Is this also a false positive?
Created at: 21:53:25 4-6-2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} -> Adware.RogueSuspect : Ignored.


::Report end

Please send us an exported *.reg file of this detected Registry key:
http://www.ewido.net/en/malware/
Use for that the Windows Registry Editor (regedit.exe).

In the Windows Start menu click on 'Run' enter now regedit.exe and press OK.

Now search or go to the detected key (they look like folders in the Windows Explorer).

Now select only this detected key, right click and choose in the context menu the Option 'Export..', now choose your desktop and a good filename.

NOTE: Choose only the detected key for the export at the bottom of the 'Save as' dialog and not(!) ALL, this would export the whole Registry in huge files.

Hai Karl,
After i did this in a bat.file:
regedit /e sperwer.txt "HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}"
start notepad.exe sperwer.txt
exit
I Got this as a result:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}]
@="Implements DocHostUIHandler"

[HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}\LocalServer32]
@="D:\\WindowsXP_Compl.exe"


[HKEY_CLASSES_ROOT\CLSID\{3f2bbc05-40df-11d2-9455-00104bc936ff}\ProgID]
@="example.DocHostUIHandler"

Ps: I have send ewido the reg-file as roguesuspect.reg

Please send us now a copy of this WindowsXP_Compl.exe file. Thanks.

Hai Karl,
The file is on a dvd with a bundle of freeware with came with a magazine.
I don't think it is harmfull, but i send you a copy.
Many thanks sofar for helping me out!