11ece44ddb9bdf3286ca929450
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shiva-shanti.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 2 / 6
agmagor Messages postés 39 Date d'inscription lundi 4 juin 2007 Statut Membre Dernière intervention 31 décembre 2008 6
6 juin 2007 à 14:51
j'ai moi aussi des attaques injection de code
Détails techniques sur l'intrusion :

Application injectrice : C:\windows\system32\ozhypd.exe(new line)
Description : ozhypd(new line)
Version du fichier : (new line)
Produit : (new line)
Version du produit : (new line)
Créé le : 2007/5/25, 16:04:04(new line)
Modifié le : 2007/5/25, 16:04:04(new line)
Dernier accès le : 2007/6/6, 12:41:07

Application cible : C:\WINDOWS\system32\ctfmon.exe(new line)
Description : CTF Loader(new line)
Version du fichier : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)(new line)
Produit : Microsoft® Windows® Operating System(new line)
Version du produit : 5.1.2600.2180(new line)
Créé le : 2006/11/17, 21:09:41(new line)
Modifié le : 2004/8/19, 23:09:51(new line)
Dernier accès le : 2007/6/6, 12:40:43

Adresse de l'injection : 0x00A40000

(Impossible de trouver quoi que ce soit sur internet) selon vous, faut-il supprimmer le fichier ou faire autre chose ?
0
Réponse 3 / 6
fiddy Messages postés 11069 Date d'inscription samedi 5 mai 2007 Statut Contributeur Dernière intervention 23 avril 2022 1 835
6 juin 2007 à 15:05
Salut

Supprimer le fichier ne sert à rien, et même dans certains cas, cela accélère l'infection. En effet une fois que le virus est exécuté, il peut lancer des threads à part, se dupliquer, et après suppression du fichier père, il reste toujours les autres. La meilleure façon est de chercher sur internet un antidote sur des sites antivirus. Si l'antidote n'existe pas, envoyez le virus à des sites antivirus qui vous proposeront une antidote.

