Mdm.exe przestał działać, skaczące użycie procesora

Ickam · 27 Kwiecień 2015 14:14

Cześć,

Acorus · 27 Kwiecień 2015 15:35

Otwórz notatnik systemowy i wklej:

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File ==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File ==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File ==== ATTENTION
Task: {43527FFC-0785-4145-946A-0D39B7737CB5} - System32\Tasks\Binkiland = C:\Users\Ick\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-23] () ==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File ==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File ==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File ==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File ==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File ==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File ==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File ==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File ==== ATTENTION
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File ==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File ==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File ==== ATTENTION
Task: {C228A124-0EDD-4ED7-B6C9-70551552906D} - System32\Tasks\MdmUpdateTaskMachineCore = C:\Users\Ick\AppData\Roaming\WinRAR\Caches\mdm [2015-04-20] ()
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - \Microsoft\Windows Defender\MpIdleTask No Task File ==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File ==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File ==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File ==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File ==== ATTENTION
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask No Task File ==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File ==== ATTENTION
Task: C:\Windows\Tasks\Binkiland.job = C:\Users\Ick\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe ==== ATTENTION
HKLM-x32\...\Run: [] = [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] ===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1989798796-251257113-208191931-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4q={searchTerms}a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4q={searchTerms}a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir=
SearchScopes: HKU\S-1-5-21-1989798796-251257113-208191931-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4q={searchTerms}a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir=
SearchScopes: HKU\S-1-5-21-1989798796-251257113-208191931-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4q={searchTerms}a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir=
CHR StartupUrls: Default - "", "hxxp://binkiland.com/?f=7a=bnk_ir_15_09cd=2XzuyEtN2Y1L1QzutB0E0DtDyD0A0DyEtC0D0CyBtB0FyE0AtN0D0Tzu0StCtCyEzytN1L2XzutAtFzztFtCtFtDtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0EtB0DyEzytGtAtC0C0AtGzzyBtC0DtG0AzytDyBtGyEtB0DtC0CyBtB0FyC0C0AtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0E0D0A0B0EtCtG0C0AtC0EtGyE0C0EyBtGzytA0DzytG0E0DtA0A0FzztCtBzy0F0CtD2QtN1B2Z1V1T1S1NzuyDtCyCcr=1866653377ir="
U4 DPS; No ImagePath
U3 ehRecvr; No ImagePath
U3 ehSched; No ImagePath
U4 Fax; No ImagePath
U4 idsvc; No ImagePath
U4 JavaQuickStarterService; No ImagePath
U4 Mcx2Svc; No ImagePath
U4 MozillaMaintenance; No ImagePath
U4 nvUpdatusService; No ImagePath
U4 RemoteRegistry; No ImagePath
U4 SCardSvr; No ImagePath
U4 SCPolicySvc; No ImagePath
U4 SDRSVC; No ImagePath
U4 TabletInputService; No ImagePath
U4 WdiServiceHost; No ImagePath
U4 WdiSystemHost; No ImagePath
U4 WinRM; No ImagePath
U4 WPCSvc; No ImagePath
U4 wscsvc; No ImagePath
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.