SvcHost übernimmt 100% der CPU. Es scheint entweder DcomLaunch oder TermService-Virus zu sein?

Mein SvcHost nimmt also plötzlich 100% meiner CPU ein, und ich möchte herausfinden, welcher Dienst dafür verantwortlich ist. Gibt es eine Möglichkeit, die Last zu differenzieren, die von mehreren Diensten generiert wird, die in einem einzigen SvcHost ausgeführt werden?

Ich habe einen Virenscan ausgeführt und es war sauber, mein Tool ist alt und veraltet, sodass es nichts gefunden hat.

Ich habe versucht, die Dienste schrittweise durchzugehen und sie nacheinander anzuhalten, aber ich konnte den Täter nicht finden (einige Dienste werden auch automatisch neu gestartet und ich wollte sie nicht deaktivieren).

Update: Ich habe gestern Abend den Process Explorer verwendet, aber es gab viele Dienste, von denen einige nicht gestoppt werden konnten, im anstößigen SvcHost. Heute habe ich noch einmal den Vorschlag von heavyyd geprüft und habe Glück gehabt, weil heute nur noch zwei Dienste im beleidigenden SvcHost sind.

DcomLaunch - DCOM Server Process Launcher

TermService - Terminaldienste

Keiner von denen ist aufzuhalten. Ich bin über Windows-Updates auf dem Laufenden. Ich werde einen weiteren Virenscan ausführen , obwohl nichts in der letzten Nacht aufgetaucht ist . Vielleicht ist es Zeit für einen Neustart (diese Installation stammt aus dem Jahr 2004).

Update: Auf jeden Fall ein Virus. Nach dem letzten Neustart sank die CPU-Auslastung, aber beim Start wurden einige "Security Software Installed" -Nachrichten mit merkwürdig benannten Prozessen angezeigt 555573478785.exe, und verdächtige Schlüssel wurden hinzugefügt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, die gestern Abend nicht vorhanden waren.

In Symantec AntiVirus Corporate 8.1.0.825 wurden einige Warnungen angezeigt, aber es scheint nicht alles aufzufangen :-(

Malwarebytes Anti-Malware- Ergebnisse:

Malwarebytes' Anti-Malware 1.44 Database version: 3763 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702  2/19/2010 12:12:58 PM mbam-log-2010-02-19 (12-12-58).txt  Scan type: Full Scan (C:\|D:\|) Objects scanned: 290960 Time elapsed: 1 hour(s), 23 minute(s), 54 second(s)  Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 25 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 6  Memory Processes Infected: (No malicious items detected)  Memory Modules Infected: C:\WINDOWS\kbabjtm.dll (Trojan.Hiloti) -> Delete on reboot.  Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.  Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.  Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kbabjtm.dll -> Delete on reboot.  Folders Infected: C:\Documents and Settings\All Users\Application Data\55533526 (Rogue.Multiple) -> Quarantined and deleted successfully.  Files Infected: C:\WINDOWS\kbabjtm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\Temp\~TM17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~TM466.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\mach\Local Settings\Temporary Internet Files\Content.IE5\2WE7TOVW\load[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\mach\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\mach\Start Menu\Programs\Startup\monnid32.exe (Trojan.Bredolab) -> Delete on reboot. 

Zweite Scanergebnisse:

Malwarebytes' Anti-Malware 1.44 Database version: 3763 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702  2/19/2010 1:54:07 PM mbam-log-2010-02-19 (13-54-07).txt  Scan type: Full Scan (C:\|D:\|) Objects scanned: 290753 Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)  Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2  Memory Processes Infected: (No malicious items detected)  Memory Modules Infected: (No malicious items detected)  Registry Keys Infected: (No malicious items detected)  Registry Values Infected: (No malicious items detected)  Registry Data Items Infected: (No malicious items detected)  Folders Infected: (No malicious items detected)  Files Infected: C:\System Volume Information\_restore\RP2138\A0129104.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\System Volume Information\_restore\RP2138\A0129105.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. 

Update: Nach ein paar weiteren Scans sieht es so aus, als hätte mein PC keinen Virus mehr.

Vielen Dank an alle!