Accepted DEFENSE+ popup by mistake, file modified NVIDIA registry??

[Guest]

[kendoka15]

Hi, I downloaded a keygen off of some website, and so I had to turn off the antivirus part of CIS, and when I opened it, DEFENSE+ asked me if this file was ok to modify whatever (I didn't read, thinking it was the usual with keygens) and now that I look at it, it did these three modifications:

1.
Flag: Modify key, suspicious
Application: crd.exe
Target: HKLM\SYSTEM\ControlSet001\services\eventlog\Application\NVIDIA OpenGL Driver\TypesSupported
In this registry file: 7

2.
Flag: Modify key, suspicious
Application: crd.exe
Target: HKLM\SYSTEM\ControlSet001\services\eventlog\Application\NVIDIA OpenGL Driver\EventMessageFile
In this registry file: %SystemRoot%\System32\nvoglv64.dll

3.
It says the same as 2.

I scanned my registry with comodo and Malwarebyte's antimalware, it comes up clean.

It also seems that the same moment as the third modification, Logitech Setpoint decided to "access memory" to comodo's cfp file.

Were these changes harmless, or should I be worried? I've had some bad experiences with worms in the past

Thanks in advance

[clockwork]

.... and so I had to turn off the antivirus

NO
Think about it.

You had to disable the antivirus, because you wouldnt have been infected otherwise. It wasnt YOUR interest that has been described in this need.

I've had some bad experiences with worms in the past

Because you didnt learn from them.


Edit: Succesfully installed nasties could be not detectable anymore by (installed) antivirus programs.

[Ronny]

My gut feeling tells me rootkit infection, you can try TDSS killer from this page here http://support.kaspersky.com/viruses/utility
And hitmanpro from http://www.surfright.nl/en

If it's a good rootkit you won't find it though on a live system, then you need an offline bootdisk and good knowledge of PC and rootkits to remove it.

[Tags:]