Tentative d'intrusion type injection de code

bagheraax Messages postés 4 Statut Membre -  
 AbsO -
Bonjour à tous!
je m'excuse d'avance si je ne suis pas très claire ds mes explications ms je n'y connais vraimt rien en informatique.
Voilà je viens de telecharger le pare feu Kerio et j'ai bcp de tentatives d'intrusion de type injection de codes à chaque fois que j'ouvre une application.
Le message est le suivant (seule l'application cible change) :

Application injectrice : C:\windows\system32\ajliigzyt.exe(new line)
Description : ajliigzyt(new line)
Version du fichier : (new line)
Produit : (new line)
Version du produit : (new line)
Créé le : 2007/4/28, 19:10:48(new line)
Modifié le : 2007/4/28, 19:10:48(new line)
Dernier accès le : 2007/5/6, 11:47:34

Application cible : C:\WINDOWS\system32\wuauclt.exe(new line)
Description : Mises à jour automatiques(new line)
Version du fichier : 5.8.0.2469 built by: lab01_n(wmbla)(new line)
Produit : Système d'exploitation Microsoft® Windows®(new line)
Version du produit : 5.8.0.2469(new line)
Créé le : 2006/8/5, 17:24:23(new line)
Modifié le : 2005/5/26, 02:16:30(new line)
Dernier accès le : 2007/5/6, 11:48:37

Adresse de l'injection : 0x023F0000

J'utilise avast et le scan est clean.
Par contre j'ai remarqué que je ne pouvais plus faire de nettoyage de disque et dps peu, lorsque je suis sur internet des nouvelles pages de sites s'affichent de façon intempestive.

J'aimerais donc savoir s'il y a un pb, virus... et ce que je dois faire?
Merci d'avance.
Configuration: Windows XP
Firefox 2.0.0.3

6 réponses

  1. fiddy Messages postés 441 Date d'inscription   Statut Contributeur Dernière intervention   1 847
     
    Oui tu as un virus. C:\windows\system32\ajliigzyt.exe
    J'ai cherché sur internet des informations sur ce fichier, et j'ai rien trouvé. Je te conseille d'envoyer ce fichier à un centre d'antivirus pour qu'ils t'en disent plus. Tu peux par exemple sur le site de Panda Antivirus. Mais il y en a pleins d'autres. => google ;)
    0
    1. bagheraax Messages postés 4 Statut Membre
       
      merci pr l'info mais ds ce cas, je ne comprends pas pourquoi avast ne détecte rien...?
      0
    2. bagheraax Messages postés 4 Statut Membre
       
      je viens de faire une analyse en ligne avec housecall et il semblerait que je sois infectée par un grayware...
      ça se précise...
      Alors que faire pour le supprimer??
      0
    3. bagheraax Messages postés 4 Statut Membre
       
      si qqun comprend qqchose, voici mon rapport hijackthis:

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 18:47:39, on 06/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Avast4\aswUpdSv.exe
      C:\Program Files\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Apoint\Apoint.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\PROGRA~1\Avast4\ashDisp.exe
      C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\fnacVOD\fnacVOD.exe
      C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Dell\Logiciel Bluetooth\BTTray.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
      C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
      C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Apoint\Apntex.exe
      C:\Program Files\Apoint\HidFind.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Avast4\ashMaiSv.exe
      C:\Program Files\Avast4\ashWebSv.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Aurore\Bureau\HiJackThis_v2.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
      O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [fnacVOD] C:\Program Files\fnacVOD\fnacVOD.exe
      O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f7de8e11ece44ddb9bdf3286ca929450
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f7de8e11ece44ddb9bdf3286ca929450
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shiva-shanti.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
      O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
      0
  2. agmagor Messages postés 39 Statut Membre 6
     
    j'ai moi aussi des attaques injection de code
    Détails techniques sur l'intrusion :

    Application injectrice : C:\windows\system32\ozhypd.exe(new line)
    Description : ozhypd(new line)
    Version du fichier : (new line)
    Produit : (new line)
    Version du produit : (new line)
    Créé le : 2007/5/25, 16:04:04(new line)
    Modifié le : 2007/5/25, 16:04:04(new line)
    Dernier accès le : 2007/6/6, 12:41:07

