Looking for ill-named processes is not a bad idea, but what about a hacker that name is trojan like WINLGEXEC.exe or w2kreport.exe ?

Another idea is to take another computer, with a portscanner...