Bonne chance
0
Réponse 4 / 6
agmagor Messages postés 39 Date d'inscription lundi 4 juin 2007 Statut Membre Dernière intervention 31 décembre 2008 6
6 juin 2007 à 19:40
A voir le nom du fichier, je vois pas ce que tu veut trouver... Sinon, t'en connait des sites qui prennent les virus ?
voici le fichier log "hips" :
[06/Jun/2007 14:40:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00180000)
[06/Jun/2007 14:41:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \SystemRoot\System32\smss.exe (code address: 0x00320000)
[06/Jun/2007 14:41:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x011D0000)
[06/Jun/2007 14:41:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\services.exe (code address: 0x00E20000)
[06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00DC0000)
[06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x009E0000)
[06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MsMpEng.exe (code address: 0x00DC0000)
[06/Jun/2007 14:41:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x05FE0000)
[06/Jun/2007 14:41:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00820000)
[06/Jun/2007 14:41:53] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00D50000)
[06/Jun/2007 14:41:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\spoolsv.exe (code address: 0x01050000)
[06/Jun/2007 14:41:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\a-squared Free\a2service.exe (code address: 0x01FD0000)
[06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Common\Google Updater\GoogleUpdaterService.exe (code address: 0x00760000)
[06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x003B0000)
[06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\HPZipm12.exe (code address: 0x00880000)
[06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4ss.exe (code address: 0x075C0000)
[06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00B10000)
[06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\alg.exe (code address: 0x006D0000)
[06/Jun/2007 14:41:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01370000)
[06/Jun/2007 14:41:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01530000)
[06/Jun/2007 14:42:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x013E0000)
[06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00D40000)
[06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00CF0000)
[06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C40000)
[06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B40000)
[06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012B0000)
[06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FC0000)
[06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
[06/Jun/2007 14:42:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E40000)
[06/Jun/2007 14:42:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
[06/Jun/2007 14:44:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02230000)
[06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\imapi.exe (code address: 0x00950000)
[06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x015B0000)
[06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00E80000)
[06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00A80000)
[06/Jun/2007 14:46:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01980000)
[06/Jun/2007 14:46:38] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00A00000)
[06/Jun/2007 14:47:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x00A40000)
[06/Jun/2007 14:52:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x00A00000)
[06/Jun/2007 14:52:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\userinit.exe (code address: 0x00A20000)
[06/Jun/2007 14:52:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x022B0000)
[06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hkcmd.exe (code address: 0x01180000)
[06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Pierre\MessengerSkinner\MessengerSkinner.exe (code address: 0x012B0000)
[06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C50000)
[06/Jun/2007 14:52:08] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\hldrrr.exe (code address: 0x010A0000)
[06/Jun/2007 14:52:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\hldrrr.exe (code address: 0x012F0000)
[06/Jun/2007 14:56:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00AE0000)
[06/Jun/2007 15:03:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x01240000)
[06/Jun/2007 15:06:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (code address: 0x00B80000)
[06/Jun/2007 15:06:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\wintems.exe (code address: 0x01640000)
[06/Jun/2007 15:06:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x00EA0000)
[06/Jun/2007 15:07:36] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x01180000)
[06/Jun/2007 15:07:40] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\assist.exe (code address: 0x00B60000)
[06/Jun/2007 15:07:45] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E70000)
[06/Jun/2007 15:09:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00C80000)
[06/Jun/2007 15:13:41] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01890000)
[06/Jun/2007 15:17:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\dumprep.exe (code address: 0x008B0000)
[06/Jun/2007 15:17:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
[06/Jun/2007 15:17:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\packager.exe (code address: 0x00DF0000)
[06/Jun/2007 15:18:08] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\PE Explorer\pexplorer.exe (code address: 0x01C70000)
[06/Jun/2007 15:18:18] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01AF0000)
[06/Jun/2007 15:18:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Documents and Settings\Pierre\Bureau\ccm-2.0.7.exe (code address: 0x011D0000)
[06/Jun/2007 15:18:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x01E10000)
[06/Jun/2007 15:21:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
[06/Jun/2007 15:21:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000A0000)
[06/Jun/2007 15:21:47] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\usnsvc.exe (code address: 0x00780000)
[06/Jun/2007 15:22:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\NOTEPAD.EXE (code address: 0x00CC0000)
[06/Jun/2007 15:22:38] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\DOCUME~1\Pierre\LOCALS~1\Temp\irsetup.exe (code address: 0x01370000)
[06/Jun/2007 15:22:43] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x011C0000)
[06/Jun/2007 15:24:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x01F50000)
[06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x011C0000)
[06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x01F50000)
[06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
[06/Jun/2007 15:29:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x01440000)
[06/Jun/2007 15:29:48] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x039C0000)
[06/Jun/2007 15:36:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x013A0000)
[06/Jun/2007 15:55:52] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x01880000)
[06/Jun/2007 15:56:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
[06/Jun/2007 15:56:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
[06/Jun/2007 16:06:45] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x01360000)
[06/Jun/2007 16:13:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012F0000)
[06/Jun/2007 16:18:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014F0000)
[06/Jun/2007 16:18:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x007B0000)
[06/Jun/2007 16:18:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\cmd.exe (code address: 0x00890000)
[06/Jun/2007 16:18:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x017F0000)
[06/Jun/2007 16:18:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054B0000)
[06/Jun/2007 16:18:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
[06/Jun/2007 16:26:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
[06/Jun/2007 16:26:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014F0000)
[06/Jun/2007 16:26:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
[06/Jun/2007 16:27:07] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x007B0000)
[06/Jun/2007 16:27:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x03130000)
[06/Jun/2007 16:27:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
[06/Jun/2007 16:27:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054B0000)
[06/Jun/2007 16:35:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00D00000)
[06/Jun/2007 16:35:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E80000)
[06/Jun/2007 16:56:18] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\logon.scr (code address: 0x00C70000)
[06/Jun/2007 17:37:51] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\FLVPlayer\flvplayer.exe (code address: 0x01020000)
[06/Jun/2007 17:43:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\FLVPlayer\flvplayer.exe (code address: 0x01020000)
[06/Jun/2007 17:45:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (code address: 0x03880000)
[06/Jun/2007 17:46:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (code address: 0x013F0000)
[06/Jun/2007 17:49:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012F0000)
[06/Jun/2007 17:51:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Documents and Settings\Pierre\Bureau\safe-xp_safe_xp_1.5.7.14_anglais_11190\SafeXP.exe (code address: 0x02350000)
[06/Jun/2007 17:52:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
[06/Jun/2007 17:52:14] Last message repeated 4 times
[06/Jun/2007 17:52:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\locator.exe (code address: 0x00640000)
[06/Jun/2007 17:52:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012B0000)
[06/Jun/2007 18:01:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\vistaui.exe (code address: 0x00BA0000)
[06/Jun/2007 18:01:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00E50000)
[06/Jun/2007 18:01:50] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00CA0000)
[06/Jun/2007 18:01:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\imapi.exe (code address: 0x00850000)
[06/Jun/2007 18:01:59] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01220000)
[06/Jun/2007 18:01:59] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\userinit.exe (code address: 0x00A20000)
[06/Jun/2007 18:02:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x024C0000)
[06/Jun/2007 18:02:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00CF0000)
[06/Jun/2007 18:02:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C40000)