    Application cible : C:\WINDOWS\system32\ctfmon.exe(new line)
    Description : CTF Loader(new line)
    Version du fichier : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)(new line)
    Produit : Microsoft® Windows® Operating System(new line)
    Version du produit : 5.1.2600.2180(new line)
    Créé le : 2006/11/17, 21:09:41(new line)
    Modifié le : 2004/8/19, 23:09:51(new line)
    Dernier accès le : 2007/6/6, 12:40:43

    Adresse de l'injection : 0x00A40000

    (Impossible de trouver quoi que ce soit sur internet) selon vous, faut-il supprimmer le fichier ou faire autre chose ?
    0
  3. fiddy Messages postés 441 Date d'inscription   Statut Contributeur Dernière intervention   1 847
     
    Salut

    Supprimer le fichier ne sert à rien, et même dans certains cas, cela accélère l'infection. En effet une fois que le virus est exécuté, il peut lancer des threads à part, se dupliquer, et après suppression du fichier père, il reste toujours les autres. La meilleure façon est de chercher sur internet un antidote sur des sites antivirus. Si l'antidote n'existe pas, envoyez le virus à des sites antivirus qui vous proposeront une antidote.

    Bonne chance
    0
  4. agmagor Messages postés 39 Statut Membre 6
     
    A voir le nom du fichier, je vois pas ce que tu veut trouver... Sinon, t'en connait des sites qui prennent les virus ?
    voici le fichier log "hips" :
    [06/Jun/2007 14:40:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00180000)
    [06/Jun/2007 14:41:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \SystemRoot\System32\smss.exe (code address: 0x00320000)
    [06/Jun/2007 14:41:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x011D0000)
    [06/Jun/2007 14:41:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\services.exe (code address: 0x00E20000)
    [06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00DC0000)
    [06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x009E0000)
    [06/Jun/2007 14:41:35] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MsMpEng.exe (code address: 0x00DC0000)
    [06/Jun/2007 14:41:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x05FE0000)
    [06/Jun/2007 14:41:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00820000)
    [06/Jun/2007 14:41:53] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00D50000)
    [06/Jun/2007 14:41:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\spoolsv.exe (code address: 0x01050000)
    [06/Jun/2007 14:41:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\a-squared Free\a2service.exe (code address: 0x01FD0000)
    [06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Common\Google Updater\GoogleUpdaterService.exe (code address: 0x00760000)
    [06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x003B0000)
    [06/Jun/2007 14:41:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\HPZipm12.exe (code address: 0x00880000)
    [06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4ss.exe (code address: 0x075C0000)
    [06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00B10000)
    [06/Jun/2007 14:41:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\alg.exe (code address: 0x006D0000)
    [06/Jun/2007 14:41:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01370000)
    [06/Jun/2007 14:41:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01530000)
    [06/Jun/2007 14:42:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x013E0000)
    [06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00D40000)
    [06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00CF0000)
    [06/Jun/2007 14:42:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C40000)
    [06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B40000)
    [06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012B0000)
    [06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FC0000)
    [06/Jun/2007 14:42:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
    [06/Jun/2007 14:42:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E40000)
    [06/Jun/2007 14:42:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
    [06/Jun/2007 14:44:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02230000)
    [06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\imapi.exe (code address: 0x00950000)
    [06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x015B0000)
    [06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00E80000)
    [06/Jun/2007 14:44:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00A80000)
    [06/Jun/2007 14:46:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01980000)
    [06/Jun/2007 14:46:38] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00A00000)
    [06/Jun/2007 14:47:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x00A40000)
    [06/Jun/2007 14:52:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x00A00000)
    [06/Jun/2007 14:52:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\userinit.exe (code address: 0x00A20000)
    [06/Jun/2007 14:52:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x022B0000)
    [06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hkcmd.exe (code address: 0x01180000)
    [06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Pierre\MessengerSkinner\MessengerSkinner.exe (code address: 0x012B0000)
    [06/Jun/2007 14:52:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C50000)
    [06/Jun/2007 14:52:08] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\hldrrr.exe (code address: 0x010A0000)
    [06/Jun/2007 14:52:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\hldrrr.exe (code address: 0x012F0000)
    [06/Jun/2007 14:56:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00AE0000)
    [06/Jun/2007 15:03:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x01240000)
    [06/Jun/2007 15:06:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (code address: 0x00B80000)
    [06/Jun/2007 15:06:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\wintems.exe (code address: 0x01640000)
    [06/Jun/2007 15:06:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x00EA0000)
    [06/Jun/2007 15:07:36] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x01180000)
    [06/Jun/2007 15:07:40] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\assist.exe (code address: 0x00B60000)
