What's the hell is this?

[groul]

{
o c16e4120 47000 "C:\PROGRA~1\ICQ\ICQDOW~1\FTPATCH.EXE"
R c16e4120 0 40
R c16e4120 f8 f8
R c16e4120 f8 198
R c16e4120 1c000 1000
r c16e4120 16000 1000
o c1650940 bd510 "C:\WINDOWS\SYSTEM\OLE32.DLL"
R c1650940 a3600 1000
R c1650940 a3600 1000
R c1650940 600 1000
R c1650940 600 1000
R c1650940 a4600 c00
r c16e4120 14000 1000
R c16e4120 14000 1000
R c16e4120 16000 1000
R c1650940 4b600 1000
R c1650940 4c600 1000
R c1650940 4d600 1000
o c1651a60 a000 "C:\WINDOWS\SYSTEM\WSOCK32.DLL"
R c1651a60 6000 a00
o c16536d0 12000 "C:\WINDOWS\SYSTEM\WS2_32.DLL"
R c16536d0 f000 a00
o c1400820 44035 "C:\WINDOWS\SYSTEM\MSVCRT.DLL"
R c1400820 39000 1000
R c1400820 39000 1000
R c1400820 33000 1000
R c1400820 33000 1000
R c1400820 3a000 400
R c16536d0 f000 1000
R c1400820 35000 1000
R c1400820 36000 1000
R c1400820 38000 1000
R c1400820 37000 1000
R c1400820 3b000 1000
R c1400820 34000 1000
R c1400820 3d000 1000
R c16536d0 d000 1000
R c16536d0 e000 600
o c1608220 8e400 "C:\WINDOWS\SYSTEM\WININET.DLL"
R c1608220 75400 1000
o c1654950 5ab10 "C:\WINDOWS\SYSTEM\CRYPT32.DLL"
R c1654950 49600 1000
R c1654950 4a600 1000
o c164b510 21f10 "C:\WINDOWS\SYSTEM\MSOSS.DLL"
R c164b510 1f600 1000
R c164b510 1f600 1000
R c164b510 600 1000
R c164b510 600 1000
o c1645590 4e510 "C:\WINDOWS\SYSTEM\RPCRT4.DLL"
R c1645590 4a400 c00
R c1645590 4a400 c00
R c1654950 49600 1000
R c1654950 600 1000
R c1654950 600 1000
R c164b510 20600 600
o c16539f0 e3000 "C:\WINDOWS\SYSTEM\OLEAUT32.DLL"
R c16539f0 85000 1000
R c16539f0 86000 1000
R c16539f0 87000 1000
R c16539f0 85000 1000
R c16539f0 2000 1000
R c16539f0 2000 1000
o c164f920 5f800 "C:\WINDOWS\SYSTEM\SHLWAPI.DLL"
R c164f920 53400 1000
R c164f920 54400 1000
R c164f920 55400 1000
R c164f920 53400 1000
R c164f920 400 1000
R c164f920 400 1000
R c1608220 75400 1000
R c1608220 400 1000
R c1608220 400 1000
R c1654950 4b600 1000
R c1654950 4c600 c00
R c1608220 76400 c00
R c164f920 56400 1000
R c164f920 57400 1000
R c164f920 58400 400
R c164b510 20c00 600
R c164b510 2600 1000
R c1645590 49c00 800
R c1654950 5600 1000
R c1654950 2c600 1000
R c1654950 4d200 1000
R c1654950 22600 1000
R c1654950 36600 1000
R c1654950 3600 1000
R c1654950 2e600 1000
R c1654950 23600 1000
R c1654950 f600 1000
R c1654950 53200 1000
R c1654950 21600 1000
R c1654950 1b600 1000
R c1654950 1600 1000
R c1654950 19600 1000
R c1654950 24600 1000
R c1654950 2600 1000
R c1654950 7600 1000
R c1654950 11600 1000
R c1654950 2a600 1000
R c1654950 16600 1000
R c1654950 3e600 1000
R c1654950 6600 1000
R c1654950 12600 1000
R c1654950 37600 1000
R c1654950 3b600 1000
R c1654950 39600 1000
R c1654950 38600 1000
R c1654950 52200 1000
R c1654950 1c600 1000
R c1654950 50200 1000
R c1654950 47600 1000
R c1654950 1a600 1000
R c1654950 51200 1000
