[zljebun]

I have laptop with Window XP Professional OS.I have problem with Remote desktop,and UltraVNC software.After I run Kaspersky Antivirus I can see thiss virus report
not-a-virus:RemoteAdmin.Win32.WinVNC.e
I have removed these virus but when I start remote desktop and UltraVNC I can't work normaly because I can't connect to remote machine.I have running log from ComboFix here:

ComboFix 08-01-03.4 - Administrator 2008-01-03 18:33:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ravmonlog
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\oledb32.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 18:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 17:48 . 2008-01-03 17:52 <DIR> d-------- C:\Program Files\Designer6.4
2007-12-28 07:56 . 2007-12-28 07:56 <DIR> d-------- C:\Program Files\CCleaner
2007-12-26 15:13 . 2007-12-27 08:48 <DIR> d-------- C:\Program Files\UltraVNC
2007-12-25 11:08 . 2007-12-25 11:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BWMonitor
2007-12-25 08:59 . 2007-03-28 20:29 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-12-25 08:59 . 2007-03-28 20:49 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-12-25 08:59 . 2007-03-28 20:29 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-12-25 08:59 . 2007-03-28 20:23 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-12-25 08:56 . 2007-12-25 09:01 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-25 08:56 . 2007-12-25 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-25 08:17 . 2006-11-30 11:06 69,632 --a------ C:\WINDOWS\system32\hasp_inst_help1.dll
2007-12-24 09:20 . 2007-12-24 10:48 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-24 09:20 . 2007-12-24 10:45 <DIR> d-------- C:\Program Files\Autodesk
2007-12-24 09:13 . 2007-12-24 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-24 09:13 . 2007-12-24 09:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-21 08:45 . 2007-12-21 08:45 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
2007-12-20 11:37 . 2007-12-20 11:43 <DIR> d-------- C:\Program Files\MessenPass
2007-12-20 11:24 . 2007-12-21 12:04 <DIR> d-------- C:\Program Files\Mail PassView
2007-12-20 11:24 . 2007-12-20 11:44 39,424 --a------ C:\WINDOWS\zipinst.exe
2007-12-20 10:59 . 2007-12-20 11:01 <DIR> d-------- C:\Program Files\Password Recovery Engine for Outlook
2007-12-20 08:34 . 2007-12-20 09:17 <DIR> d-------- C:\Program Files\Passware
2007-12-19 22:14 . 2007-12-19 22:32 <DIR> d-------- C:\Program Files\Excel Password Recovery Master
2007-12-16 21:30 . 2007-12-28 11:50 <DIR> d-------- C:\Program Files\DynDNS Updater
2007-12-16 21:30 . 2007-12-16 21:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Kana Solution
2007-12-16 19:27 . 2007-12-16 19:27 <DIR> d-------- C:\temp\3D Model Builder
2007-12-16 19:27 . 2007-12-16 19:27 <DIR> d-------- C:\Program Files\3D Model Builder
2007-12-14 16:37 . 2007-12-14 16:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-14 16:37 . 2007-12-14 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-10 13:42 . 2007-12-21 08:08 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-10 13:42 . 2007-12-14 12:19 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 13:41 . 2007-12-10 13:41 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-10 13:41 . 2008-01-03 18:54 38,859,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-10 13:41 . 2008-01-03 18:53 893,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 13:41 . 2008-01-03 18:51 529,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-10 13:41 . 2008-01-03 18:51 87,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-06 08:00 . 2007-12-06 08:00 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-06 08:00 . 2007-12-06 08:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-05 21:44 . 2007-12-05 21:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-05 17:22 . 2007-12-11 22:58 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-05 17:22 . 2007-12-05 23:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-05 17:22 . 2007-12-11 22:58 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-05 17:22 . 2007-12-05 17:22 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2007-12-05 17:21 . 2007-12-05 17:21 319 --a------ C:\WINDOWS\game.ini
2007-12-05 15:57 . 2007-12-05 15:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-04 13:17 . 2007-12-04 13:17 <DIR> d--h----- C:\Program Files\Zenographics
2007-12-04 08:18 . 2007-12-04 08:18 930,304 --a------ C:\Documents and Settings\Administrator\22aSERBIA.EXE
2007-12-03 08:26 . 2007-12-03 08:26 <DIR> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 16:39 350 ----a-w C:\sccfg.sys
2008-01-03 11:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-03 07:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-01-03 07:12 --------- d-----w C:\Program Files\eMule
2007-12-25 07:08 --------- d-----w C:\Program Files\Folder Lock
2007-12-24 20:22 --------- d-----w C:\Program Files\CadMeble v. 5.0
2007-12-24 09:56 --------- d-----w C:\Program Files\QuickTime
2007-12-24 09:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-10 16:38 --------- d-----w C:\Program Files\Google
2007-12-06 10:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2007-12-05 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 20:42 --------- d-----w C:\Program Files\PSPad editor
2007-12-04 20:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-30 14:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PLAux
2007-11-30 14:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OTi
2007-11-23 10:11 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-11-23 10:11 --------- d-----w C:\Program Files\AVSMedia
2007-11-23 09:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-11-23 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-23 09:17 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-23 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-22 12:37 --------- d-----w C:\Program Files\LimeWire
2007-11-21 12:21 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-19 13:40 23,396 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-11-07 22:15 --------- d-----w C:\Program Files\DTM SQL editor
2007-09-17 07:08 777,728 ----a-w C:\Documents and Settings\Administrator\SIBU HDF BiH.EXE
2006-07-30 20:20 959 --sha-r C:\WINDOWS\system32\autorun.bin
2007-09-24 09:41 56 --sh--r C:\WINDOWS\system32\D2B16B2D88.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-17 23:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 06:49 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Tok-Cirrhatus"="C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe" [ ]
"pdfSaver3"="C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 16:20 380928]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"BandwidthMonitor"="C:\Program Files\BandwidthMonitor\BWMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 02:00 88203 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 22:06 716800]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-17 06:01 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 22:43 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 19:04 761945]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 23:39 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 16:03 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 23:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-24 00:11 802816]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 23:43 892928]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 10:56 122880]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12 17920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 04:20 122940]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49 454656]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 10:59 184320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 22:24 620152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-17 23:05 37392]
"pdfSaver3"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-11-19 14:40 231952]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-24 10:56 286720]
"system32REQF Agent"="C:\WINDOWS\system32REQF.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-08-14 08:01:35]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 23:01:50]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 15:16:02]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-08-09 20:18:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"DisableCMD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"NoFolderOptions"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 InterBaseGuardian;Firebird Guardian Service;C:\Program Files\Firebird\bin\ibguard []
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 11:46]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 14:26]
R3 InterBaseServer;Firebird Server;C:\Program Files\Firebird\bin\ibserver []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 17:49]
S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe []
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2006-11-22 10:01]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\##10.0.1.202#javni (E)]
\Shell\AutoRun\command - Y:\
\Shell\explore\Command - Y:\RECYCLER\INFO.exe
\Shell\open\Command - Y:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\##Fs#javni (E)]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 16:08:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Administrator\Templates\A.kotnorB.com
"2008-01-03 17:49:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 18:53:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????g??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-03 18:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 17:58:20