If I would have a running virus on my system, would I be able to see the process in taskmanager? I mean, would it be possible for a running virus to circumvent the taskmanager so the process doesn't appear in the tasklist of windows7?
Or in other words. If I really now all the processes in taskmanager to be secure, I also know that my PC is clean?
No, not usually. It is possible for Task Manager (and other parts of the operating system) to themselves be compromised, thus hiding the virus. This is called a rootkit.
If I really now all the processes in taskmanager to be secure
You can never know all the processes in taskmanager to be secure. Viruses use names of system components for a reason, sometimes even displacing them.
Use an antivirus.
An antivirus detects only so and so much ("During 4Q11, 33 percent of Web malware encountered was zero-day malware not detectable by traditional signature-based methodologies at the time of encounter", source: http://blogs.cisco.com/security/cisco-4q11-global-threat-report/ ).
With a bit of training you can detect some malware because they behave in a certain way that is a bit off to whats usual on the OS. It might be more network traffic, more cpu usage, strange disk accesses or something else. Malware are not only available as single binaries which are detectable via a taskmanager but also as dynamic libraries (dll) attached to other processes.
You can get clues about what is running on your system with a taskmanager like Process Explorer from the Sysinternal Suite, and you can watch things happen on your system with something like Process Monitor of the same suite. Get used to the tools and watch for signs of "strangeness":
(The "strange" part is the training you need in order to distinguish between "that's normal" and "that is strange")
The author of the Sysinternal Suite shows some clever ways to use the above mentioned tools:
https://www.youtube.com/watch?v=7heEYEbFim4
So, yes, you can detect some of the malware with a decent task manager. The less sophisticated the malware is, the easier it will be to detect. If the malware tries to detect the use of task managers like Process Explorer you might need to even take advanced steps such as using a different "Session" to detect strange behavior but it is still possible.
It is not possible to detect virus from task manager.
There are several kind of virus. Virus, Trojan, rootkit, adware/puk etc. Some virus hide themselves from task manager.So, it doesn't appear in task manager.
I would suggest you to stop looking in task manager and install antivirus.
How can I: Access Windows® Event Viewer?
Viruses are quite sophisticated nowadays. That means that they may hide themselves from Task Manager, run multiple copies of themselves (in case one copy gets taken down), and many more tricks. By definition, viruses also inject themselves to system processes in order to conceal themselves.
Malware in general can usually be detected pretty easily just by identifying an unusual process that's running. But viruses specifically usually can only be identified by their payload injected onto the target process.
So an antivirus is really the only thing that can accurately detect... well... a virus!
It is possible to have task manager compromised so that it cannot display the virus, however it would have to have infected task manager as not even ntoskrnl (the windows kernel) is hidden from task manager. For some older viruses on windows XP and windows 2000 there might have been an obvious process but on windows seven and up, it would probably hide itself.
From a programmer's perspective, I would suggest your try learning programming using windows API, and further more - API hooks.
The OS kernel keeps a table of these native API functions which you need to identify and hook into. Your hook will then redirect and modify/filter the output. This piece of code has to run on kernel-space, and in order for you to control it (i.e. load/stop), you'd have to have a piece of software on the user-space as well. Although these are possible on the user-space as well, it will most likely be flagged by modern AVs as some sort of malicious activity.
The approach would be to hook a piece of code to intercept API calls (i.e.NtQueryDirectoryFile()) such that you modify/filter the output - sort of man-in-the-middle approach. Processes running on user-space(i.e. TaskManager,Windows Explorer,Process Explorer), will just display the filtered output provided by your hook... And NO, ACLs has no power on this layer
Of course, modern AVs has pieces of code running on kernel-space too, and/or PATTERN MATCHING (remember when AV updates are called AV Patterns Update? ) - to detect and prevent such malicious hooks.