R c1650940 d600 1000
R c1650940 abc00 1000
R c1650940 18600 1000
R c1650940 b0c00 1000
R c1650940 38600 1000
R c16539f0 73000 1000
R c16539f0 8f000 1000
R c16539f0 10000 1000
R c16539f0 76000 1000
R c16539f0 7a000 1000
R c16539f0 8c000 1000
R c16539f0 8d000 1000
R c16539f0 8e000 1000
R c16539f0 75000 1000
R c16539f0 77000 1000
R c16539f0 8b000 1000
R c16539f0 78000 1000
R c16539f0 7b000 1000
R c16539f0 8a000 1000
R c16539f0 74000 1000
R c16539f0 39000 1000
R c16539f0 44000 1000
R c16539f0 d000 1000
R c16539f0 50000 1000
R c16539f0 5f000 1000
R c16539f0 18000 1000
R c16539f0 4e000 1000
R c16539f0 12000 1000
R c16539f0 52000 1000
R c16539f0 3d000 1000
R c16539f0 17000 1000
R c16539f0 13000 1000
R c16539f0 30000 1000
R c164f920 1d400 1000
R c164f920 58800 600
R c164f920 4e400 1000
R c164f920 4f400 1000
R c164f920 21400 1000
R c164f920 9400 1000
R c164f920 22400 1000
R c164f920 47400 1000
R c164f920 50400 1000
R c164f920 3a400 1000
R c1608220 15400 1000
R c1608220 77000 1000
R c1608220 25400 1000
R c1608220 78000 1000
R c1608220 4400 1000
R c1608220 24400 1000
R c1608220 26400 1000
R c1608220 3400 1000
R c1608220 22400 1000
R c1608220 1400 1000
o c1656860 15000 "C:\WINDOWS\SYSTEM\MSWSOCK.DLL"
R c1656860 f000 1000
R c1656860 e000 1000
R c1656860 10000 400
o c160ddb0 30d0 "C:\WINDOWS\SYSBCKUP\VER.DLL"
R c160ddb0 2f5 100
R c160ddb0 2f5 100
r c16e4120 5000 1000
R c16e4120 1b000 1000
r c16e4120 7000 1000
r c16e4120 a000 1000
R c16e4120 0 1000
r c16e4120 8000 1000
r c16e4120 6000 1000
r c16e4120 9000 1000
r c16e4120 4000 1000
R c16e4120 17000 1000
r c16e4120 b000 1000
R c16e4120 19000 1000
r c16e4120 1000 1000
r c16e4120 e000 1000
r c16e4120 3000 1000
r c16e4120 f000 1000
r c16e4120 12000 1000
o c17229e0 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c17229e0 0 8
R c17229e0 0 e
R c17229e0 0 40
R c17229e0 120 40
R c17229e0 120 c4
o c1723400 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1723400 0 4
R c1723400 0 0
C c1723400
o c1723400 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1723400 0 1000
R c1723400 50000 1000
C c1723400
C c17229e0
o c17229e0 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c17229e0 0 8
R c17229e0 0 e
R c17229e0 0 40
R c17229e0 120 40
R c17229e0 120 c4
o c1708a50 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1708a50 0 4
R c1708a50 0 0
C c1708a50
o c1708a50 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1708a50 0 1000
R c1708a50 50000 1000
R c1708a50 5b000 1000
C c1708a50
C c17229e0
o c17229e0 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c17229e0 0 8
R c17229e0 0 e
R c17229e0 0 40
R c17229e0 120 40
R c17229e0 120 c4
o c1723400 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1723400 0 4
R c1723400 0 0
C c1723400
o c1723400 66077 "C:\PROGRA~1\ICQ\ICQFT.DLL"
R c1723400 0 1000
