Let’s start with a Windows Vista scenario. Here is what you usually see when you go to task manager in Windows Vista
Hint 1: to get into task manager you either need to press Ctrl-Shift-Esc or click Windows Start button and type taskmgr in search box and press Enter.
Hint 2: usually when you initially get into Windows Task Manager you won’t see any svchost.exe processes since in default mode task manager will only should processes running under your current user name. To show all processes running you need to click “Show processes from all users” button in left bottom corner of the windows.
Next step you need to do is to find out what is running under certain svchost.exe process name. To get to this information you need to click right mouse button on a certain svchost.exe process in Task Manager and then select “Go to service(s)” in the popup menu.
After selecting “Go to service(s)” item you will be transferred to the Services pane of Task Manager where you will see all services running under this svchost.exe process highlighted. You can then scan this list to figure out if something in this list looks suspicious.
You could also perform an opposite operation and figure out what process runs certain windows service by clicking right mouse button on a running service and selecting “Go To Process”.