I try to start regedit.exe, its window popup for 1 second and will close, program closes too. virus scan was made, all popup stopper are deactivated. (same problem with taskmanager and msconfig) - Ich starte regedit, es öffnet sich für eine Sekunde das entsprechende Fenster, Fenster und Programm wird geschlossen. System ist virenfrei, alle popup Stopper sind deaktiviert (soweit ich auf Tasks Zugriff habe, ich habe mit dem Taskmanager das gleiche Problem: kurzer Start - Programmende) Irgendwas defekt? Rechner überhitzt? (muss Tag und Nacht laufen: 24 Std*7 Tage/Woche * 52 Wochen/Jahr) Bei Virendesinfektion irgendwas zerstört? Oder Eigenheit von XP (Obergrenze von Programmen? Ich hab nun mal mehrere x00 von progs mit x00.000 files)

Try another virus scan here. If still ngative, please post a HijackThis log. You (I am 99% sure) have a virus/backdoor trojan. It is hard to get rid of without running an up-to-date virus scan in SAFE mode.
http://www.tomcoyote.org/hjt/ (http://housecall.antivirus.com/housecall/start_corp.asp>http://housecall.antivirus.com/housecall/start_corp.asp</a>

go)
and download 'Hijack This!'.
Unzip, double-click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, load it in Notepad, and copy its contents here.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

<a target="_blank" href=http://www.tweakxp.com/forum/>Bulldog@TweakXP</a>

here's the log:

Logfile of HijackThis v1.96.1
Scan saved at 20:32:02, on 17.08.2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\WINDOWS\System32\hphmon04.exe
H:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4 .exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DIKSBVSW.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
H:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Programme\PGP Corporation\PGP for Windows XP\PGPtray.exe
F:\Programme\PopupDummy!\PopupDummy! 2.74.EXE
H:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
D:\Programme\DiskeeperWorkstation\DKService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
E:\nero\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Sicherheit\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realevent.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
G:\dl3\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = C******* N***
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Programme\Mass Downloader\MDHELPER.DLL
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Sicherheit\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Sicherheit\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] H:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4 .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [InCD] E:\nero\InCD\InCD.exe
O4 - HKLM\..\Run: [dll driver] DIKSBVSW.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [NOMAD Detector] "F:\Programme\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: HyperSnap-DX 5.lnk = F:\Program Files\HyperSnap-DX 5\HprSnap5.exe
O4 - Startup: Kremlin Sentry.LNK = C:\Programme\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Startup: PopupDummy!.lnk = F:\Programme\PopupDummy!\PopupDummy! 2.74.EXE
O4 - Global Startup: Acrobat Assistant.lnk = H:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Programme\PKWARE\PKZIPO\PKTray.exe
O8 - Extra context menu item: Download &All using Mass Downloader - C:\Programme\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using &Mass Downloader - C:\Programme\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - D:\Programme\Softdigger\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRAMM\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: PopupDummy! (HKCU)
O9 - Extra 'Tools' menuitem: PopupDummy! (HKCU)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0361fda6ba2e711ea003/netzip/RdxIE601_de.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {C94BFF60-7315-11D2-A844-0060086FEFD7} (Internet Banking und Brokerage) - http://www.izb-hb.de/KSPK_Muenchen/SBrokerageinstV21.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A0CC19-8E87-46AF-A807-33B67FF70BA1}: NameServer = 62.155.254.208 194.25.2.129

Well, I'm surprised. I see no recognizable sign of the Backdoor Spybot Worm. There is much there I don't recognize though.
Does Task Manager and Msconfig both work?

<a target="_blank" href=http://www.tweakxp.com/forum/>Bulldog@TweakXP</a>

No, regedit and msconfig and taskmanager didn't work, but in the meantime I found an antivirus-prg (PC-cillin) which recognized a worm. It's this Spybot worm you mentioned. Before PC-cillin I used Norton and McAfee, both didn't recognize this worm. I think I have to use three or more different antivirus-prg to be sure that all viruses are found.
you can find one file (C:\WINDOWS\System32\DIKSBVSW.EXE) in the log-file containing backdoor Spybot worm. It was really a hard work to kill this virus without using regedit or taskmanager, but now regedit is working again! (source of this virus attack was kazaa, but I need it for my turkish friends - turkish pop mp3) thanks for your help

For future reference, you are able to open Taskmanager, regedit and msconfig in safe mode.
AND
you are able to open them in normal mode if you copy their .exe files to the desktop or My Documents and give them a .com extension.
They will then execute and stay open.

<a target="_blank" href=http://www.tweakxp.com/forum/>Bulldog@TweakXP</a>

You may want to try this. There were several people reporting the same problem just as the worm breakout occurred and running this fix resolved the exe problem.

<a target="_blank" href=http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip>http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip</a>

Cheers
Andy