    [06/Jun/2007 15:07:45] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E70000)
    [06/Jun/2007 15:09:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00C80000)
    [06/Jun/2007 15:13:41] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01890000)
    [06/Jun/2007 15:17:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\dumprep.exe (code address: 0x008B0000)
    [06/Jun/2007 15:17:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
    [06/Jun/2007 15:17:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\packager.exe (code address: 0x00DF0000)
    [06/Jun/2007 15:18:08] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\PE Explorer\pexplorer.exe (code address: 0x01C70000)
    [06/Jun/2007 15:18:18] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01AF0000)
    [06/Jun/2007 15:18:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Documents and Settings\Pierre\Bureau\ccm-2.0.7.exe (code address: 0x011D0000)
    [06/Jun/2007 15:18:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x01E10000)
    [06/Jun/2007 15:21:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
    [06/Jun/2007 15:21:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000A0000)
    [06/Jun/2007 15:21:47] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\usnsvc.exe (code address: 0x00780000)
    [06/Jun/2007 15:22:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\NOTEPAD.EXE (code address: 0x00CC0000)
    [06/Jun/2007 15:22:38] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\DOCUME~1\Pierre\LOCALS~1\Temp\irsetup.exe (code address: 0x01370000)
    [06/Jun/2007 15:22:43] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x011C0000)
    [06/Jun/2007 15:24:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x01F50000)
    [06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x011C0000)
    [06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x01F50000)
    [06/Jun/2007 15:28:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
    [06/Jun/2007 15:29:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Look@LAN\LookAtHost.exe (code address: 0x01440000)
    [06/Jun/2007 15:29:48] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into e:\Programmes\Look@LAN\LookAtLan.exe (code address: 0x039C0000)
    [06/Jun/2007 15:36:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x013A0000)
    [06/Jun/2007 15:55:52] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x01880000)
    [06/Jun/2007 15:56:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
    [06/Jun/2007 15:56:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
    [06/Jun/2007 16:06:45] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x01360000)
    [06/Jun/2007 16:13:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012F0000)
    [06/Jun/2007 16:18:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014F0000)
    [06/Jun/2007 16:18:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x007B0000)
    [06/Jun/2007 16:18:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\cmd.exe (code address: 0x00890000)
    [06/Jun/2007 16:18:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x017F0000)
    [06/Jun/2007 16:18:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054B0000)
    [06/Jun/2007 16:18:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
    [06/Jun/2007 16:26:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
    [06/Jun/2007 16:26:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014F0000)
    [06/Jun/2007 16:26:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
    [06/Jun/2007 16:27:07] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x007B0000)
    [06/Jun/2007 16:27:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x03130000)
    [06/Jun/2007 16:27:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x014E0000)
    [06/Jun/2007 16:27:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054B0000)
    [06/Jun/2007 16:35:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00D00000)
    [06/Jun/2007 16:35:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E80000)
    [06/Jun/2007 16:56:18] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\logon.scr (code address: 0x00C70000)
    [06/Jun/2007 17:37:51] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\FLVPlayer\flvplayer.exe (code address: 0x01020000)
    [06/Jun/2007 17:43:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\FLVPlayer\flvplayer.exe (code address: 0x01020000)
    [06/Jun/2007 17:45:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (code address: 0x03880000)
    [06/Jun/2007 17:46:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (code address: 0x013F0000)
    [06/Jun/2007 17:49:58] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012F0000)
    [06/Jun/2007 17:51:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Documents and Settings\Pierre\Bureau\safe-xp_safe_xp_1.5.7.14_anglais_11190\SafeXP.exe (code address: 0x02350000)
    [06/Jun/2007 17:52:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
    [06/Jun/2007 17:52:14] Last message repeated 4 times
    [06/Jun/2007 17:52:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\locator.exe (code address: 0x00640000)
    [06/Jun/2007 17:52:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012B0000)
    [06/Jun/2007 18:01:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\vistaui.exe (code address: 0x00BA0000)
    [06/Jun/2007 18:01:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00E50000)
    [06/Jun/2007 18:01:50] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00CA0000)
    [06/Jun/2007 18:01:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\imapi.exe (code address: 0x00850000)
    [06/Jun/2007 18:01:59] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01220000)
    [06/Jun/2007 18:01:59] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\userinit.exe (code address: 0x00A20000)
    [06/Jun/2007 18:02:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x024C0000)
    [06/Jun/2007 18:02:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00CF0000)
    [06/Jun/2007 18:02:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C40000)
