I was looking all the documentation trying to find out if the Terminate a process is logged.
Ya see.. I was looking at the process window and noticed a Russian Microsoft function in the process list. :o I was so freaked out, I terminated it immediately and then realized I didn't see where it was located. :-[
I found a log but it didn't contain the terminated process.
Yeah - I'm running anti-malware checks and scans but I'd like to be sure I caught the critter.
Thanks, MarjoryM
Did you check the prefetch files? Maybe you'll notice a file name in there that sounds like the one that was running. Then do a search for the file in windows search. You may then be able to locate the file?
I believe it did. I found an odd file that ended in gtye.exe with .PF. It said it was the Russian version of Microsoft Direct Play 8. I could find references to the gtye file as malware but neither MSE or Spybot detected it. I downloaded he trial version of Webroot and that found it. There were quite a few hooks in my registry too.
Thanks you so much for the suggestion. Without it I don't believe I would have found the problem.
As for logging terminated processes... I could do this I suppose, but I'm not sure how many people want or need it?
it be usefull to have a log of terminated processes
Ok, I will see what I can do.
Just add a "Log User Terminated Processes" as it already shows the ones PL terminates according to your personal rules.