On your computer, tens of hidden processes might run silently in the background. Some consume system resources, radically slowing your PC. Other useless processes contain spyware and Trojans - at least violating your privacy. This process and DLL library is a great free resource for anyone who wants to know the exact purpose of every process.

http://process-dll.com/pd/index.php

It's pretty good, but it needs a search feature instead of having to use Ctrl-F.
Sure it tells you handy information about processes like svchost.exe but it doesn't tell you why on your Vista you have all of your svchost.exe's taking 200MB of RAM.

Also check out:

http://www.processlibrary.com/

Article "How to Clean Up a Windows Spyware Infestation":
http://www.codinghorror.com/blog/archives/000888.html

Edit:
I just found one more Internet resource for this. Follow these instructions:
1) Identify the base name of the suspicious file (e.g. mdm.exe or secdrv.sys) - base name is the opposite of a fully qualified name (which means that the base name does not include the full path).
2) Create a link by filling in this base name as follows:
www.neuber.com/taskmanager/process/<base-name-of-suspicious-file>.html

Examples:
http://www.neuber.com/taskmanager/process/mdm.exe.html
http://www.neuber.com/taskmanager/process/secdrv.sys.html

It's a mix of comments in both English and German, but it's very interesting because even as those comments are filtered and moderated, you still get some useful feedback from people who were burned badly by some of these pieces of malware.

I am a little bit cautious about recommending the download of anything from a site that ends in .ru, but today I was in a brave mood and I downloaded the so-called "Hidden Processes Detector - Process Walker" from:
http://rkunhooker1.narod.ru/
The site looks like a legit rootkit detection / removal project.
I scanned pwalker.exe using my standalone virus scanner and I ran it through http://www.virustotal.com/ - it came out almost clean. I say "almost clean" because out of 31 virus scanning engines, only one thinks it's a suspicious file - Panda.

The output of pwalker.exe is a list of processes running on your computer, along with an indication whether it's a visible or hidden process.

However, I have to say that this program leaves autorun entries in the registry, which I had to manually go in and remove afterwards.

This post has been edited by dserban: Sep 10 2007, 12:56 PM

bookmarked^2 . About the svchost process, try Process Explorer, if you hover over one of the many svchost.exe processes, then it'll show you which service it's hosting:


This post has been edited by wutske: Sep 9 2007, 08:42 PM

sure, and dserban you can download process explorer of here : http://www.microsoft.com/technet/sysintern...ssexplorer.mspx

The trick about scvhost is it should only run under system credentials. That is when you view the Task Manager and look at the User Name (view > select columns.. if you don’t see it), you should only see SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. If you ever see your logged on user name then you have a problem.