SvcHost nimmt 100% der CPU. Es scheint entweder DcomLaunch oder TermService-Virus zu sein?

Also nimmt mein SvcHost plötzlich 100% meiner CPU und ich möchte herausfinden, welcher Dienst dafür verantwortlich ist. Gibt es eine Möglichkeit, die Last zu unterscheiden, die von mehreren Diensten generiert wird, die in einem einzelnen SvcHost ausgeführt werden?

Habe ich einen Virenscan durchzuführen und es kam saubere mein Werkzeug ist alt und überholt, so dass es nichts gefunden.

Ich habe versucht, durch die Dienste zu gehen und sie einzeln zu stoppen, aber ich konnte den Schuldigen nicht finden (beachten Sie, dass einige Dienste auch automatisch neu gestartet werden und ich sie nicht deaktivieren wollte).

Update: Ich habe letzte Nacht Process Explorer verwendet, aber es gab viele Dienste, von denen einige nicht gestoppt werden konnten, im beleidigenden SvcHost. Heute habe ich auf Vorschlag von Heavyd noch einmal nachgesehen und Glück gehabt, weil heute nur zwei Dienste im beleidigenden SvcHost sind.

DcomLaunch - DCOM-Server-Prozessstart

TermService - Terminal Leistungen

Von denen keiner stoppbar ist. Ich bin auf dem Laufenden über Windows-Updates. Läuft ein anderes Viren-scan - für das heck von ihm, obwohl nichts tauchte Letzte Nacht. Vielleicht ist es Zeit für einen Neuanfang (diese Installation stammt aus dem Jahr 2004).

Update: Definitiv ein Virus. Nach dem letzten Neustart wurde die CPU-Auslastung gelöscht, aber beim Booten wurden einige seltsame Meldungen über" Sicherheitssoftware installiert " angezeigt, seltsamerweise benannte Prozesse (z. B. 555573478785.exe) und verdächtige Schlüssel zu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run hinzugefügt, die letzte Nacht nicht da waren.

Symantec AntiVirus Corporate 8.1.0.825 hat einige Warnungen ausgegeben, aber es scheint nicht alles abzufangen: - (

Malwarebytes' Anti-Malware Ergebnisse:

Malwarebytes' Anti-Malware 1.44
Database version: 3763
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2010 12:12:58 PM
mbam-log-2010-02-19 (12-12-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 290960
Time elapsed: 1 hour(s), 23 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\kbabjtm.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: kbabjtm.dll  -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\55533526 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\kbabjtm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp\~TM17.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM466.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\mach\Local Settings\Temporary Internet Files\Content.IE5\2WE7TOVW\load[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\mach\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\mach\Start Menu\Programs\Startup\monnid32.exe (Trojan.Bredolab) -> Delete on reboot.

Zweite scan-Ergebnisse:

Malwarebytes' Anti-Malware 1.44
Database version: 3763
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2010 1:54:07 PM
mbam-log-2010-02-19 (13-54-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 290753
Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0D9A148D-2E7E-411F-8807-407114206A75}\RP2138\A0129104.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D9A148D-2E7E-411F-8807-407114206A75}\RP2138\A0129105.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Update: Nach ein paar weiteren Scans sieht es so aus, als hätte mein PC keinen Virus mehr.

Vielen Dank an alle!