WinSATAN is installed. This backdoor allows anyone to partially take control of the remote system. An attacker may use it to steal your password or prevent your system from working properly.
use RegEdit, and find 'RegisterServiceBackUp' in HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run The value's data is the path of the file. If you are infected by WinSATAN, then the registry value is named 'fs-backup.exe'. Additional Info : http://online.securityfocus.com/archive/75/17508 Additional Info : http://online.securityfocus.com/archive/75/17663