    [06/Jun/2007 18:02:12] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B40000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012A0000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FB0000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E30000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C50000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02220000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x01560000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00EE0000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00A70000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x009C0000)
    [06/Jun/2007 18:02:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
    [06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000B0000)
    [06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x000C0000)
    [06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
    [06/Jun/2007 18:02:14] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
    [06/Jun/2007 18:02:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
    [06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
    [06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00170000)
    [06/Jun/2007 18:02:16] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00160000)
    [06/Jun/2007 18:02:17] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into <unknown> (code address: 0x00190000)
    [06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \SystemRoot\System32\smss.exe (code address: 0x00380000)
    [06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00FF0000)
    [06/Jun/2007 18:02:19] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\services.exe (code address: 0x010A0000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00E60000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\svchost.exe (code address: 0x00A80000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MsMpEng.exe (code address: 0x00E40000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x02E10000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x007C0000)
    [06/Jun/2007 18:02:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00B30000)
    [06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\spoolsv.exe (code address: 0x01090000)
    [06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\a-squared Free\a2service.exe (code address: 0x01FF0000)
    [06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Common\Google Updater\GoogleUpdaterService.exe (code address: 0x00780000)
    [06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x01410000)
    [06/Jun/2007 18:02:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\HPZipm12.exe (code address: 0x00880000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4ss.exe (code address: 0x079E0000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\svchost.exe (code address: 0x00BD0000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01370000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x02470000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00D60000)
    [06/Jun/2007 18:02:22] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00CB0000)
    [06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x01310000)
    [06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x01020000)
    [06/Jun/2007 18:02:23] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00AA0000)
    [06/Jun/2007 18:02:24] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00C50000)
    [06/Jun/2007 18:02:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00B20000)
    [06/Jun/2007 18:02:25] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A80000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x01590000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x00FB0000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00C90000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00AE0000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01550000)
    [06/Jun/2007 18:02:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00B70000)
    [06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system32\ozhypd.exe (code address: 0x00F40000)
    [06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x01000000)
    [06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Pierre\MessengerSkinner\MessengerSkinner.exe (code address: 0x00AD0000)
    [06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x003A0000)
    [06/Jun/2007 18:02:27] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\wintems.exe (code address: 0x00A60000)
    [06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00B40000)
    [06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x01040000)
    [06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\No-IP\DUC20.exe (code address: 0x011F0000)
    [06/Jun/2007 18:02:28] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x00F40000)
    [06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x039B0000)
    [06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\usnsvc.exe (code address: 0x008F0000)
    [06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x01590000)
    [06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\apache2\bin\httpd.exe (code address: 0x054D0000)
    [06/Jun/2007 18:02:29] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\mysql\bin\mysqld-nt.exe (code address: 0x03F50000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\wamp\wampmanager.exe (code address: 0x01190000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01190000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\locator.exe (code address: 0x00660000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into \??\C:\WINDOWS\system32\csrss.exe (code address: 0x00FE0000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Sunbelt Software\Personal Firewall\kpf4gui.exe (code address: 0x01250000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\Explorer.EXE (code address: 0x026E0000)
    [06/Jun/2007 18:02:30] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x00AD0000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\windows\system\hpsysdrv.exe (code address: 0x00D10000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\hphmon05.exe (code address: 0x00C60000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe (code address: 0x00B60000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\ALCXMNTR.EXE (code address: 0x012C0000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (code address: 0x00FE0000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Multimedia Card Reader\shwicon2k.exe (code address: 0x00A50000)
