help me please URGENT!!! BIG PROBLEM NEED HELP A.S.A.P.

You already posted this output. Could you try the other command that I had given above?

You do seem to have a lot of processes running. Whenever you're dealing with a problem, it's best to close all other programs, for example, in your case, Yahoo Messenger and Winamp Agent.

Also, you seem to have a lot of svchost processes running - that may be a bad sign, since many viruses use that name.

so far there are still no threast but somthing was changed
file======Result/Infection====Path
shell32======change===========C:/Windows/system32/shell32.dll
ntoskrnl=====change===========C:/Windows/system32/ntoskrnl.exe
is that godd???

A change to those two files doesn't sound good - one is the OS kernel and the other deals with most of the stuff on your desktop - I think you should post a HJT log - see this post

this is the second command and i already closed yahoo and winamp

C:\Windows\system32>reg query "hklm\software\microsoft\windows nt\currentversion
\winlogon"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe C:\WINDOWS\Config\csrss.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x80000027
AutoLogonCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExten
sions
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\AutoLog
onChecked

C:\Windows\system32>

so what must I do to it??

That explains it - you do have a virus. The "Shell" value is supposed to be Explorer.exe but it's Config\csrss.exe. Download this utility and run it. Then, open task manager and kill csrss.exe - there might be two of them, one belongs to Windows and the other is the virus.

how to kill them??

Go to the Processes tab in Task Manager, find csrss.exe and click End Process.

its says access denied

That one belongs to Windows. Is there only one csrss.exe? Try killing all of them.

you said theres two i think its winlogon.exe i think its the 2nd virus

That's also part of Windows, unless there's more than one winlogon too.
Many viruses use the names of existing Windows programs such as csrss, lsass, userinit, winlogon, svchost.

i tried to click "Show proccesses from all user then there are two of or crss.exe,one winlogon,one lsass and almost 15 svchost i tried to end one of th crss then the pc shut down and restrat

Well, did you run the utility I posted? Since you mentioned your computer restarted anyway, did the desktop come back?

no the deskytop did not appear