How to recover files encrypted by ransomware

I have been using AVAST for the past few years. Everything was fine until yesterday when my computer was attacked by a ransomware.
Below is the message posted all over my folders. All my data files - word, powerpoint, excel, pictures were all encrypted and unable to access.
Not sure how the ransomware get into my computer since it is supposed to be protected by AVAST.
What should I do and how can I recover my files? Can someone help?
Thanks!
BravoLee

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption with AES
More information about the encryption keys using AES can be found here: http://en.wikipedia.org/wiki/AES

How did this happen ?
!!! Specially for your PC was generated personal AES KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

  1. http://yyre45dbvn2nhbefbmh.begumvelic.at/16B355CBA5CCA55
  2. http://uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com/16B355CBA5CCA55
  3. http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/16B355CBA5CCA55
    If for some reasons the addresses are not available, follow these steps:
  4. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
  5. After a successful installation, run the browser
  6. Type in the address bar: xlowfznrg4wf7dli.onion/16B355CBA5CCA55
  7. Follow the instructions on the site.

---------------- IMPORTANT INFORMATION------------------------
--* Your personal pages:
http://yyre45dbvn2nhbefbmh.begumvelic.at/16B355CBA5CCA55
http://uiredn4njfsa4234bafb32ygjdawfvs.frascuft.com/16B355CBA5CCA55
http://gwe32fdr74bhfsyujb34gfszfv.zatcurr.com/16B355CBA5CCA55
--* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/16B355CBA5CCA55

Not sure how the ransomware get into my computer since it is supposed to be protected by AVAST.
100% detection/protection doesn't exist. The disease comes always before the cure ;)

First thing to do is removing all malware from your system.
Follow the instructions and attach the requested log files.
http://forum.avast.com/index.php?topic=53253.0

As for your files, I have some decrypting tools on my website listed ( http://www.ache.nl )
You can try them, but if they don’t succeed your files are lost.
That is why having a clean (recent) backup important.

My Malwarebytes scan log is attached.
Seems like Malwarebytes scan is able to detect more stuffs than the AVAST scan.

For decrypt of files, which program is recommended?
Tks.

The important logs are the two diagnostic logs from FRST (farbar recovery scan tool) second picture in the guide

Seems like Malwarebytes scan is able to detect more stuffs than the AVAST scan.
Yes a nice PUP collection .... have you turned on avast PUP detection? as it is default off
Seems like Malwarebytes scan is able to detect more stuffs than the AVAST scan.
No, it is not. MBam only checks executables (extension doesn't matter), while avast is checking a lot more file types and other things.

I have attached the 2 file on FRST and Addition. Tks.

How was the crypto malware delivered ? Was it an -mail attachment ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-3806476184-3308510765-1863361483-1000 -> No Name - {00000000-0000-0000-0000-000000000000} - No File Toolbar: HKU\S-1-5-21-3806476184-3308510765-1863361483-1000 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3282698&SearchSource=48&CUI=UN31913221533092748&UM=2 2016-03-01 03:21 - 2013-02-23 10:18 - 00000000 ____D C:\Users\Lee\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2016-03-01 03:13 - 2014-02-07 18:08 - 00000000 ____D C:\Users\Lee\AppData\Local\Conduit 2016-03-01 03:13 - 2012-12-28 17:13 - 00000000 ___HD C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3} CMD: del /F /Q /S "C:\_RECoVERY_+eseop.txt" CMD: del /F /Q /S "C:\_RECoVERY_+eseop.html" CMD: del /F /Q /S "C:\_RECoVERY_+eseop.PNG" CMD: del /F /Q /S "C:\_RECoVERY_+eseop.URL" Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.