Sample download:
[link removed]
Kaspersky Internet Security 2009 Report:
Internet Explorer (events: 2)
2008/10/16 下午 10:22:04 Placed in group Untrusted : Heur.Downloader
2008/10/16 下午 10:22:05 Autorun Denied: KLPrivileges/KLSelfStart
2008/10/16 下午 10:22:05 Autorun Denied: KLPrivileges/KLSelfStart
Internet Explorer (events: 2)
2008/10/16 下午 10:22:05 Placed in group Untrusted : Heur.Downloader
2008/10/16 下午 10:22:05 Autorun Denied: KLPrivileges/KLSelfStart
2008/10/16 下午 10:22:05 Autorun Denied: KLPrivileges/KLSelfStart
Internet Explorer (events: 2)
2008/10/16 下午 10:22:09 Placed in group High Restricted
2008/10/16 下午 10:22:09 Create C:\WINDOWS\system32\winlbi32.dll Denied: KLSystemData/KLSystemFiles/SystemDll
2008/10/16 下午 10:22:09 Create C:\WINDOWS\system32\winlbi32.dll Denied: KLSystemData/KLSystemFiles/SystemDll
2008/10/16 下午 10:22:09 Create C:\WINDOWS\system32\winlbi32.dll Denied: KLSystemData/KLSystemFiles/SystemDll
2008/10/16 下午 10:22:09 Process start c:\windows\system32\cmd.exe Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc
2008/10/16 下午 10:22:14 Code intrusion c:\program files\internet explorer\iexplore.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcEmbed/KLCodeInject
2008/10/16 下午 10:22:14 Code intrusion c:\program files\internet explorer\iexplore.exe Denied: KLPrivileges/KLPermissionAppAccess/KLPermissionProcEmbed/KLCodeInject
2008/10/16 下午 10:22:14 Process start c:\documents and settings\administrator\local settings\temp\twe3.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc
2008/10/16 下午 10:22:15 Process start c:\documents and settings\administrator\desktop\keygen.bat Allowed: KLPrivileges/KLPermissionAppAccess/KLPermissionProcManage/KLStartProc
Internet Explorer (events: 2)
2008/10/16 下午 10:22:10 Placed in group Trusted/MICROSOFT
2008/10/16 下午 10:22:11 Access to internal browser data Allowed: KLPrivileges/KLPermissionSystem/KLPermissionSysObjAccess/KLShellWindowsAcceess
[edit: removed link per the Participation Guidelines and Terms of Service. Link is still on file.]