GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2016-02-09 16:47:34
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\0000002c TOSHIBA_THNSNJ256GCSU rev.JURA0101 238,47GB
Running: cznb9iq6.exe; Driver: C:\Users\Sobie\AppData\Local\Temp\kwxdruod.sys


---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [1052:1176]                                                                                                                                                                                                                    fffff961d6924060
---- Processes - GMER 2.1 ----

Process  C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (*** suspicious ***) @ C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe [3592](2016-02-06 15:06:50)             0000000000a90000
Library  C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe [3592](2016-02-06 15:06:50)  0000000071a70000
Library  C:\Users\Sobie\AppData\Local\MyComGames\zlib1.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508](2016-02-07 14:37:20)                                                                                                  000000006fd50000
Library  C:\Users\Sobie\AppData\Local\MyComGames\devil.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508] (DevIL: A portable image library in development/Abysmal Software)(2016-02-07 14:37:19)                                000000006fc00000
Library  C:\Users\Sobie\AppData\Local\MyComGames\pxd.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508](2016-02-07 14:37:19)                                                                                                    000000006fbe0000
Library  C:\Users\Sobie\AppData\Local\MyComGames\libcurl.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508] (libcurl Shared Library/The cURL library, http://curl.haxx.se/)(2016-02-07 14:37:19)                                000000006fb80000
Library  C:\Users\Sobie\AppData\Local\MyComGames\7zxa.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508] (7z Standalone Extracting Plugin/Igor Pavlov)(2016-02-07 14:37:19)                                                     0000000010000000
Library  C:\Users\Sobie\AppData\Local\MyComGames\Chrome\3.2454.1317\libcef.dll (*** suspicious ***) @ C:\Users\Sobie\AppData\Local\MyComGames\MyComGames.exe [2508](2015-08-26 09:18:40)                                                                              000000005aab0000

---- Services - GMER 2.1 ----

Service  C:\Windows\system32\drivers\bsdriver.sys (*** hidden *** )                                                                                                                                                                                                   [SYSTEM] bsdriver   <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----