R c1723400 50000 1000
R c1723400 5b000 1000
R c1723400 5c000 1000
C c1723400
C c17229e0
r c16e4120 10000 1000
r c16e4120 11000 1000
r c16e4120 1d000 1000
r c16e4120 1e000 1000
r c16e4120 1f000 1000
r c16e4120 20000 1000
r c16e4120 21000 1000
r c16e4120 22000 1000
r c16e4120 23000 1000
r c16e4120 24000 1000
r c16e4120 25000 1000
r c16e4120 26000 1000
r c16e4120 27000 1000
r c16e4120 28000 1000
r c16e4120 29000 1000
r c16e4120 2a000 1000
r c16e4120 2b000 1000
r c16e4120 2c000 1000
r c16e4120 2d000 1000
r c16e4120 2e000 1000
r c16e4120 2f000 1000
r c16e4120 30000 1000
r c16e4120 31000 1000
r c16e4120 32000 1000
r c16e4120 33000 1000
r c16e4120 34000 1000
r c16e4120 35000 1000
r c16e4120 36000 1000
r c16e4120 37000 1000
r c16e4120 38000 1000
r c16e4120 39000 1000
r c16e4120 3a000 1000
r c16e4120 3b000 1000
r c16e4120 3c000 1000
r c16e4120 3d000 1000
r c16e4120 3e000 1000
r c16e4120 3f000 1000
r c16e4120 40000 1000
r c16e4120 41000 1000
r c16e4120 42000 1000
r c16e4120 43000 1000
r c16e4120 44000 1000
r c16e4120 45000 1000
r c16e4120 46000 1000
R c16e4120 15000 1000
r c16e4120 2000 1000
r c16e4120 13000 1000
R c1608220 17400 1000
R c1608220 2a400 1000
R c1608220 2400 1000
R c1608220 21400 1000
R c1608220 23400 1000
o c164f6f0 156000 "C:\WINDOWS\SYSTEM\SHELL32.DLL"
R c164f6f0 83000 1000
R c164f6f0 83000 1000
R c164f6f0 1000 1000
R c164f6f0 1000 1000
R c164f6f0 85000 1000
R c164f6f0 86000 400
R c164f6f0 84000 1000
R c164f6f0 2000 1000
R c164f6f0 23000 1000
R c164f6f0 88000 a00
R c164f6f0 7000 1000
R c164f6f0 5000 1000
R c164f6f0 81000 1000
R c164f6f0 82000 1000
o c1693760 5800 "C:\WINDOWS\SYSTEM\SHFOLDER.DLL"
R c1693760 1400 1000
R c1693760 1400 1000
R c1693760 400 1000
R c1693760 400 1000
R c1693760 2400 200
R c164f920 2f400 1000
R c164f920 2b400 1000
R c164f920 2a400 1000
R c164f920 28400 1000
R c164f920 a400 1000
R c164f6f0 6b000 1000
R c1608220 16400 1000
R c1608220 34400 1000
R c164f920 1f400 1000
R c164f920 20400 1000
R c1608220 2c400 1000
R c1608220 5400 1000
R c1608220 27400 1000
R c1608220 28400 1000
R c1608220 20400 1000
R c1608220 6400 1000
R c164f920 38400 1000
R c1608220 d400 1000
R c1608220 c400 1000
R c1608220 f400 1000
R c164f920 23400 1000
R c1608220 10400 1000
R c1608220 29400 1000
R c1608220 36400 1000
o c163b8b0 30000 "C:\WINDOWS\SYSTEM\RASAPI32.DLL"
R c163b8b0 20000 1000
R c163b8b0 21000 800
o c163ba00 1e000 "C:\WINDOWS\SYSTEM\TAPI32.DLL"
R c163ba00 1a000 1000
R c163ba00 1a000 1000
o c163bb50 7200 "C:\WINDOWS\SYSTEM\SECUR32.DLL"
R c163bb50 6200 600
R c163bb50 6200 600
R c163b8b0 20000 1000
o c16462f0 862e0 "C:\WINDOWS\SYSTEM\USER.EXE"
R c16462f0 1844 225e
o c164aaa0 e000 "C:\WINDOWS\SYSTEM\MPR.DLL"
R c164aaa0 a000 400
R c163ba00 19000 e00
R c163ba00 18000 1000
o c1657650 8000 "C:\WINDOWS\SYSTEM\SVRAPI.DLL"
R c1657650 5000 200