    [06/Jun/2007 18:02:31] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (code address: 0x00E50000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (code address: 0x00C70000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (code address: 0x00A30000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\HP\KBD\KBD.EXE (code address: 0x02290000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Windows Defender\MSASCui.exe (code address: 0x01600000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (code address: 0x00F10000)
    [06/Jun/2007 18:02:32] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\LClock\LClock.exe (code address: 0x00AA0000)
    [06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (code address: 0x01C30000)
    [06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x017B0000)
    [06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe (code address: 0x00A20000)
    [06/Jun/2007 18:02:33] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\ctfmon.exe (code address: 0x009B0000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (code address: 0x03330000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe (code address: 0x00AF0000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe (code address: 0x00F50000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (code address: 0x00BA0000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\soln\HPOSM.exe (code address: 0x017D0000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03B80000)
    [06/Jun/2007 18:02:34] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x02640000)
    [06/Jun/2007 18:02:39] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03FC0000)
    [06/Jun/2007 18:02:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Real\RealPlayer\RealPlay.exe (code address: 0x017B0000)
    [06/Jun/2007 18:02:46] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (code address: 0x00EB0000)
    [06/Jun/2007 18:03:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01390000)
    [06/Jun/2007 18:03:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x02C70000)
    [06/Jun/2007 18:10:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (code address: 0x034D0000)
    [06/Jun/2007 18:10:11] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (code address: 0x05540000)
    [06/Jun/2007 18:14:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (code address: 0x04230000)
    [06/Jun/2007 18:14:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (code address: 0x04990000)
    [06/Jun/2007 18:38:26] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01C90000)
    [06/Jun/2007 18:38:40] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x03AC0000)
    [06/Jun/2007 18:38:47] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x014C0000)
    [06/Jun/2007 18:39:02] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x02F40000)
    [06/Jun/2007 18:46:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\vistaui.exe (code address: 0x00BA0000)
    [06/Jun/2007 18:46:43] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01580000)
    [06/Jun/2007 18:47:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A10000)
    [06/Jun/2007 18:49:39] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01AE0000)
    [06/Jun/2007 18:51:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012B0000)
    [06/Jun/2007 18:52:03] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE (code address: 0x016D0000)
    [06/Jun/2007 18:52:13] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
    [06/Jun/2007 18:52:20] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x019F0000)
    [06/Jun/2007 18:53:09] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01B00000)
    [06/Jun/2007 18:55:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\rundll32.exe (code address: 0x01580000)
    [06/Jun/2007 18:55:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\System32\wbem\wmiprvse.exe (code address: 0x009D0000)
    [06/Jun/2007 19:06:37] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\taskmgr.exe (code address: 0x00C40000)
    [06/Jun/2007 19:07:57] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\rundll32.exe (code address: 0x00DB0000)
    [06/Jun/2007 19:08:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01F70000)
    [06/Jun/2007 19:08:56] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E70000)
    [06/Jun/2007 19:09:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\msnmsgr.exe (code address: 0x01F50000)
    [06/Jun/2007 19:10:06] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\MSN Messenger\livecall.exe (code address: 0x01440000)
    [06/Jun/2007 19:10:15] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\IEXPLORE.EXE (code address: 0x012B0000)
    [06/Jun/2007 19:29:04] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Google Updater\GoogleUpdater.exe (code address: 0x00CB0000)
    [06/Jun/2007 19:29:05] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Google\Google Updater\GoogleUpdater.exe (code address: 0x011C0000)
    [06/Jun/2007 19:29:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Internet Explorer\iexplore.exe (code address: 0x012F0000)
    [06/Jun/2007 19:30:42] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
    [06/Jun/2007 19:32:21] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
    [06/Jun/2007 19:32:55] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
    [06/Jun/2007 19:36:54] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x01A00000)
    [06/Jun/2007 19:37:49] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x017F0000)
    [06/Jun/2007 19:41:10] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into E:\Programmes\Notepad++\notepad++.exe (code address: 0x017F0000)
    [06/Jun/2007 19:42:44] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\WINDOWS\system32\NOTEPAD.EXE (code address: 0x00CC0000)
    [06/Jun/2007 19:44:01] CChckDrv.cpp: "Hips" type = 'Code injection', action = 'denied', descr = 'Process C:\windows\system32\ozhypd.exe injected dangerous code into C:\Program Files\Mozilla Firefox\firefox.exe (code address: 0x01E80000)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. AbsO
     
