I'm requesting your help because it's beyond my knowledge ;-)
I just "lost" a partition:
- I have a ssd with C: (system, win10 family x64. migrated from win7 about 1 month ago) and S: (data) partitions
+ a non-ssd disk for data (only 1 partition on this one).
Now, since 1h30, the S: partition isn't accessible any more, and even worse, it's displayed as unallocated on disk (info given by windows disk management + "MiniTool Partition Wizard Free").
The partition "disappeared" after a reboot that I did earlier, because the update of my tomtom gpy was stuck.
Since a few weeks, I have strange behaviours, I did many scans with different tools and even a system restore, but I still had strange behaviours.
And now there's this partition just lost.
So I don't know if it's a big win10 bug or hardware failure, or a problem due to virus/malware.
I find it complicated, because now I don't know which tools I can trust, and what to do to be sure it's clean.
My first priority, if you can help for this, would be to be able to recover the partition which disappeared, because I had very important emails on it, that I did not backup-ed these last days.
Yet I didn't do anything on this partition (no tool used except "MiniTool Partition Wizard Free" just to look at the disk status), to maximize chances to recover it.
Here are the tools that I used to check for virus/malware: (note: since I'm fighting with this since weeks, for some tools I don't remember the results that they gave..)
- I have avira as antivirus. Note: these last days, what is strange and was a new behaviour, is that at windows startup, windows was complaining that no firewall was running. Normaly, now it's avira which drives (or replace, I don't know exactly...) the firewall. Now I often had to start it manually in the avira interface.
- Roguekiller. Here are the results for the scan that I ran at 21:00 today. If I run a second scan after fix, it's fine. But after rebooting, all the detected elements are back (excepted Firefox home page, I also fixed it manually to be sure...). In particular, I don't know if the Hidden.ADS is "normal" or is dangerous...
- CcCleaner. Tonight, I disabled it in the startup.
- Malwarebytes Anti-Malware. Tonight it doesn't detect anything. I also tried "Junkware removal tool" from them.
- Spybot-S&D Start Center
- Emsisoft Emergency Kit
- Kaspersky rescue scan (iso image and boot on disk and full scan)
- TDSSKiller (from Kaspersky) (nothing detected tonight)
What was really detected and I did:
- I don't remember which tool detected it, but "win32/Small.CA" was once reported. On the web, I found some info on how to look for it in folders and registry. After that, it was not detected any more.
- last week I noticed errors when opening windows task planifiaction (sorry I'm french, I hope it's the official name in windows in english...). I didn't open it before since I migrated to win 10, about 1 month ago, so I don't know since when these errors were here. It was suspicious because these tasks were badly configured, with crazy names and paths... I deleted them manually in the registry.
- I did a system restore 2 weeks ago, to go back with an earlier backup, on win 10 also. Unfortunately, I didn't make a backup right after migrating from win7 to win10. I also installed and used the opera browser for a while after win10 migration, and then the first strange behaviours appeared (slow web browsing, slow windows explorer sometimes...). I suspect Opera to be the entry point for a virus/malware for my machine (even if of course I have no proof of it, just an intuition...).
Note: I'm software scientist, so you can tell me some technical instructions, and I'll ask you if I don't understand. For example, I know how to modify the registry, but I don't do it if I'm sure about the effect (I know it can break windows or a software behaviour...).
-> Can you tell me if there's a chance to recover the disappeared parittion, and if yes with which tool?
-> then, can you help to be sure there's no virus or malware?
-> Or may the partition be disappeared for another reason than virus/malware?
Edit: regarding the ssd hardware, the C: smart status doesn't give any error. This ssd is not so old, CrystalDiskInfo says it's running since 4547 hours.
You can of course ask my to run any tool to help to find the issue(s).
Thanks in advance ;-)
Edited by ssebs, 03 April 2016 - 03:28 PM.