Heere is some output from Gmer:
---- System - GMER 1.0.14 ----

SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcess [0xF7669662]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateProcessEx [0xF76696F6]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateSection [0xF76690A6]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwCreateThread [0xF7668F5C]
SSDT \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) ZwWriteVirtualMemory [0xF7668FDC]

Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[488] kernel32.dll!WriteFile 7C810D87 7 Bytes JMP 00C91B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1876] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs FSfilter.sys
AttachedDevice \FileSystem\Ntfs \Ntfs FSrec.sys

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SGEFLT.SYS (PnP Disk Filter Driver/Utimaco Safeware AG)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Processes - GMER 1.0.14 ----

Process hidden process (*** hidden *** ) 328

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

What I should do ?
Regards,

hijackthis.txt
Description:	Hijackthis log	Download
Filename:	hijackthis.txt
Filesize:	14.13 KB
Downloaded:	113 Time(s)

Any ideas ? I got only one sector changed no copy of MBR detected. But I got this unknow hidden process. Please help me. I don't know what to think about it.
Many Thanks

For this change MBR is responsible pre-boot authentication (PBA) software Now I know but how to idenify this hidden proces if it is safe or not ?

I suspect you are OK and that process maybe due to your SafeGuard disk encryption software. One of its features is that it makes a backup copy of your MBR when it is installed - in the event you experience MBR corruption. You also have many F-Secure processes and services running.

You can run another anti-rootkit program to see if that can identify the name of the hidden process, but first I'd like you to run a program that cleans out your temp files, and browser cache.

Please download ATF Cleaner by Atribune

• Close Internet Explorer and any other open browsers
  
• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.

• Click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click
• No at the prompt.

• Click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Running Rootkit Unhooker:

• Click SSDT- then click File --> Quick Report and save the information on that page.
  
• Click Shadow SSDT- then click File --> Quick Report and save the information on that page.
  
• Click Processes - then click File --> Quick Report and save the information on that page.
  
• Click Drivers- then click File --> Quick Report and save the information on that page.
  
• Click Stealth Code- then click File --> Quick Report and save the information on that page.
  
• Click Code Hooks Detector- then click File --> Quick Report and save the information on that page.
  
• Click Files- then click File --> Quick Report and save the information on that page.
  
• Then click the Report tab, followed by the Scan button to start scanning. Do not touch your computer or mouse during the scan.
  
• At the end of the scan save the report and post it back here in your next reply. (See Note)
  
• Reboot and re-enable all active protection.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

Hmm I have run several rootkit hunter programs and it show nothing now. I run gmer and the same. It was false positive. But thank you for your answer and your time.This post can be marked as closed.