Split each service to run in its own SVCHOST.EXE process and the service consuming the CPU cycles will be easily visible in Task Manager or Process Explorer (the space after "=" is required):
SC Config Servicename Type= own
Do this in a command line window or put it into a BAT script. Administrative privileges are required and a restart of the computer is required before it takes effect.
The original state can be restored by:
SC Config Servicename Type= share
Example: to make Windows Management Instrumentation run in a separate SVCHOST.EXE:
SC Config winmgmt Type= own
This technique has no ill effects, except perhaps increasing memory consumption slightly. And apart from observing CPU usage for each service it also makes it easy to observe page faults delta, disk I/O read rate and disk I/O write rate for each service. For Process Explorer, menu View/Select Columns: tab Process Memory/Page Fault Delta, tab Process Performance/IO Delta Write Bytes, tab Process Performance/IO Delta Read Bytes, respectively.
On most systems there is only one SVCHOST.EXE process that has a lot of services. I have used this sequence (it can be pasted directly into a command line window):
rem 1. "Automatic Updates"
SC Config wuauserv Type= own
rem 2. "COM+ Event System"
SC Config EventSystem Type= own
rem 3. "Computer Browser"
SC Config Browser Type= own
rem 4. "Cryptographic Services"
SC Config CryptSvc Type= own
rem 5. "Distributed Link Tracking"
SC Config TrkWks Type= own
rem 6. "Help and Support"
SC Config helpsvc Type= own
rem 7. "Logical Disk Manager"
SC Config dmserver Type= own
rem 8. "Network Connections"
SC Config Netman Type= own
rem 9. "Network Location Awareness"
SC Config NLA Type= own
rem 10. "Remote Access Connection Manager"
SC Config RasMan Type= own
rem 11. "Secondary Logon"
SC Config seclogon Type= own
rem 12. "Server"
SC Config lanmanserver Type= own
rem 13. "Shell Hardware Detection"
SC Config ShellHWDetection Type= own
rem 14. "System Event Notification"
SC Config SENS Type= own
rem 15. "System Restore Service"
SC Config srservice Type= own
rem 16. "Task Scheduler"
SC Config Schedule Type= own
rem 17. "Telephony"
SC Config TapiSrv Type= own
rem 18. "Terminal Services"
SC Config TermService Type= own
rem 19. "Themes"
SC Config Themes Type= own
rem 20. "Windows Audio"
SC Config AudioSrv Type= own
rem 21. "Windows Firewall/Internet Connection Sharing (ICS)"
SC Config SharedAccess Type= own
rem 22. "Windows Management Instrumentation"
SC Config winmgmt Type= own
rem 23. "Wireless Configuration"
SC Config WZCSVC Type= own
rem 24. "Workstation"
SC Config lanmanworkstation Type= own
rem End.
Best Answer
You're looking for a firewall. Most firewalls of today are configured to disallow incoming connections, but you can just as easily configure them to block outbound connections as well. Windows includes a free firewall that you merely have to enable, called, appropriately enough, "Windows Firewall."
You want to disallow everything except a list of what you want to be able to get through--this is called a "whitelist." The Windows firewall doesn't make this very simple, but it is possible. Check out the Super User thread over here for details. Alternatively, just install a better firewall, and configure it to prompt you for outgoing traffic.