Disorderstatus and differentia.ru

[REDACTED]

Hello!

I've started to getting popus from Avast telling me that I do have these malwares.

Would someone help me, please?

1st Popup:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe


2nd Popup:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[REDACTED]

About the mbam log, I've made two. The first one I did using the program in portugeuse and it accused a Trojan, the second one is in English and didn't accuse an error.
Both attached

Thank you for your attention

[Asyn]

OK, now you've to wait a bit...

[REDACTED]

That's fine, thank you so much. It's 02am in Brazil, so I'm going to sleep atm haha but I'm back as soon as I can.

Thank you again for your help anyway

[Asyn]

You're welcome, good night.

[essexboy]

Could you let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
2015-07-17 09:46 - 2015-06-15 18:16 - 74387072 ___SH () C:\ProgramData\msbnuznf.exe
C:\ProgramData\FileSplitUpLoad.dll
C:\ProgramData\msbnuznf.exe
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\msbnuznf.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that