[06/Jun/2007 18:02:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B40000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012A0000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FB0000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E30000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C50000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02220000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x01560000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00EE0000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00A70000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x009C0000)
[06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
[06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
[06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000C0000)
[06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
[06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
[06/Jun/2007 18:02:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
[06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
[06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
[06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
[06/Jun/2007 18:02:17] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00190000)
[06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \SystemRoot\System32\smss.exe (code address: 0x00380000)
[06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00FF0000)
[06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\services.exe (code address: 0x010A0000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00E60000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00A80000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MsMpEng.exe (code address: 0x00E40000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x02E10000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x007C0000)
[06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00B30000)
[06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\spoolsv.exe (code address: 0x01090000)
[06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\a-squared Free\a2service.exe (code address: 0x01FF0000)
[06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Common\Google Updater\GoogleUpdaterService.exe (code address: 0x00780000)
[06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x01410000)
[06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\HPZipm12.exe (code address: 0x00880000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4ss.exe (code address: 0x079E0000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00BD0000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01370000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x02470000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00D60000)
[06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00CB0000)
[06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x01310000)
[06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x01020000)
[06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00AA0000)
[06/Jun/2007 18:02:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00C50000)
[06/Jun/2007 18:02:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00B20000)
[06/Jun/2007 18:02:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A80000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x01590000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x00FB0000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00C90000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00AE0000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01550000)
[06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00B70000)
[06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system32\ozhypd.exe (code address: 0x00F40000)
[06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x01000000)
[06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Pierre\MessengerSkinner\MessengerSkinner.exe (code address: 0x00AD0000)
[06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x003A0000)
[06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\wintems.exe (code address: 0x00A60000)
[06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00B40000)
[06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x01040000)
[06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x011F0000)
[06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x00F40000)
[06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x039B0000)
[06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\usnsvc.exe (code address: 0x008F0000)
[06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x01590000)
[06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054D0000)
[06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x03F50000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x01190000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01190000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\locator.exe (code address: 0x00660000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00FE0000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01250000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x026E0000)
[06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00AD0000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00D10000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C60000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B60000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012C0000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FE0000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
[06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E50000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C70000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02290000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x01600000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00F10000)
[06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00AA0000)
[06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01C30000)
[06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x017B0000)
[06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00A20000)
[06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x009B0000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (code address: 0x03330000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00AF0000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x00F50000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (code address: 0x00BA0000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x017D0000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03B80000)
[06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x02640000)
[06/Jun/2007 18:02:39] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03FC0000)
[06/Jun/2007 18:02:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x017B0000)
[06/Jun/2007 18:02:46] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x00EB0000)
[06/Jun/2007 18:03:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01390000)
[06/Jun/2007 18:03:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x02C70000)
[06/Jun/2007 18:10:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (code address: 0x034D0000)
[06/Jun/2007 18:10:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (code address: 0x05540000)
[06/Jun/2007 18:14:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (code address: 0x04230000)
[06/Jun/2007 18:14:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (code address: 0x04990000)
[06/Jun/2007 18:38:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01C90000)
[06/Jun/2007 18:38:40] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03AC0000)
[06/Jun/2007 18:38:47] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x014C0000)
[06/Jun/2007 18:39:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x02F40000)
[06/Jun/2007 18:46:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\vistaui.exe (code address: 0x00BA0000)
[06/Jun/2007 18:46:43] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01580000)
[06/Jun/2007 18:47:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A10000)
[06/Jun/2007 18:49:39] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01AE0000)
[06/Jun/2007 18:51:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012B0000)
[06/Jun/2007 18:52:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE (code address: 0x016D0000)
[06/Jun/2007 18:52:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
[06/Jun/2007 18:52:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
[06/Jun/2007 18:53:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01B00000)
[06/Jun/2007 18:55:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\rundll32.exe (code address: 0x01580000)
[06/Jun/2007 18:55:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x009D0000)
[06/Jun/2007 19:06:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00C40000)
[06/Jun/2007 19:07:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\rundll32.exe (code address: 0x00DB0000)
[06/Jun/2007 19:08:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01F70000)
[06/Jun/2007 19:08:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E70000)
[06/Jun/2007 19:09:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x01F50000)
[06/Jun/2007 19:10:06] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01440000)
[06/Jun/2007 19:10:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012B0000)
[06/Jun/2007 19:29:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Google Updater\GoogleUpdater.exe (code address: 0x00CB0000)
[06/Jun/2007 19:29:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Google Updater\GoogleUpdater.exe (code address: 0x011C0000)
[06/Jun/2007 19:29:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012F0000)
[06/Jun/2007 19:30:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
[06/Jun/2007 19:32:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
[06/Jun/2007 19:32:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
[06/Jun/2007 19:36:54] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
[06/Jun/2007 19:37:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x017F0000)
[06/Jun/2007 19:41:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x017F0000)
[06/Jun/2007 19:42:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\NOTEPAD.EXE (code address: 0x00CC0000)
[06/Jun/2007 19:44:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E80000)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
agmagor Messages postés 39 Date d'inscription lundi 4 juin 2007 Statut Membre Dernière intervention 31 décembre 2008 6
7 juin 2007 à 19:41
J'ai crée un sujet à moi car là ca dégénere
troyen ecran bleu
0
Réponse 6 / 6
AbsO
28 juin 2007 à 09:56
Bonjour,
Je pense que tu dois etre debarassé de ton probleme depuis le temps mais pour une prochaine fois (... ou pas ;) ) essaye le scan en ligne de ton fichier sur https://www.virustotal.com/gui/
Moi j'ai le meme type de probleme que toi injection de code tout ca avast detecte rien et voila le log de virus total... c'est navrant il n'y a qu'avast presque pour rien voir.

