Today I've found an executable file named "000.exe" and my friend accidentally clicked on it, and the result is some of registry file has been changed. Well, I know that because the task manager has been locked for some reason, I just want to check the process the file created (since my Avira didn't detect any virus for it).
I unlocked the task manager by doing registry edit from run command (check there how to get to a run command), then regedit (fortunately, it's not disabled). Search for "DisableTaskMgr" by hitting F3, and then change the value into 0. And there.... you can see your task manager once again.
I checked on the processes, but It seems doesn't have anything suspicious, I even use "HijackThis" to check through the hidden process and use CCleaner to see anything suspicious in my startup options.
So far, I don't see anything yet.... I decided to do some search on google about how to see/trace any executable file create or changes in your system. And finally I got an answer of my need. I found this great site.