o c164e560 f200 "C:\WINDOWS\SYSTEM\MSNET32.DLL"
R c164e560 da00 600
R c164e560 da00 600
R c164e560 ca00 1000
o c163bc80 43000 "C:\WINDOWS\SYSTEM\MSVCRT20.DLL"
R c163bc80 2f000 1000
R c163bc80 31000 1000
R c163bc80 30000 1000
R c163bc80 35000 1000
R c163bc80 36000 400
R c163bc80 32000 1000
R c163bb50 5200 1000
R c1608220 35400 1000
R c1608220 3f400 1000
R c164f920 1e400 1000
R c1608220 3e400 1000
R c1608220 2e400 1000
R c1608220 a400 1000
R c1608220 b400 1000
R c1608220 9400 1000
R c1608220 7400 1000
R c164f920 45400 1000
R c164f920 8400 1000
R c164f920 42400 1000
R c164f920 44400 1000
R c164f920 40400 1000
R c164f920 d400 1000
R c164f920 43400 1000
R c164f920 41400 1000
R c1608220 8400 1000
R c1608220 11400 1000
R c1608220 31400 1000
o c1723400 75600 "C:\WINDOWS\SYSTEM\URLMON.DLL"
R c1723400 0 40
R c1723400 f8 f8
R c1723400 f8 1c0
R c1723400 63000 1000
R c1723400 54400 1000
R c1723400 55400 1000
R c1723400 400 1000
R c1723400 400 1000
R c1723400 54400 1000
R c1723400 56400 c00
R c1723400 55400 1000
R c1723400 e400 1000
R c1723400 58000 1000
R c1723400 2400 1000
R c1723400 16400 1000
R c1723400 15400 1000
R c1723400 60000 1000
R c1723400 61000 1000
R c1723400 17400 1000
R c1723400 59000 1000
R c164f920 24400 1000
R c1723400 f400 1000
R c164f920 2e400 1000
R c1723400 1400 1000
R c164f920 26400 1000
R c1723400 13400 1000
R c1723400 12400 1000
R c164f920 2d400 1000
R c164f920 2c400 1000
R c1723400 b400 1000
R c1723400 5400 1000
R c1723400 14400 1000
R c1608220 18400 1000
R c1608220 13400 1000
R c1608220 66400 1000
R c1608220 2f400 1000
R c1608220 1f400 1000
R c1608220 e400 1000
R c1608220 14400 1000
R c1608220 2d400 1000
o c16e8410 ac00 "C:\WINDOWS\SYSTEM\RNR20.DLL"
R c16e8410 9a00 600
R c16e8410 9a00 600
R c16e8410 8c00 e00
R c16e8410 7c00 1000
o c1659650 b000 "C:\WINDOWS\SYSTEM\MSAFD.DLL"
R c1659650 7000 600
R c1659650 7000 1000
R c1659650 6000 400
R c16462f0 1844 225e
}

[Eddi]

Poxoge na logi programmy po file read-write monitoringu.
My first guess is - O, R i C vnachale - Open, Read, Close.
Vtoraya cifra poxoge na handle file-a kotoryj otkryvaetsya.
3-ya cifra v open-e zatrudnyayus' schyas skazat' (na linuxe schyas), kogda domoj dojdu proveryu, no dumayu eto razmer file-a.
A dalee 3,4 cifry v read-e, offset, size.

A kakim obrazom u tebya eto okazalos', i kakie mysli/podozreniya??

[groul]

Otkryvayu ICQ i ZoneAlarm nachinayet bit' trevogu, chto kakoj-to ftpatch.exe xochet naruzhu. Ya ne puskayu.

posle chego naxozhu kakoj to ftpatch.lgc w C:\WINDOWS\APPLOGS

Poxozhe na trojan, xotya nikakix file-ov po ICQ ne prinimal, attachementov ne otkryval...

Nichego poxozhego na "ftpatch" Google ne nashel.

[Eddi]

http://groups.google.com/groups?q=ft...POT.net&rnum=6

P.S. Takie veschi v google groups legko naxodyatsya.

[groul]

thanx