Antivirus Version Update Result
AhnLab-V3 2007.6.27.0 06.28.2007 Win-Trojan/Xema.variant
AntiVir 7.4.0.34 06.28.2007 TR/Hijack.Explor.3467
Authentium 4.93.8 06.27.2007 Possibly a new variant of W32/NewMalware-Rootkit-PX-based!Maximus
Avast 4.7.997.0 06.27.2007 no virus found
AVG 7.5.0.476 06.28.2007 BackDoor.Generic7.IPU
BitDefender 7.2 06.28.2007 BehavesLike:Win32.ExplorerHijack
CAT-QuickHeal 9.00 06.27.2007 no virus found
ClamAV devel-20070416 06.28.2007 Trojan.VB-940
DrWeb 4.33 06.28.2007 DDoS.Rincux
eSafe 7.0.15.0 06.27.2007 Win32.VB.kb
eTrust-Vet 30.8.3747 06.28.2007 no virus found
Ewido 4.0 06.27.2007 Backdoor.VB.kb
FileAdvisor 1 06.28.2007 no virus found
Fortinet 2.91.0.0 06.28.2007 W32/Packed.KB!tr.bdr
F-Prot 4.3.2.48 06.27.2007 W32/NewMalware-Rootkit-PX-based!Maximus
F-Secure 6.70.13030.0 06.28.2007 Backdoor.Win32.VB.kb
Ikarus T3.1.1.8 06.28.2007 Backdoor.Win32.VB.kb
Kaspersky 4.0.2.24 06.28.2007 Backdoor.Win32.VB.kb
McAfee 5062 06.27.2007 Generic Packed
Microsoft 1.2701 06.28.2007 Backdoor:Win32/VB!4148
NOD32v2 2360 06.28.2007 no virus found
Norman 5.80.02 06.27.2007 W32/Malware.XPK
Panda 9.0.0.4 06.28.2007 Trj/Agent.FSV
Sophos 4.19.0 06.24.2007 Mal/Behav-112
Sunbelt 2.2.907.0 06.27.2007 no virus found
Symantec 10 06.28.2007 no virus found
TheHacker 6.1.6.140 06.28.2007 Backdoor/VB.kb
VBA32 3.12.0.2 06.27.2007 Backdoor.Win32.VB.kb
VirusBuster 4.3.23:9 06.27.2007 no virus found
Webwasher-Gateway 6.0.1 06.28.2007 Trojan.Hijack.Explor.3467

pour se debarasser du probleme il faut que je trouve autre chose maintenant

bonne journée
0

Discussions similaires

Code de renvoi d'appel : Ooredo, Mobilis...
midoou07 -
Camille -

13 réponses
Acces à snapchat temporairement désactivé
Anto_1234 -
M2 -

87 réponses
Snapchat locked : mon compte snapchat est bloqué
amelie-2 -
Beratilhan -

51 réponses
code d'activation GTA 5 steam
ylyes59 -
David -

6 réponses