    Bonjour,
    Je pense que tu dois etre debarassé de ton probleme depuis le temps mais pour une prochaine fois (... ou pas ;) ) essaye le scan en ligne de ton fichier sur https://www.virustotal.com/gui/
    Moi j'ai le meme type de probleme que toi injection de code tout ca avast detecte rien et voila le log de virus total... c'est navrant il n'y a qu'avast presque pour rien voir.

    Antivirus Version Update Result
    AhnLab-V3 2007.6.27.0 06.28.2007 Win-Trojan/Xema.variant
    AntiVir 7.4.0.34 06.28.2007 TR/Hijack.Explor.3467
    Authentium 4.93.8 06.27.2007 Possibly a new variant of W32/NewMalware-Rootkit-PX-based!Maximus
    Avast 4.7.997.0 06.27.2007 no virus found
    AVG 7.5.0.476 06.28.2007 BackDoor.Generic7.IPU
    BitDefender 7.2 06.28.2007 BehavesLike:Win32.ExplorerHijack
    CAT-QuickHeal 9.00 06.27.2007 no virus found
    ClamAV devel-20070416 06.28.2007 Trojan.VB-940
    DrWeb 4.33 06.28.2007 DDoS.Rincux
    eSafe 7.0.15.0 06.27.2007 Win32.VB.kb
    eTrust-Vet 30.8.3747 06.28.2007 no virus found
    Ewido 4.0 06.27.2007 Backdoor.VB.kb
    FileAdvisor 1 06.28.2007 no virus found
    Fortinet 2.91.0.0 06.28.2007 W32/Packed.KB!tr.bdr
    F-Prot 4.3.2.48 06.27.2007 W32/NewMalware-Rootkit-PX-based!Maximus
    F-Secure 6.70.13030.0 06.28.2007 Backdoor.Win32.VB.kb
    Ikarus T3.1.1.8 06.28.2007 Backdoor.Win32.VB.kb
    Kaspersky 4.0.2.24 06.28.2007 Backdoor.Win32.VB.kb
    McAfee 5062 06.27.2007 Generic Packed
    Microsoft 1.2701 06.28.2007 Backdoor:Win32/VB!4148
    NOD32v2 2360 06.28.2007 no virus found
    Norman 5.80.02 06.27.2007 W32/Malware.XPK
    Panda 9.0.0.4 06.28.2007 Trj/Agent.FSV
    Sophos 4.19.0 06.24.2007 Mal/Behav-112
    Sunbelt 2.2.907.0 06.27.2007 no virus found
    Symantec 10 06.28.2007 no virus found
    TheHacker 6.1.6.140 06.28.2007 Backdoor/VB.kb
    VBA32 3.12.0.2 06.27.2007 Backdoor.Win32.VB.kb
    VirusBuster 4.3.23:9 06.27.2007 no virus found
    Webwasher-Gateway 6.0.1 06.28.2007 Trojan.Hijack.Explor.3467

    pour se debarasser du probleme il faut que je trouve autre chose maintenant

    bonne journée
    0